Tieming Chen,Xuebo Qiu,Zhengqiu Weng,Tiantian Zhu,Mingqi Lv,Keda Sun

DOI: https://doi.org/10.1155/2024/6964759

IF: 1.968

2024-11-08

Security and Communication Networks

Abstract:Anomaly detection is essential to ensuring system security and reliability. As one of the basic techniques in the cyberattack, the existing malicious traffic classification method has been facing diverse challenges such as insufficient samples, poor denoising ability, and weak generalization of the classification model. In this paper, we propose a novel method for detecting malicious HTTP traffic based on a framework (HTTPSmell; it refers to the sniffing of some network attacks launched by exploiting the HTTP protocol.)), and XSS dataset obtained from GitHub that automatically applies a deep learning model with high generalization ability even under a small training dataset. With HTTPSmell, we are able to achieve positive results from a semisupervised model that leverages the unsupervised data augmentation (UDA) and the keywords library avoidance (KLA)‐based data augmentation method that holds higher learning generalization, higher scenario coverage rate, and better detection efficiency in the smaller training samples. Finally, we demonstrate through comprehensive experiments in the realistic enterprise environment that HTTPSmell can achieve an accuracy of 96.77% for identifying complex and advanced cyberattacks, while only maintaining a constant 60 MB of memory and sustaining up to 27 k/s throughput.

computer science, information systems,telecommunications

Andrey Ferriyan,Achmad Husni Thamrin,Keiji Takeda,Jun Murai

DOI: https://doi.org/10.3390/electronics11050679

IF: 2.9

2022-02-23

Electronics

Abstract:Network-based intrusion detections become more difficult as Internet traffic is mostly encrypted. This paper introduces a method to detect encrypted malicious traffic based on the Transport Layer Security handshake and payload features without waiting for the traffic session to finish while preserving privacy. Our method, called TLS2Vec, creates words from the extracted features and uses Long Short-Term Memory (LSTM) for inference. We evaluated our method using traffic from three malicious applications and a benign application that we obtained from two publicly available datasets. Our results showed that TLS2Vec is promising as a tool to detect such malicious traffic.

engineering, electrical & electronic,computer science, information systems,physics, applied

Eirik Molde Bårli,Anis Yazidi,Enrique Herrera Viedma,Hårek Haugerud

DOI: https://doi.org/10.1016/j.comnet.2021.108399

IF: 5.493

2021-11-01

Computer Networks

Abstract:DoS and DDoS attacks have been growing in size and number over the last decade and existing solutions to mitigate these attacks are largely inefficient. Compared to other types of malicious cyber attacks, DoS and DDoS attacks are particularly challenging to combat. Because of their ability to mask themselves as legitimate traffic, it has proven difficult to develop methods to detect these types of attacks on a packet or flow level. In this paper, we explore the potential of Variational Autoencoders to serve as a component within an intelligent security solution that differentiates between normal and malicious traffic. The motivation behind resorting to Variational Autoencoders is that unlike normal encoders that would code an input flow as a single point, they encode a flow as a distribution over the latent space which avoids overfitting. Intuitively, this allows a Variational Autoencoder to not only learn latent representations of seen input features, but to generalize in a way that allows for an interpretation of unseen flows and flow features with slight variations. Two methods based on the ability of Variational Autoencoders to learn latent representations from network traffic flows of both benign and malicious traffic, are proposed. The first method resorts to a classifier based on the latent encodings obtained from Variational Autoencoders learned from traffic traces. The second method is an anomaly detection method, where the Variational Autoencoder is used to learn the abstract feature representations of exclusively legitimate traffic. Anomalies are then filtered out by relying on the reconstruction loss of the Variational Autoencoder. In this sense, the construction loss of the autoencoder is fed as input to a classifier that outputs the class of the traffic including benign and malign, and eventually the attack type. Thus, the second approach operates with two separate training processes on two separate data sources: the first training involving only legitimate traffic, and the second training involving all traffic classes. This is different from the first approach which operates only a single training process on the whole traffic dataset. Thus, the autoencoder of the first approach aspires to learn a general feature representation of the flows while the autoencoder of the second approach aims to exclusively learn a representation of the benign traffic. The second approach is thus more susceptible to finding zero day attacks and discovering new attacks as anomalies. Both of the proposed methods have been thoroughly tested on two separate datasets with a similar feature space. The results show that both methods are promising, with the classifier-based method being slightly superior to the anomaly-based one.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Yuqi Yu,Hanbing Yan,Hongchao Guan,Hao Zhou

DOI: https://doi.org/10.48550/arXiv.1810.12751

2018-10-30

Cryptography and Security

Abstract:In the Internet age, cyber-attacks occur frequently with complex types. Traffic generated by access activities can record website status and user request information, which brings a great opportunity for network attack detection. Among diverse network protocols, Hypertext Transfer Protocol (HTTP) is widely used in government, organizations and enterprises. In this work, we propose DeepHTTP, a semantics structure integration model utilizing Bidirectional Long Short-Term Memory (Bi-LSTM) with attention mechanism to model HTTP traffic as a natural language sequence. In addition to extracting traffic content information, we integrate structural information to enhance the generalization capabilities of the model. Moreover, the application of attention mechanism can assist in discovering critical parts of anomalous traffic and further mining attack patterns. Additionally, we demonstrate how to incrementally update the data set and retrain model so that it can be adapted to new anomalous traffic. Extensive experimental evaluations over large traffic data have illustrated that DeepHTTP has outstanding performance in traffic detection and pattern discovery.

Manoj Reddy Dareddy,Mahashweta Das,Hao Yang

DOI: https://doi.org/10.48550/arXiv.1908.08227

2019-08-22

Abstract:Recent years have witnessed a surge of interest in machine learning on graphs and networks with applications ranging from vehicular network design to IoT traffic management to social network recommendations. Supervised machine learning tasks in networks such as node classification and link prediction require us to perform feature engineering that is known and agreed to be the key to success in applied machine learning. Research efforts dedicated to representation learning, especially representation learning using deep learning, has shown us ways to automatically learn relevant features from vast amounts of potentially noisy, raw data. However, most of the methods are not adequate to handle heterogeneous information networks which pretty much represents most real-world data today. The methods cannot preserve the structure and semantic of multiple types of nodes and links well enough, capture higher-order heterogeneous connectivity patterns, and ensure coverage of nodes for which representations are generated. We propose a novel efficient algorithm, motif2vec that learns node representations or embeddings for heterogeneous networks. Specifically, we leverage higher-order, recurring, and statistically significant network connectivity patterns in the form of motifs to transform the original graph to motif graph(s), conduct biased random walk to efficiently explore higher order neighborhoods, and then employ heterogeneous skip-gram model to generate the embeddings. Unlike previous efforts that uses different graph meta-structures to guide the random walk, we use graph motifs to transform the original network and preserve the heterogeneity. We evaluate the proposed algorithm on multiple real-world networks from diverse domains and against existing state-of-the-art methods on multi-class node classification and link prediction tasks, and demonstrate its consistent superiority over prior work.

Social and Information Networks,Machine Learning

Xihe Jiang,Dan Meng,Fucheng Liu,Dongxue Zhang,Yu Wen,Xinyu Xing

DOI: https://doi.org/10.1145/3319535.3363224

2019-11-06

Abstract:Conventional attacks of insider employees and emerging APT are both major threats for the organizational information system. Existing detections mainly concentrate on users' behavior and usually analyze logs recording their operations in an information system. In general, most of these methods consider sequential relationship among log entries and model users' sequential behavior. However, they ignore other relationships, inevitably leading to an unsatisfactory performance on various attack scenarios. We propose log2vec, a heterogeneous graph embedding based modularized method. First, it involves a heuristic approach that converts log entries into a heterogeneous graph in the light of diverse relationships among them. Next, it utilizes an improved graph embedding appropriate to the above heterogeneous graph, which can automatically represent each log entry into a low-dimension vector. The third component of log2vec is a practical detection algorithm capable of separating malicious and benign log entries into different clusters and identifying malicious ones. We implement a prototype of log2vec. Our evaluation demonstrates that log2vec remarkably outperforms state-of-the-art approaches, such as deep learning and hidden markov model (HMM). Besides, log2vec shows its capability to detect malicious events in various attack scenarios.

Computer Science

Jiang Xie,Shuhao Li,Yongzheng Zhang,Xiaochun Yun,Jia Li

DOI: https://doi.org/10.48550/arXiv.2309.01174

2023-09-03

Networking and Internet Architecture

Abstract:Trojans are one of the most threatening network attacks currently. HTTP-based Trojan, in particular, accounts for a considerable proportion of them. Moreover, as the network environment becomes more complex, HTTP-based Trojan is more concealed than others. At present, many intrusion detection systems (IDSs) are increasingly difficult to effectively detect such Trojan traffic due to the inherent shortcomings of the methods used and the backwardness of training data. Classical anomaly detection and traditional machine learning-based (TML-based) anomaly detection are highly dependent on expert knowledge to extract features artificially, which is difficult to implement in HTTP-based Trojan traffic detection. Deep learning-based (DL-based) anomaly detection has been locally applied to IDSs, but it cannot be transplanted to HTTP-based Trojan traffic detection directly. To solve this problem, in this paper, we propose a neural network detection model (HSTF-Model) based on hierarchical spatiotemporal features of traffic. Meanwhile, we combine deep learning algorithms with expert knowledge through feature encoders and statistical characteristics to improve the self-learning ability of the model. Experiments indicate that F1 of HSTF-Model can reach 99.4% in real traffic. In addition, we present a dataset BTHT consisting of HTTP-based benign and Trojan traffic to facilitate related research in the field.

Eric L. Goodman,Chase Zimmerman,Corey Hudson

DOI: https://doi.org/10.48550/arXiv.2004.14477

2020-04-30

Abstract:One of deep learning's attractive benefits is the ability to automatically extract relevant features for a target problem from largely raw data, instead of utilizing human engineered and error prone handcrafted features. While deep learning has shown success in fields such as image classification and natural language processing, its application for feature extraction on raw network packet data for intrusion detection is largely unexplored. In this paper we modify a Word2Vec approach, used for text processing, and apply it to packet data for automatic feature extraction. We call this approach Packet2Vec. For the classification task of benign versus malicious traffic on a 2009 DARPA network data set, we obtain an area under the curve (AUC) of the receiver operating characteristic (ROC) between 0.988-0.996 and an AUC of the Precision/Recall curve between 0.604-0.667.

Machine Learning,Cryptography and Security

Lian Yu,Lihao Chen,Jingtao Dong,Mengyuan Li,Lijun Liu,Bai Zhao,Chen Zhang

DOI: https://doi.org/10.1109/compsac48688.2020.0-167

2020-01-01

Abstract:This paper proposes an approach that combines a deep learning-based method and a traditional machine learning-based method to efficiently detect malicious requests Web servers received. The first few layers of Convolutional Neural Network for Text Classification (TextCNN) are used to automatically extract powerful semantic features and in the meantime transferable statistical features are defined to boost the detection ability, specifically Web request parameter tampering. The semantic features from TextCNN and transferable statistical features from artificially-designing are grouped together to be fed into Support Vector Machine (SVM), replacing the last layer of TextCNN for classification. To facilitate the understanding of abstract features in form of numerical data in vectors extracted by TextCNN, this paper designs trace-back functions that map max-pooling outputs back to words in Web requests. After investigating the current available datasets for Web attack detection, HTTP Dataset CSIC 2010 is selected to test and verify the proposed approach. Compared with other deep learning models, the experimental results demonstrate that the approach proposed in this paper is competitive with the state-of-the-art.

Shang Wu,Yijie Wang

DOI: https://doi.org/10.1109/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00196

2021-09-01

Abstract:Attack payloads are often short segments hidden in HTTP requests; thus they can be found by HTTP payload anomaly detection. Deep learning models learn data features during training without manual feature extraction, and better performance has received more attention. Recurrent Neural Network models process sequences directly, which are widely used in payload anomaly detection. However, due to the gradient vanishing problem, RNN has limits on processing the long sequences. Meanwhile, RNN uses its final hidden state for detection and pays more attention to the content of the end of the payload. Besides, deep learning generally lacks interpretability. The paper proposes an unsupervised deep learning model for HTTP payload Anomaly Detection, namely Attention-based Encoder-Decoder Recurrent Neural Networks Anomaly Detection model (AEDRAD). AEDRAD utilizes the encoder-decoder RNN and attention mechanism to detect anomalies by reconstructing the original sequences. AEDRAD filters the fields of HTTP protocol that cannot exist anomalies, focusing on the suspicious segments. Through the encoder-decoder network, the normal payload can be well-reconstructed while the anomaly payload fails. With the attention mechanism, AEDRAD generates practical features for further anomaly detection from a global perspective. Meanwhile, it marks abnormal fragments visually, which is conducive to a subsequent analysis by experts. The experimental results show that AEDRAD significantly outperforms three state-of-the-art unsupervised algorithms on two real datasets.

Computer Science

Rikhi Ram Jagat,Dilip Singh Sisodia,Pradeep Singh

DOI: https://doi.org/10.1109/tsc.2024.3453748

IF: 11.019

2024-10-11

IEEE Transactions on Services Computing

Abstract:Web attacks penetrate the web applications' security through unauthorized access to sensitive information, disrupting services, and stealing data. Conventionally, rule-based statistical methods distinguish attackers from legitimate users. However, the training through manually extracted weblog features is time-consuming and requires subject expertise. Additionally, the supervised attack classification method needs massive, labeled weblog data, which is expensive and unfeasible. Also, the unsupervised classification techniques have resolved the labeled data insufficiency problem, but their detection performance is unreliable. Recent studies focus on recognizing web attacks through deep neural network-based anomaly detection. Hence, this study proposes an anomaly detection-based Variational LSTM Autoencoder Deviation Network (VLADEN) for recognizing web attacks from weblogs. This work resolves the aforementioned issues by extracting the aberrant information encoded in weblog request data to detect web attacks. VLADEN works in three stages: data preprocessing, anomaly and reference score generation, and classification. The variational LSTM self-encoding-based reference score generation ensures that the anomaly score deviates from the normal data. The proposed model is experimentally validated on three publicly available datasets (CSIS2010, FWAF, and HTTPParams) and evaluated using AUC-ROC and AUC-PR-based evaluation metrics. The results demonstrate the models' superior performance in detecting attack requests with minimum domain knowledge and labeled data.

computer science, information systems, software engineering

Jiang Xie,Shuhao Li,Xiaochun Yun,Yongzheng Zhang,Peng Chang

DOI: https://doi.org/10.1016/j.cose.2020.101923

IF: 5.105

2020-01-01

Computers & Security

Abstract:HTTP-based Trojan is extremely threatening, and it is difficult to be effectively detected because of its concealment and confusion. Previous detection methods usually are with poor generalization ability due to outdated datasets and reliance on manual feature extraction, which makes these methods always perform well under their private dataset, but poorly or even fail to work in real network environment. In this paper, we propose an HTTP-based Trojan detection model via the Hierarchical Spatio-Temporal Features of traffics (HSTF-Model) based on the formalized description of traffic spatio-temporal behavior from both packet level and flow level. In this model, we employ Convolutional Neural Network (CNN) to extract spatial information and Long Short-Term Memory (LSTM) to extract temporal information. In addition, we present a dataset consisting of Benign and Trojan HTTP Traffic (BTHT-2018). Experimental results show that our model can guarantee high accuracy (the F1 of 98.62% ~ 99.81% and the FPR of 0.34% ~ 0.02% in BTHT-2018). More importantly, our model has a huge advantage over other related methods in generalization ability. HSTF-Model trained with BTHT-2018 can reach the F1 of 93.51% on the public dataset ISCX-2012, which is 20+% better than the best of related machine learning methods.

Serenje Macdonald,Mkandawire Mtende

DOI: https://doi.org/10.26634/jcom.11.4.20650

2024-01-01

Abstract:The rapid growth of network infrastructures and the increasing volume of data transmitted through them have led to a critical need for efficient and accurate anomaly detection systems in network transport. This paper proposes a novel anomaly detection system that utilizes machine learning techniques to identify abnormal patterns and deviations in network traffic. The proposed system follows a multi-layered approach, starting with the collection of network traffic data from various sources, including routers, switches, and gateways. The data is then preprocessed to extract relevant features and eliminate noise. Feature extraction is carried out using statistical, time-series, and flow-based analysis to capture the inherent characteristics of network communication. Machine learning algorithms, such as neural networks, or in this case, auto-encoders, will be trained to learn the patterns of normal network behavior and subsequently detect deviations from these patterns as anomalies. The system provides alerts and notifications to network administrators, allowing prompt investigation and response to potential security threats or network performance issues. It effectively differentiates between benign and malicious network activities, enabling network administrators to take proactive measures to secure their infrastructure and ensure uninterrupted communication.

Xiaochun Yun,Jiang Xie,Shuhao Li,Yongzheng Zhang,Peishuai Sun

DOI: https://doi.org/10.1016/j.cose.2022.102834

2023-09-07

Abstract:Malicious communication behavior is the network communication behavior generated by malware (bot-net, spyware, etc.) after victim devices are infected. Experienced adversaries often hide malicious information in HTTP traffic to evade detection. However, related detection methods have inadequate generalization ability because they are usually based on artificial feature engineering and outmoded datasets. In this paper, we propose an HTTP-based Malicious Communication traffic Detection Model (HMCD-Model) based on generated adversarial flows and hierarchical traffic features. HMCD-Model consists of two parts. The first is a generation algorithm based on WGAN-GP to generate HTTP-based malicious communication traffic for data enhancement. The second is a hybrid neural network based on CNN and LSTM to extract hierarchical spatial-temporal features of traffic. In addition, we collect and publish a dataset, HMCT-2020, which consists of large-scale malicious and benign traffic during three years (2018-2020). Taking the data in HMCT-2020(18) as the training set and the data in other datasets as the test set, the experimental results show that the HMCD-Model can effectively detect unknown HTTP-based malicious communication traffic. It can reach F1 = 98.66% in the dataset HMCT-2020(19-20), F1 = 90.69% in the public dataset CIC-IDS-2017, and F1 = 83.66% in the real traffic, which is 20+% higher than other representative methods on average. This validates that HMCD-Model has the ability to discover unknown HTTP-based malicious communication behavior.

Cryptography and Security,Networking and Internet Architecture

Kacper Leśniara,Piotr Szymański

DOI: https://doi.org/10.1145/3557918.3565865

2023-04-27

Abstract:Recent years brought advancements in using neural networks for representation learning of various language or visual phenomena. New methods freed data scientists from hand-crafting features for common tasks. Similarly, problems that require considering the spatial variable can benefit from pretrained map region representations instead of manually creating feature tables that one needs to prepare to solve a task. However, very few methods for map area representation exist, especially with respect to road network characteristics. In this paper, we propose a method for generating microregions' embeddings with respect to their road infrastructure characteristics. We base our representations on OpenStreetMap road networks in a selection of cities and use the H3 spatial index to allow reproducible and scalable representation learning. We obtained vector representations that detect how similar map hexagons are in the road networks they contain. Additionally, we observe that embeddings yield a latent space with meaningful arithmetic operations. Finally, clustering methods allowed us to draft a high-level typology of obtained representations. We are confident that this contribution will aid data scientists working on infrastructure-related prediction tasks with spatial variables.

Machine Learning,Artificial Intelligence

Mohammed N. Swileh,Shengli Zhang

2024-12-09

Abstract:Software defined networking (SDN) represents a transformative shift in network architecture by decoupling the control plane from the data plane, enabling centralized and flexible management of network resources. However, this architectural shift introduces significant security challenges, as SDN's centralized control becomes an attractive target for various types of attacks. While current research has yielded valuable insights into attack detection in SDN, critical gaps remain. Addressing challenges in feature selection, broadening the scope beyond DDoS attacks, strengthening attack decisions based on multi flow analysis, and building models capable of detecting unseen attacks that they have not been explicitly trained on are essential steps toward advancing security in SDN. In this paper, we introduce a novel approach that leverages Natural Language Processing (NLP) and the pre trained BERT base model to enhance attack detection in SDN. Our approach transforms network flow data into a format interpretable by language models, allowing BERT to capture intricate patterns and relationships within network traffic. By using Random Forest for feature selection, we optimize model performance and reduce computational overhead, ensuring accurate detection. Attack decisions are made based on several flows, providing stronger and more reliable detection of malicious traffic. Furthermore, our approach is specifically designed to detect previously unseen attacks, offering a solution for identifying threats that the model was not explicitly trained on. To rigorously evaluate our approach, we conducted experiments in two scenarios: one focused on detecting known attacks, achieving 99.96% accuracy, and another on detecting unseen attacks, where our model achieved 99.96% accuracy, demonstrating the robustness of our approach in detecting evolving threats to improve the security of SDN networks.

Cryptography and Security,Artificial Intelligence

Benjamin J. Radford,Leonardo M. Apolonio,Antonio J. Trias,Jim A. Simpson

DOI: https://doi.org/10.48550/arXiv.1803.10769

2018-03-28

Abstract:We show that a recurrent neural network is able to learn a model to represent sequences of communications between computers on a network and can be used to identify outlier network traffic. Defending computer networks is a challenging problem and is typically addressed by manually identifying known malicious actor behavior and then specifying rules to recognize such behavior in network communications. However, these rule-based approaches often generalize poorly and identify only those patterns that are already known to researchers. An alternative approach that does not rely on known malicious behavior patterns can potentially also detect previously unseen patterns. We tokenize and compress netflow into sequences of "words" that form "sentences" representative of a conversation between computers. These sentences are then used to generate a model that learns the semantic and syntactic grammar of the newly generated language. We use Long-Short-Term Memory (LSTM) cell Recurrent Neural Networks (RNN) to capture the complex relationships and nuances of this language. The language model is then used predict the communications between two IPs and the prediction error is used as a measurement of how typical or atyptical the observed communication are. By learning a model that is specific to each network, yet generalized to typical computer-to-computer traffic within and outside the network, a language model is able to identify sequences of network activity that are outliers with respect to the model. We demonstrate positive unsupervised attack identification performance (AUC 0.84) on the ISCX IDS dataset which contains seven days of network activity with normal traffic and four distinct attack patterns.

Computers and Society,Human-Computer Interaction,Machine Learning

Jingxi Liang,Wen Zhao,Wei Ye

DOI: https://doi.org/10.1145/3171592.3171594

2017-01-01

Abstract:As the era of cloud technology arises, more and more people are beginning to migrate their applications and personal data to the cloud. This makes web-based applications an attractive target for cyber-attacks. As a result, web-based applications now need more protections than ever. However, current anomaly-based web attack detection approaches face the difficulties like unsatisfying accuracy and lack of generalization. And the rule-based web attack detection can hardly fight unknown attacks and is relatively easy to bypass. Therefore, we propose a novel deep learning approach to detect anomalous requests. Our approach is to first train two Recurrent Neural Networks (RNNs) with the complicated recurrent unit (LSTM unit or GRU unit) to learn the normal request patterns using only normal requests unsupervisedly and then supervisedly train a neural network classifier which takes the output of RNNs as the input to discriminate between anomalous and normal requests. We tested our model on two datasets and the results showed that our model was competitive with the state-of-the-art. Our approach frees us from feature selection. Also to the best of our knowledge, this is the first time that the RNN is applied on anomaly-based web attack detection systems.

Andrew Golczynski,John A. Emanuello

DOI: https://doi.org/10.48550/arXiv.2108.12276

IF: 14.4

2021-08-27

Artificial Intelligence

Abstract:Rule-based IDS (intrusion detection systems) are being replaced by more robust neural IDS, which demonstrate great potential in the field of Cybersecurity. However, these ML approaches continue to rely on ad-hoc feature engineering techniques, which lack the capacity to vectorize inputs in ways that are fully relevant to the discovery of anomalous cyber activity. We propose a deep end-to-end framework with NLP-inspired components for identifying potentially malicious behaviors on enterprise computer networks. We also demonstrate the efficacy of this technique on the recently released DARPA OpTC data set.

William Marfo,Deepak K. Tosh,Shirley V. Moore

DOI: https://doi.org/10.48550/arXiv.2303.07452

2023-03-14

Abstract:Due to the veracity and heterogeneity in network traffic, detecting anomalous events is challenging. The computational load on global servers is a significant challenge in terms of efficiency, accuracy, and scalability. Our primary motivation is to introduce a robust and scalable framework that enables efficient network anomaly detection. We address the issue of scalability and efficiency for network anomaly detection by leveraging federated learning, in which multiple participants train a global model jointly. Unlike centralized training architectures, federated learning does not require participants to upload their training data to the server, preventing attackers from exploiting the training data. Moreover, most prior works have focused on traditional centralized machine learning, making federated machine learning under-explored in network anomaly detection. Therefore, we propose a deep neural network framework that could work on low to mid-end devices detecting network anomalies while checking if a request from a specific IP address is malicious or not. Compared to multiple traditional centralized machine learning models, the deep neural federated model reduces training time overhead. The proposed method performs better than baseline machine learning techniques on the UNSW-NB15 data set as measured by experiments conducted with an accuracy of 97.21% and a faster computation time.

Machine Learning,Distributed, Parallel, and Cluster Computing