Luxin Cai,Naiyue Chen,Yuanmeng Wei,Huaping Chen,Yidong Li

DOI: https://doi.org/10.1109/paap56126.2022.10010553

2022-01-01

Abstract:With the rapid development of Industrial Internet, the network intrusion detection has become particularly important. In the Industrial Internet, large-scale data is distributed in the edge nodes caused the joint analysis of network intrusion detection at each edge node has become necessary. Federated learning structure can avoid data out of local nodes to protect user privacy data. However, the data distribution is different for each edge nodes, which limits the effectiveness of federated learning models. We focus on the non-IID data features and propose a new cluster-based federated learning framework for network intrusion detection. In this method, we cluster clients into different communities by data labels, which the clients contain the similar proportion of data labels in the same community. Based on the clustering results, we decompose federated learning model aggregation into cluster aggregation and global aggregation by leveraging similarities both within and between clusters. We conduct extensive experiments based on UNSW_NB15 dataset. The results show that our method has better performance than FedAvg and FedProx. It can work well in scenarios with different distributions of data samples while ensuring data security and privacy protection.

Mubashar Raza,Muhammad Jasim Saeed,Muhammad Bilal Riaz,Muhammad Awais Sattar

DOI: https://doi.org/10.1109/access.2024.3395997

IF: 3.9

2024-05-24

IEEE Access

Abstract:Software-defined networking (SDN) is an innovative network technology. It changed the world of computer networking by providing solutions to many challenges. SDN provides programmability, easy and centralized network management, dynamic configuration, and improved security. Although SDN offers remarkable benefits but it provides centralized network management which is prone to attacks. So, intrusion detection systems (IDS) are essential to detect and prevent security attacks in SDN. Traditional IDS follow a centralized machine learning approach which causes vulnerabilities in IDS. Old-style IDS lack data privacy preservation, and solution for training data unavailability due to privacy. Federated learning (FL) is a distributed machine learning approach which provides a collaborative training approach without data sharing. In FL, training is performed on multiple nodes creating a global model without sharing the data. To address challenges and the limitations of traditional IDS, we proposed a FL based multi class classification IDS for SDN. FL delivers an efficient and scalable solution to address challenges of traditional IDS. The proposed model enhances security of SDN by not requiring the centralization of data. To test the impact and efficiency of proposed model, we used a latest and realistic cybersecurity dataset. We also compared the proposed model with state of art existing multi class classification studies. The results and their comparison with existing studies highlight the potential of proposed model to enhance network security while providing a privacy-preserving learning environment for intrusion detection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xiao Zhang,Youhuai Wang,Yong Cai,Yuxiong He,Xiaoming Chen,Shi Jin

DOI: https://doi.org/10.1109/icnisc57059.2022.00093

2022-01-01

Abstract:The Internet of Things has been integrated into every aspect of our modern life, intelligent IoT services and applications are booming, and massive amounts of data are generated every day, many of which contain private information. However, due to limited resources and limited computing power, IoT networks are vulnerable to various types of attacks. Therefore, it is crucial to protect the IoT network from adversarial attacks. In today's technology, applying deep learning to classify traffic is a very effective method. It also brings a problem. In a general cloud server architecture, training data needs to be transmitted to the cloud for processing and model training. The massive data transmission overhead will bring delays in transmission and response, as well as privacy leakage issues. Federated learning (FL) based on cloud-edge collaborative networks has received considerable attention, an emerging framework for training deep learning models from decentralized data. The system sends deep learning algorithms to all edges (data sources) at the same time, trains partial models at each edge, and aggregates these partial models into a learned overall model. User information is not uploaded to the cloud during the entire process. This paper adopts the federated learning framework to detect and classify network traffic attacks, and effectively protect user privacy data.

Syeda Aunanya Mahmud,Nazmul Islam,Zahidul Islam,Ziaur Rahman,Sk. Tanzir Mehedi

DOI: https://doi.org/10.3390/math12203194

IF: 2.4

2024-10-13

Mathematics

Abstract:The Internet of Things (IoT) has revolutionized various industries, but the increased dependence on all kinds of IoT devices and the sensitive nature of the data accumulated by them pose a formidable threat to privacy and security. While traditional IDSs have been effective in securing critical infrastructures, the centralized nature of these systems raises serious data privacy concerns as sensitive information is sent to a central server for analysis. This research paper introduces a Federated Learning (FL) approach designed for detecting intrusions in diverse IoT networks to address the issue of data privacy by ensuring that sensitive information is kept in the individual IoT devices during model training. Our framework utilizes the Federated Averaging (FedAvg) algorithm, which aggregates model weights from distributed devices to refine the global model iteratively. The proposed model manages to achieve above 90% accuracies across various metrics, including precision, recall, and F1 score, while maintaining low computational demands. The results show that the proposed system successfully identifies various types of cyberattacks, including Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), data injection, ransomware, and several others, showcasing its robustness. This research makes a great advancement to the IDSs by providing an efficient and reliable solution that is more scalable and privacy friendly than any of the existing models.

mathematics

Jia Huang,Zhen Chen,Sheng-Zheng Liu,Hao Zhang,Hai-Xia Long

DOI: https://doi.org/10.3390/s24124002

IF: 3.9

2024-06-20

Sensors

Abstract:The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yuqing Kou,Jieren Cheng,Yankun Yang,Hao Wu,Yajing Li,Victor S. Sheng

2023-01-01

Abstract:Data is a valuable strategic resource for the development of modern society. However, with the increasingly complex network environment, privacy leaks and malicious attacks emerge in endlessly. For example, blockchain has also begun to become a new outlet for network black production, which poses a huge security threat to cryptocurrency. In this paper, we propose a hybrid network model (Cb Net), which uses Convolutional Neural Networks (CNN) and Bidirectional recurrent neural networks (BiGRU) to fully extract the space-time characteristics of network data traffic. Then, we propose an intrusion detection method (FLD), which introduces federated learning to collect traffic data from different network institutions, analyze network traffic and identify network attacks. We have fully evaluated the performance of the proposed model and method on the public dataset NSL-KDD. Experiments show that the proposed hybrid network model can achieve high detection accuracy, and the FLD method can effectively identify network attacks on the premise of ensuring the privacy of the local data of the users involved, and its performance is better than other methods.

Syed Muhammad Salman Bukhari,Muhammad Hamza Zafar,Mohamad Abou Houran,Syed Kumayl Raza Moosavi,Majad Mansoor,Muhammad Muaaz,Filippo Sanfilippo

DOI: https://doi.org/10.1016/j.adhoc.2024.103407

IF: 4.816

2024-01-01

Ad Hoc Networks

Abstract:As the digital landscape expands rapidly due to technological advancements, cybersecurity concerns have become more prevalent. Intrusion Detection Systems (IDSs), which are crucial for identifying unusual network traffic indicative of malicious activity, have become a necessity. These systems can be either hardware or software-based. However, traditional IDS models often fail to adequately protect data privacy and detect complex, unique breaches, particularly within Wireless Sensor Networks (WSNs). To address these limitations, this paper proposes a novel Stacked Convolutional Neural Network and Bidirectional Long Short Term Memory (SCNN-Bi-LSTM) model for intrusion detection in WSNs. This model leverages Federated Learning (FL) to enhance intrusion detection performance and safeguard privacy. The FL-based SCNN-Bi-LSTM model is unique in its approach, allowing multiple sensor nodes to collaboratively train a central global model without revealing private data, thereby alleviating privacy concerns. The deep learning methodology of the SCNN-Bi-LSTM model effectively identifies sophisticated and previously unknown cyber threats by meticulously examining both local and temporal linkages in network patterns. The model has been specifically designed to detect and categorize different types of Denial of Service (DoS) attacks using specialized WSN-DS and CIC-IDS-2017 datasets. Compared to traditional Artificial Deep Neural Network (ADNN) models, our proposed FL-SCNN-Bi-LSTM model demonstrated superior detection rates for complex and unknown attacks, significantly improving IDS performance. The model achieved a notable classification accuracy of approximately 99.9% precision and recall on both datasets, substantially reducing false positives and negatives. Our research underscores the potential of federated learning and deep learning in enhancing the security and privacy of WSNs. The proposed FL-SCNN-Bi-LSTM architecture not only facilitates the identification of complex cyber threats but also exemplifies how deep learning techniques can be employed to bolster intrusion detection systems while preserving user data privacy.

Nanda, Ashok Kumar,Sankar, S.,Cheerla, Sreevardhan

DOI: https://doi.org/10.1007/s11277-023-10852-z

IF: 2.017

2024-02-05

Wireless Personal Communications

Abstract:Important information needs to be sent over the Internet safely. Real-time data is mixed with harmful information, lowering the quality of communication and the system's overall performance. A network intruder detection system is software that examines all incoming and outgoing network packets to detect malicious events. Federated learning (FL) is a way to put artificial intelligence at the cutting edge. It is a way to solve problems that is not centralized and lets people learn from significant amounts of data. Deep learning (DL) methods have often been used to find harmful data in host intrusion detection systems (HIDS) that look for unusual behavior. The FL architecture allows multiple users to train a global model while respecting the privacy of each user's data, making DL-based methods more useful. But there has yet to be a complete analysis of how well FL-based HIDSs protect against known privacy threats with the already in-place defenses. To solve this problem, we offer two privacy assessment measures for FL-based HIDSs, including a privacy score that rates how close the original and restored traffic attributes are. The CICIDS2017 dataset, which includes several attacks from the present day, was used to make the real-time model. In addition, an adaptive threshold-correlation algorithm (ATCA) is presented to enhance detection accuracy by dynamically adjusting threshold values according to traffic patterns and intrusion behaviors. The FL-HIDS framework was created and tested using a realistic network dataset. Experiment results show that the suggested technique outperforms existing intrusion detection systems regarding detection precision and scalability. The federated learning strategy effectively leverages the collective intelligence of network devices, enabling continuous learning and adaptation to emergent attack strategies. Furthermore, the adaptive threshold technique considerably reduces the rate of false positive and false negative detection, boosting the intrusion detection system's overall effectiveness. The proposed architecture solves previous centralized solutions' shortcomings by providing a scalable, privacy-preserving method for defending network environments against expanding invasion threats.

telecommunications

Jiyuan Shen,Wenzhuo Yang,Zhaowei Chu,Jiani Fan,Dusit Niyato,Kwok-Yan Lam

2024-01-22

Abstract:With the rapid development of low-cost consumer electronics and cloud computing, Internet-of-Things (IoT) devices are widely adopted for supporting next-generation distributed systems such as smart cities and industrial control systems. IoT devices are often susceptible to cyber attacks due to their open deployment environment and limited computing capabilities for stringent security controls. Hence, Intrusion Detection Systems (IDS) have emerged as one of the effective ways of securing IoT networks by monitoring and detecting abnormal activities. However, existing IDS approaches rely on centralized servers to generate behaviour profiles and detect anomalies, causing high response time and large operational costs due to communication overhead. Besides, sharing of behaviour data in an open and distributed IoT network environment may violate on-device privacy requirements. Additionally, various IoT devices tend to capture heterogeneous data, which complicates the training of behaviour models. In this paper, we introduce Federated Learning (FL) to collaboratively train a decentralized shared model of IDS, without exposing training data to others. Furthermore, we propose an effective method called Federated Learning Ensemble Knowledge Distillation (FLEKD) to mitigate the heterogeneity problems across various clients. FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results on the public dataset CICIDS2019 demonstrate that the proposed approach outperforms local training and traditional FL in terms of both speed and performance and significantly improves the system's ability to detect unknown attacks. Finally, we evaluate our proposed framework's performance in three potential real-world scenarios and show FLEKD has a clear advantage in experimental results.

Cryptography and Security

Malik Bader Alazzam,Fawaz Alassery,Ahmed Almulihi

DOI: https://doi.org/10.1155/2022/1522179

2022-04-01

Wireless Communications and Mobile Computing

Abstract:Using federated learning, which is a distributed machine learning approach, a machine learning model can train on a distributed data set without having to transfer any data between computers. Instead of using a centralised server for training, the model uses data stored locally on the device itself. After that, the server uses this model to create a jointly trained model. Federated learning asserts that privacy is preserved because no data is sent. Botnet attacks are detected using on-device decentralised traffic statistics and a deep autoencoder. This proposed federated learning approach addresses privacy and security concerns about data privacy and security rather than allowing data to be transferred or relocated off the network edge. In order to get the intended results of a previously centralised machine learning technique while also increasing data security, computation will be shifted to the edge layer. Up to 98% accuracy is achieved in anomaly detection with our proposed model using features like MAC IP and source/destination/IP for training. Our solution outperforms a standard centrally managed system in terms of attack detection accuracy, according to our comparative performance analysis.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ningxin He,Zehui Zhang,Xiaotian Wang,Tiegang Gao

DOI: https://doi.org/10.1155/2023/2956990

IF: 8.993

2023-01-01

International Journal of Intelligent Systems

Abstract:Intrusion detection systems play a very important role in industrial Internet network security. However, in the large-scale, complex, and heterogeneous industrial Internet of Things (IoT), it is becoming more and more difficult to defend network intrusion threats due to the insufficiency of high-quality attack samples. To solve the problem, an efficient federated network intrusion method called EFedID is proposed for industrial IoT, which can allow different industrial agents to collaboratively train a comprehensive detection model. Specifically, the adaptive gradient sparsification method is introduced to alleviate the communication and computation overheads. To protect the data privacy of the agents, a CKKS cryptosystem-based secure communication protocol is designed to encrypt the model parameters through the federated training process. Our proposed system demonstrates exceptional detection performance on the NSL-KDD, KDD CUP 99, and CICIDS 2017 datasets. Notably, on the NSL-KDD dataset, the model compression rate reaches 9 times while the model accuracy reaches 84.31%. On the KDD CUP 99 dataset, the model compression rate reaches 8.9 times while the model accuracy reaches 97.3%. Lastly, on the CICIDS 2017 dataset, the model compression rate reached 6.173 times while the model accuracy reached 95.51%. The experimental results demonstrate that the proposed method is very suitable for effectively developing a high-accuracy detection model while protecting the data information of industrial agents. Furthermore, the method can be extended to other recent deep learning networks for intrusion detection.

Mohanad Sarhan,Siamak Layeghy,Nour Moustafa,Marius Portmann

DOI: https://doi.org/10.1007/s10922-022-09691-3

2022-10-08

Journal of Network and Systems Management

Abstract:The uses of machine learning (ML) technologies in the detection of network attacks have been proven to be effective when designed and evaluated using data samples originating from the same organisational network. However, it has been very challenging to design an ML-based detection system using heterogeneous network data samples originating from different sources and organisations. This is mainly due to privacy concerns and the lack of a universal format of datasets. In this paper, we propose a collaborative cyber threat intelligence sharing scheme to allow multiple organisations to join forces in the design, training, and evaluation of a robust ML-based network intrusion detection system. The threat intelligence sharing scheme utilises two critical aspects for its application; the availability of network data traffic in a common format to allow for the extraction of meaningful patterns across data sources and the adoption of a federated learning mechanism to avoid the necessity of sharing sensitive users' information between organisations. As a result, each organisation benefits from the intelligence of other organisations while maintaining the privacy of its data internally. In this paper, the framework has been designed and evaluated using two key datasets in a NetFlow format known as NF-UNSW-NB15-v2 and NF-BoT-IoT-v2. In addition, two other common scenarios are considered in the evaluation process; a centralised training method where local data samples are directly shared with other organisations and a localised training method where no threat intelligence is shared. The results demonstrate the efficiency and effectiveness of the proposed framework by designing a universal ML model effectively classifying various benign and intrusive traffic types originating from multiple organisations without the need for inter-organisational data exchange.

computer science, information systems,telecommunications

Yunhui Wang,Weichu Zheng,Zifei Liu,Jinyan Wang,Hongjian Shi,Mingyu Gu,Yicheng Di

DOI: https://doi.org/10.3390/electronics12194049

IF: 2.9

2023-09-27

Electronics

Abstract:The rapid development of cloud–fog–edge computing and mobile devices has led to massive amounts of data being generated. Also, artificial intelligence technology, like machine learning and deep learning, is widely used to mine the value of the data. Specifically, detecting attacks on the cloud–fog–edge computing system using mobile devices is essential. External attacks on network press organizations led to anomaly flow in network traffic. The network intrusion detection system (NIDS) has been an effective method for detecting anomaly flow. However, the NIDS is hard to deploy in distributed networks because network flow data are kept private. Existing methods cannot obtain an accurate NIDS under such a federated scenario. To construct an NIDS while preserving data privacy, we propose a combined model that integrates binary classifiers into a whole network based on simple classifier networks to specify the type of attack on anomalous data and offer instruction to other security system components. We also introduce federated learning (FL) methods into our system and design a new aggregation algorithm named vertical blocking aggregation (FedVB) according to our model structure. Our experiments demonstrate that our system can be more effective than simple multi-classifiers in terms of accuracy and significantly reduce communication and computation overhead when applying FedVB.

engineering, electrical & electronic,computer science, information systems,physics, applied

Shaashwat Agrawal,Sagnik Sarkar,Ons Aouedi,Gokul Yenduri,Kandaraj Piamrat,Sweta Bhattacharya,Praveen Kumar Reddy Maddikunta,Thippa Reddy Gadekallu

DOI: https://doi.org/10.48550/arXiv.2106.09527

2021-06-16

Abstract:The rapid development of the Internet and smart devices trigger surge in network traffic making its infrastructure more complex and heterogeneous. The predominated usage of mobile phones, wearable devices and autonomous vehicles are examples of distributed networks which generate huge amount of data each and every day. The computational power of these devices have also seen steady progression which has created the need to transmit information, store data locally and drive network computations towards edge devices. Intrusion detection systems play a significant role in ensuring security and privacy of such devices. Machine Learning and Deep Learning with Intrusion Detection Systems have gained great momentum due to their achievement of high classification accuracy. However the privacy and security aspects potentially gets jeopardised due to the need of storing and communicating data to centralized server. On the contrary, federated learning (FL) fits in appropriately as a privacy-preserving decentralized learning technique that does not transfer data but trains models locally and transfers the parameters to the centralized server. The present paper aims to present an extensive and exhaustive review on the use of FL in intrusion detection system. In order to establish the need for FL, various types of IDS, relevant ML approaches and its associated issues are discussed. The paper presents detailed overview of the implementation of FL in various aspects of anomaly detection. The allied challenges of FL implementations are also identified which provides idea on the scope of future direction of research. The paper finally presents the plausible solutions associated with the identified challenges in FL based intrusion detection system implementation acting as a baseline for prospective research.

Cryptography and Security,Machine Learning

Noor Ali Al-Athba Al-Marri,Bekir Sait Ciftler,Mohamed Abdallah

DOI: https://doi.org/10.48550/arXiv.2012.06974

2020-12-13

Abstract:Internet of things (IoT) devices are prone to attacks due to the limitation of their privacy and security components. These attacks vary from exploiting backdoors to disrupting the communication network of the devices. Intrusion Detection Systems (IDS) play an essential role in ensuring information privacy and security of IoT devices against these attacks. Recently, deep learning-based IDS techniques are becoming more prominent due to their high classification accuracy. However, conventional deep learning techniques jeopardize user privacy due to the transfer of user data to a centralized server. Federated learning (FL) is a popular privacy-preserving decentralized learning method. FL enables training models locally at the edge devices and transferring local models to a centralized server instead of transferring sensitive data. Nevertheless, FL can suffer from reverse engineering ML attacks that can learn information about the user's data from model. To overcome the problem of reverse engineering, mimic learning is another way to preserve the privacy of ML-based IDS. In mimic learning, a student model is trained with the public dataset, which is labeled with the teacher model that is trained by sensitive user data. In this work, we propose a novel approach that combines the advantages of FL and mimic learning, namely federated mimic learning to create a distributed IDS while minimizing the risk of jeopardizing users' privacy, and benchmark its performance compared to other ML-based IDS techniques using NSL-KDD dataset. Our results show that we can achieve 98.11% detection accuracy with federated mimic learning.

Networking and Internet Architecture

Abhishek Sebastian,Pragna R,Sudhakaran G,Renjith P N,Leela Karthikeyan H

2023-11-23

Abstract:Federated learning is a technique of decentralized machine learning. that allows multiple parties to collaborate and learn a shared model without sharing their raw data. Our paper proposes a federated learning framework for intrusion detection in Internet of Vehicles (IOVs) using the CIC-IDS 2017 dataset. The proposed framework employs SMOTE for handling class imbalance, outlier detection for identifying and removing abnormal observations, and hyperparameter tuning to optimize the model's performance. The authors evaluated the proposed framework using various performance metrics and demonstrated its effectiveness in detecting intrusions with other datasets (KDD-Cup 99 and UNSW- NB-15) and conventional classifiers. Furthermore, the proposed framework can protect sensitive data while achieving high intrusion detection performance.

Cryptography and Security,Artificial Intelligence,Machine Learning

Tian Dong,Song Li,Han Qiu,Jialiang Lu

DOI: https://doi.org/10.48550/arXiv.2201.03134

2022-01-10

Cryptography and Security

Abstract:Learning-based Network Intrusion Detection Systems (NIDSs) are widely deployed for defending various cyberattacks. Existing learning-based NIDS mainly uses Neural Network (NN) as a classifier that relies on the quality and quantity of cyberattack data. Such NN-based approaches are also hard to interpret for improving efficiency and scalability. In this paper, we design a new local-global computation paradigm, FEDFOREST, a novel learning-based NIDS by combining the interpretable Gradient Boosting Decision Tree (GBDT) and Federated Learning (FL) framework. Specifically, FEDFOREST is composed of multiple clients that extract local cyberattack data features for the server to train models and detect intrusions. A privacy-enhanced technology is also proposed in FEDFOREST to further defeat the privacy of the FL systems. Extensive experiments on 4 cyberattack datasets of different tasks demonstrate that FEDFOREST is effective, efficient, interpretable, and extendable. FEDFOREST ranks first in the collaborative learning and cybersecurity competition 2021 for Chinese college students.

Jiazhen Zhang,Chunbo Luo,Marcus Carpenter,Geyong Min

DOI: https://doi.org/10.1109/tii.2022.3216575

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Considering that low-cost and resource-cons- trained sensors coupled inherently could be vulnerable to growing numbers of intrusion threats, industrial Internet-of-Things (IIoT) systems are faced with severe security concerns. Data sharing for building high-performance intrusion detection models is also prohibited due to the sensitivity, privacy, and high value of IIoT data. This article presents an anomaly-based intrusion detection system with federated learning for privacy-preserving machine learning in future IIoT networks. To tackle the urgent issue of training local models with non-independent and identically distributed (non-IID) data, we adopt instance-based transfer learning at local. Furthermore, to boost the performance of this system for IIoT intrusion detection, we propose a rank aggregation algorithm with a weighted voting approach. The proposed system achieves superior detection performance with 95.97% and 73.70% accuracy for AdaBoost and Random Forest, respectively, outperforming the baseline models by 12.72% and 14.8%.

Zhigang Jin,Junyi Zhou,Bing Li,Xiaodong Wu,Chenxu Duan

DOI: https://doi.org/10.1016/j.future.2023.09.019

IF: 7.307

2023-09-20

Future Generation Computer Systems

Abstract:With the advantage of analyzing data of multiple work sites comprehensively while ensuring data privacy, federated learning-based intrusion detection systems (IDS) are emerging as a distributed intrusion detection paradigm. Most of these IDS are assumed to work on static data. However, in the actual network environment, the practice of setting data as static will lead to the phenomenon known as catastrophic forgetting, where old classes that have already appeared would be forgotten. In this paper, we propose a novel IDS framework called FL-IIDS to effectively address the catastrophic forgetting problem. Firstly, a new loss function is synthetically designed for local model training. With the new function, the class gradient balance loss function assigns different learning weights to data of the new and old classes so that the learning rate of the new classes would decrease and the memory of the overall old classes would be deepened. Moreover, the sample label smoothing loss function leverages the knowledge distillation method to enhance the local model memory for every specific class of old classes. Secondly, the relay client fusing sample reconstruction is employed to mitigate the spread of catastrophic forgetting globally without compromising data privacy. Extensive experimental results on the UNSW-NB15 dataset and the CICIDS2018 dataset show that our proposed framework improves the memory capability for old classes substantially without affecting the detection effectiveness of the IDS for new classes.

computer science, theory & methods

Qi Zhou,Chun Shi

DOI: https://doi.org/10.4018/ijswis.335495

2024-01-07

International Journal on Semantic Web and Information Systems

Abstract:Under the premise of ensuring data privacy, traditional network intrusion detection (NID) methods cannot achieve high accuracy for different types of intrusions. A NID method combining transformer and federated learning (FedL) is proposed for this purpose. First, a multi-party collaborative learning framework was built based on FedL, which achieved data exchange and sharing. Then, by introducing the self-attention mechanism (AttM) to improve the traditional transformer, it could quickly converge. Finally, an NID model integrating transformer and FedL was constructed by combining DNN, GRU, and an encoder module composed of improved transformer, achieving accurate detection of network intrusion. The proposed NID method was compared with the other three methods. The results show that the proposed method has the highest NID accuracy and F1 score on the NSL-KDD and UNSW-NB15 dataset, with the highest accuracy reaching 99.65% and 89.25%, while the F1 score has the highest accuracy, reaching 99.45% and 88.13%, outperforming the other three comparative algorithms in terms of performance.

computer science, information systems, artificial intelligence