Jia-Cheng Huang,Guo-Qiang Zeng,Guang-Gang Geng,Jian Weng,Kang-Di Lu,Yu Zhang

DOI: https://doi.org/10.1016/j.cose.2023.103310

2023-05-27

Abstract:Industrial control systems (ICSs) are facing serious and evolving security threats because of a variety of malicious attacks. Deep learning-based intrusion detection systems (IDSs) have been widely considered as one of promising security solutions for ICSs, but these deep neural networks for IDSs in ICSs have been designed manually, which are extremely dependent on expert experience with numerous model parameters. This paper makes the first attempt to develop an automatic architecture design method of convolutional neural networks (CNNs) based on differential evolution (abbreviated as DE-CNN) for the intrusion detection issue in ICSs. The first phase of the proposed DE-CNN is the off-line architecture optimization of the CNNs constructed by three basic units such as ResNetBlockUnit, DenseNetBlockUnit, and PoolingUnit, including encoding the architecture parameters of a CNN as a population, evaluating the fitness of the population by the validation accuracy and the number of CNN model parameters, implementing the evolutionary process including mutation and crossover operations, and selecting the best individual from the population. Then, the optimal CNN model obtained by the off-line optimization of DE-CNN is deployed for the online IDSs. The experimental results on two intrusion detection datasets in ICSs including SWaT and WADI have demonstrated the superiority of the proposed DE-CNN to the state-of-the-art manually-designed and neuroevolution-based methods under both unsupervised and supervised learning in terms of Precision, Recall , F1 -Score and the number of the CNN model parameters.

computer science, information systems

Beibei Li,Yuhao Wu,Jiarui Song,Rongxing Lu,Tao Li,Liang Zhao

DOI: https://doi.org/10.1109/tii.2020.3023430

IF: 12.3

2021-08-01

IEEE Transactions on Industrial Informatics

Abstract:The rapid convergence of legacy industrial infrastructures with intelligent networking and computing technologies (e.g., 5G, software-defined networking, and artificial intelligence), have dramatically increased the attack surface of industrial cyber–physical systems (CPSs). However, withstanding cyber threats to such large-scale, complex, and heterogeneous industrial CPSs has been extremely challenging, due to the insufficiency of high-quality attack examples. In this article, we propose a novel federated deep learning scheme, named DeepFed, to detect cyber threats against industrial CPSs. Specifically, we first design a new deep learning-based intrusion detection model for industrial CPSs, by making use of a convolutional neural network and a gated recurrent unit. Second, we develop a federated learning framework, allowing multiple industrial CPSs to collectively build a comprehensive intrusion detection model in a privacy-preserving way. Further, a Paillier cryptosystem-based secure communication protocol is crafted to preserve the security and privacy of model parameters through the training process. Extensive experiments on a real industrial CPS dataset demonstrate the high effectiveness of the proposed DeepFed scheme in detecting various types of cyber threats to industrial CPSs and the superiorities over state-of-the-art schemes.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jia Huang,Zhen Chen,Sheng-Zheng Liu,Hao Zhang,Hai-Xia Long

DOI: https://doi.org/10.3390/s24124002

IF: 3.9

2024-06-20

Sensors

Abstract:The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Kumar, Prabhat,Islam, A. K. M. Najmul

DOI: https://doi.org/10.1007/s12559-024-10309-w

IF: 4.89

2024-06-11

Cognitive Computation

Abstract:Industrial Cyber-Physical Systems (ICPSs) are becoming more and more networked and essential to modern infrastructure. This has led to an increase in the complexity of their dynamics and the challenges of protecting them from advanced cyber threats have escalated. Conventional intrusion detection systems (IDS) often struggle to interpret high-dimensional, sequential data efficiently and extract meaningful features. They are characterized by low accuracy and a high rate of false positives. In this article, we adopt the computational design science approach to design an IDS for ICPS, driven by Generative AI and cognitive computing. Initially, we designed a Long Short-Term Memory-based Sparse Variational Autoencoder (LSTM-SVAE) technique to extract relevant features from complex data patterns efficiently. Following this, a Bidirectional Recurrent Neural Network with Hierarchical Attention (BiRNN-HAID) is constructed. This stage focuses on proficiently identifying potential intrusions by processing data with enhanced focus and memory capabilities. Next, a Cognitive Enhancement for Contextual Intrusion Awareness (CE-CIA) is designed to refine the initial predictions by applying cognitive principles. This enhances the system's reliability by effectively balancing sensitivity and specificity, thereby reducing false positives. The final stage, Interpretive Assurance through Activation Insights in Detection Models (IAA-IDM), involves the visualizations of mean activations of LSTM and GRU layers for providing in-depth insights into the decision-making process for cybersecurity analysts. Our framework undergoes rigorous testing on two publicly accessible industrial datasets, ToN-IoT and Edge-IIoTset, demonstrating its superiority over both baseline methods and recent state-of-the-art approaches.

computer science, artificial intelligence,neurosciences

Nanda, Ashok Kumar,Sankar, S.,Cheerla, Sreevardhan

DOI: https://doi.org/10.1007/s11277-023-10852-z

IF: 2.017

2024-02-05

Wireless Personal Communications

Abstract:Important information needs to be sent over the Internet safely. Real-time data is mixed with harmful information, lowering the quality of communication and the system's overall performance. A network intruder detection system is software that examines all incoming and outgoing network packets to detect malicious events. Federated learning (FL) is a way to put artificial intelligence at the cutting edge. It is a way to solve problems that is not centralized and lets people learn from significant amounts of data. Deep learning (DL) methods have often been used to find harmful data in host intrusion detection systems (HIDS) that look for unusual behavior. The FL architecture allows multiple users to train a global model while respecting the privacy of each user's data, making DL-based methods more useful. But there has yet to be a complete analysis of how well FL-based HIDSs protect against known privacy threats with the already in-place defenses. To solve this problem, we offer two privacy assessment measures for FL-based HIDSs, including a privacy score that rates how close the original and restored traffic attributes are. The CICIDS2017 dataset, which includes several attacks from the present day, was used to make the real-time model. In addition, an adaptive threshold-correlation algorithm (ATCA) is presented to enhance detection accuracy by dynamically adjusting threshold values according to traffic patterns and intrusion behaviors. The FL-HIDS framework was created and tested using a realistic network dataset. Experiment results show that the suggested technique outperforms existing intrusion detection systems regarding detection precision and scalability. The federated learning strategy effectively leverages the collective intelligence of network devices, enabling continuous learning and adaptation to emergent attack strategies. Furthermore, the adaptive threshold technique considerably reduces the rate of false positive and false negative detection, boosting the intrusion detection system's overall effectiveness. The proposed architecture solves previous centralized solutions' shortcomings by providing a scalable, privacy-preserving method for defending network environments against expanding invasion threats.

telecommunications

JiaMing Wang,Kai Yang,MinJing Li

DOI: https://doi.org/10.1371/journal.pone.0308639

IF: 3.7

2024-10-24

PLoS ONE

Abstract:With the rapid development of Industrial Internet of Things (IIoT), network security issues have become increasingly severe, making intrusion detection one of the key technologies for ensuring IIoT security. However, existing intrusion detection systems face challenges such as incomplete data features, missing labels, parameter leakage, and high communication overhead. To address these challenges, this paper proposes a federated learning-based intrusion detection algorithm (NIDS-FGPA) that utilizes gradient similarity model aggregation. This algorithm leverages a federated learning architecture and combines it with Paillier homomorphic encryption technology to ensure the security of the training process. Additionally, the paper introduces the Gradient Similarity Model Aggregation (GSA) algorithm, which dynamically selects and weights updates from different models to reduce communication overhead. Finally, the paper designs a deep learning model based on two-dimensional convolutional neural networks and bidirectional gated recurrent units (2DCNN-BIGRU) to handle incomplete data features and missing labels in network traffic data. Experimental validation on the Edge-IIoTset and CIC IoT 2023 datasets achieves accuracies of 94.5% and 99.2%, respectively. The results demonstrate that the NIDS-FGPA model possesses the ability to identify and capture complex network attacks, significantly enhancing the overall security of the network.

Helio N. Cunha Neto,Ivana Dusparic,Diogo M. F. Mattos,Natalia C. Fernandes

DOI: https://doi.org/10.48550/arXiv.2205.11519

2022-05-23

Abstract:Fast identification of new network attack patterns is crucial for improving network security. Nevertheless, identifying an ongoing attack in a heterogeneous network is a non-trivial task. Federated learning emerges as a solution to collaborative training for an Intrusion Detection System (IDS). The federated learning-based IDS trains a global model using local machine learning models provided by federated participants without sharing local data. However, optimization challenges are intrinsic to federated learning. This paper proposes the Federated Simulated Annealing (FedSA) metaheuristic to select the hyperparameters and a subset of participants for each aggregation round in federated learning. FedSA optimizes hyperparameters linked to the global model convergence. The proposal reduces aggregation rounds and speeds up convergence. Thus, FedSA accelerates learning extraction from local models, requiring fewer IDS updates. The proposal assessment shows that the FedSA global model converges in less than ten communication rounds. The proposal requires up to 50% fewer aggregation rounds to achieve approximately 97% accuracy in attack detection than the conventional aggregation approach.

Cryptography and Security,Machine Learning

Congyuan Xu,Jizhong Shen,Xin Du,Fan Zhang

DOI: https://doi.org/10.1109/access.2018.2867564

IF: 3.9

2018-01-01

IEEE Access

Abstract:To improve the performance of network intrusion detection systems (IDS), we applied deep learning theory to intrusion detection and developed a deep network model with automatic feature extraction. In this paper, we consider the characteristics of the time-related intrusion and propose a novel IDS that consists of a recurrent neural network with gated recurrent units (GRU), multilayer perceptron (MLP), and softmax module. Experiments on the well-known KDD 99 and NSL-KDD data sets show that the system has leading performance. The overall detection rate was 99.42% using KDD 99 and 99.31% using NSL-KDD with false positive rates as low as 0.05% and 0.84%, respectively. In particular, for detecting the denial of service attacks, the system achieved detection rates of 99.98% and 99.55%, respectively. Comparative experiments showed that the GRU is more suitable as a memory unit for IDS than LSTM, and proved that it is an effective simplification and improvement of LSTM. Moreover, the bidirectional GRU can reach the best performance compared with the recently published methods.

Vasiliki Kelli,Vasileios Argyriou,Thomas Lagkas,George Fragulis,Elisavet Grigoriou,Panagiotis Sarigiannidis

DOI: https://doi.org/10.3390/s21206743

IF: 3.9

2021-10-11

Sensors

Abstract:Internet of Things (IoT) is a concept adopted in nearly every aspect of human life, leading to an explosive utilization of intelligent devices. Notably, such solutions are especially integrated in the industrial sector, to allow the remote monitoring and control of critical infrastructure. Such global integration of IoT solutions has led to an expanded attack surface against IoT-enabled infrastructures. Artificial intelligence and machine learning have demonstrated their ability to resolve issues that would have been impossible or difficult to address otherwise; thus, such solutions are closely associated with securing IoT. Classical collaborative and distributed machine learning approaches are known to compromise sensitive information. In our paper, we demonstrate the creation of a network flow-based Intrusion Detection System (IDS) aiming to protecting critical infrastructures, stemming from the pairing of two machine learning techniques, namely, federated learning and active learning. The former is utilized for privately training models in federation, while the latter is a semi-supervised approach applied for global model adaptation to each of the participant’s traffic. Experimental results indicate that global models perform significantly better for each participant, when locally personalized with just a few active learning queries. Specifically, we demonstrate how the accuracy increase can reach 7.07% in only 10 queries.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zhao Zhang,Yong Zhang,Hao Li,Shenbo Liu,Wei Chen,Zhigang Zhang,Lijun Tang

DOI: https://doi.org/10.1016/j.engappai.2024.108826

IF: 8

2024-01-01

Engineering Applications of Artificial Intelligence

Abstract:As a promising paradigm, Federated Learning (FL)-based distributed intrusion detection offers potent protection for the network security of Industrial Internet of Things (IIoT) systems. Nonetheless, the practical deployment of IIoT systems occurs in a highly-complex and dynamic distributed environment. The ever-growing and dynamically-evolving cyber attacks will render the FL-based intrusion detection model inefficient, since FL cannot gracefully learn from the dynamic traffic data streams to identify new attacks. To address this issue, we propose the evolutionary distributed intrusion detection system based on federated continual representation learning, designed to continually capture effective feature representations of emerging attacks from dynamic traffic data streams. Specifically, we develop the supervised contrastive loss and the global information-aware regularization loss to alleviate the catastrophic forgetting on the previously observed attacks and mitigate the data heterogeneity across clients. Besides, we propose the prototype variance-based memory update strategy to ensure the effective memory replay data. Extensive experimental results demonstrate our proposed method outperforms the state-of-the-art methods by 13.3%–31.5% in terms of average accuracy on a real energy intrusion detection dataset.

Jie Wang,Pengfei Li,Weiqiang Kong,Ran An

DOI: https://doi.org/10.3390/math10162872

IF: 2.4

2022-08-12

Mathematics

Abstract:With the rapid development of network technologies, the network security of industrial control systems has aroused widespread concern. As a defense mechanism, an ideal intrusion detection system (IDS) can effectively detect abnormal behaviors in a system without affecting the performance of the industrial control system (ICS). Many deep learning methods are used to build an IDS, which rely on massive numbers of variously labeled samples for model training. However, network traffic is imbalanced, and it is difficult for researchers to obtain sufficient attack samples. In addition, the attack variants are rich, and constructing all possible attack types in advance is impossible. In order to overcome these challenges and improve the performance of an IDS, this paper presents a novel intrusion detection approach which integrates a one-dimensional convolutional autoencoder (1DCAE) and support vector data description (SVDD) for the first time. For the two-stage training process, 1DCAE fails to retain the key features of intrusion detection and SVDD has to add restrictions, so a joint optimization solution is introduced. A three-stage optimization process is proposed to obtain better performance. Experiments on the benchmark intrusion detection dataset NSL-KDD show that the proposed method can effectively detect various unknown attacks, learning with only normal traffic. Compared with the recent state-of-art intrusion detection baselines, the proposed method is improved in most metrics.

mathematics

Chaoyang He,Murali Annavaram,Salman Avestimehr

DOI: https://doi.org/10.48550/arXiv.2004.08546

2021-01-04

Abstract:Federated Learning (FL) has been proved to be an effective learning framework when data cannot be centralized due to privacy, communication costs, and regulatory restrictions. When training deep learning models under an FL setting, people employ the predefined model architecture discovered in the centralized environment. However, this predefined architecture may not be the optimal choice because it may not fit data with non-identical and independent distribution (non-IID). Thus, we advocate automating federated learning (AutoFL) to improve model accuracy and reduce the manual design effort. We specifically study AutoFL via Neural Architecture Search (NAS), which can automate the design process. We propose a Federated NAS (FedNAS) algorithm to help scattered workers collaboratively searching for a better architecture with higher accuracy. We also build a system based on FedNAS. Our experiments on non-IID dataset show that the architecture searched by FedNAS can outperform the manually predefined architecture.

Machine Learning,Computer Vision and Pattern Recognition,Distributed, Parallel, and Cluster Computing,Multiagent Systems

Ali Alzahrani,Theyazn H. H. Aldhyani

DOI: https://doi.org/10.3390/su15108076

IF: 3.9

2023-05-17

Sustainability

Abstract:Online food security and industrial environments and sustainability-related industries are highly confidential and in urgent need for network traffic analysis to attain proper security information to avoid attacks from anywhere in the world. The integration of cutting-edge technology such as the Internet of things (IoT) has resulted in a gradual increase in the number of vulnerabilities that may be exploited in supervisory control and data acquisition (SCADA) systems. In this research, we present a network intrusion detection system for SCADA networks that is based on deep learning. The goal of this system is to defend ICSs against network-based assaults that are both conventional and SCADA-specific. An empirical evaluation of a number of classification techniques including k-nearest neighbors (KNN), linear discriminant analysis (LDA), random forest (RF), convolution neural network (CNN), and integrated gated recurrent unit (GRU) is reported in this paper. The suggested algorithms were tested on a genuine industrial control system (SCADA), which was known as the WUSTL-IIoT-2018 and WUSTL-IIoT-20121 datasets. SCADA system operators are now able to augment proposed machine learning and deep learning models with site-specific network attack traces as a result of our invention of a re-training method to handle previously unforeseen instances of network attacks. The empirical results, using realistic SCADA traffic datasets, show that the proposed machine learning and deep-learning-based approach is well-suited for network intrusion detection in SCADA systems, achieving high detection accuracy and providing the capability to handle newly emerging threats. The accuracy performance attained by the KNN and RF algorithms was superior and achieved a near-perfect score of 99.99%, whereas the CNN-GRU model scored an accuracy of 99.98% using WUSTL-IIoT-2018. The Rf and GRU algorithms achieved >99.75% using the WUSTL-IIoT-20121 dataset. In addition, a statistical analysis method was developed in order to anticipate the error that exists between the target values and the prediction values. According to the findings of the statistical analysis, the KNN, RF, and CNN-GRU approaches were successful in achieving an R2 > 99%. This was demonstrated by the fact that the approach was able to handle previously unknown threats in the industrial control systems (ICSs) environment.

environmental sciences,environmental studies,green & sustainable science & technology

Yidong Jia,Fuhong Lin,Yan Sun

DOI: https://doi.org/10.1049/cmu2.12744

IF: 1.345

2024-03-03

IET Communications

Abstract:This paper proposes a new federated learning aggregation algorithm called Fed‐dynamic gravitational search algorithm (Fed‐DGSA). This algorithm enhances the aggregation efficiency of the federated learning global model and, through simulations, it has been verified that it improves the detection accuracy of the model. Nowadays, the development of Artificial Intelligence of Things (AIoT) is advancing rapidly, and intelligent devices are increasingly exposed to more security risks on the network. Deep learning‐based intrusion detection is an effective security defence approach. Federated learning (FL) is capable of enabling deep learning models to be trained on local clients without uploading their data to a central server. This paper proposes a novel federated learning aggregation algorithm called fed‐dynamic gravitational search algorithm (Fed‐DGSA), which incorporates the GSA algorithm to optimize the weight updating process of FL local models. During the updating process, the decay rate of the gravity coefficient is optimized and random perturbations and dynamic weights are introduced to ensure a more stable and efficient FL aggregation process. The experimental results show that the detection accuracy of Fed‐DGSA has reached about 97.8%, and it is demonstrated that the model trained using Fed‐DGSA achieves higher accuracy compared to Fed‐Avg.

engineering, electrical & electronic

Kai Jin,Lei Zhang,Yujie Zhang,Duo Sun,Xiaoyuan Zheng

DOI: https://doi.org/10.3390/electronics12204329

IF: 2.9

2023-10-19

Electronics

Abstract:The current mainstream intrusion detection models often have a high false negative rate, significantly affecting intrusion detection systems' (IDSs) practicability. To address this issue, we propose an intrusion detection model based on a multi-scale one-dimensional convolutional neural network module (MS1DCNN), an efficient channel attention module (ECA), and two bidirectional long short-term memory modules (BiLSTMs). The proposed hybrid MS1DCNN-ECA-BiLSTM model uses the MS1DCNN module to extract features with a different granularity from the input data and uses the ECA module to enhance the weight of important features. Finally, the model carries out sequence learning through two BiLSTM layers. We use the dung beetle optimizer (DBO) to optimize the hyperparameters in the model to obtain better classification results. Additionally, we use the synthetic minority oversampling technique (SMOTE) to fill several samples to reduce the local false negative rate. In this paper, we train and test the model using accurate network data from a water storage industrial control system. In the multi-classification experiment, the model's accuracy was 97.04%, the precision was 97.17%, and the false negative rate was 2.95%; in the binary classification experiment, the accuracy and false negative rate were 99.30% and 0.7%. Compared with other mainstream methods, our model has a higher score. This study provides a new algorithm for the intrusion detection of industrial control systems.

engineering, electrical & electronic,computer science, information systems,physics, applied

Zhiguo Qu,Zihong Cai

DOI: https://doi.org/10.1109/jiot.2024.3410871

IF: 10.6

2024-09-03

IEEE Internet of Things Journal

Abstract:Federated learning (FL)-based intrusion detection systems (IDSs) for vehicle road cooperation have attracted significant attention in recent years. However, the nonindependent and identically distributed (Non-IID) data across different edge devices, coupled with uneven computational power, impedes the detection accuracy and efficiency of FL-based IDSs deployed on such devices. To address these issues, this study introduces an efficient IDS to protect privacy of vehicle users using an improved residual network and a novel FL framework, named FEDSA-ResnetV2. First, the improved residual network SA-ResnetV2 is proposed, which adopts a core submodule named SA-ResnetV2-depthwise (SRD) that integrates the advantages of MobileNetV2, ShuffleNet V2, and Self-Attention mechanism for capturing key features of traffic data to effectively detect attacks. Second, the novel FL framework is built, which selects the optimal model globally to enhance detection accuracy, and integrates 8-bit post-quantization technique for resource-efficient edge deployment. To further improve FL training efficiency, an early stopping mechanism is employed. Experimental results show that FEDSA-ResnetV2 outperforms 11 recent Non-FL baselines and 3 state-of-the-art FL baselines in detection performance on three data sets, achieving a maximum performance increase of up to 34%. In terms of execution efficiency, it surpasses the optimal baseline in inference time, model size, mFlops, and parameters, reducing them by up to 72.6 times.

computer science, information systems,telecommunications,engineering, electrical & electronic

Malathy N,Shree Harish Kumar G,Sriram R,Jebocen Immanuel Raj NR

DOI: https://doi.org/10.1007/s11042-024-18379-6

IF: 2.577

2024-02-17

Multimedia Tools and Applications

Abstract:A major concern for Industry 4.0 is security issues because of several new cyber-security risks. In recent eras, various Deep Learning methods have been applied for intrusion Detection. On the other hand, these methods have to send the data to the centralized unit. This may alarm various problems associated with efficiency, privacy, and response duration. Furthermore, the data generated by the Internet of Things (IoT) gadgets are more and it is challenging to receive the labeled data as labeling the data is more time-consuming and expensive. This Masquerade several issues to the Deep Learning methods where labeled data is required. To prevail over these challenges a new mechanism has to be acquired. This paper proposes a new federated transfer semisupervised learning approach that takes both labeled and unlabelled data cooperatively. In the first phase, the data is preprocessed, and normalized, and optimal features are selected using Walrus optimization. In the second phase, to learn the representative and less dimensional features an autoencoder(AE) is trained on every gadget using private or local unlabeled data. Then the centralized cloud server aggregates the local model into a global autoencoder by applying Federated Transfer Learning (FTL). In the end, the cloud server consists of a semisupervised neural network with fully connected network layers to the global encoder which in turn trains the model with the readily available tagged data. Experiments were carried out with real-world industrial datasets and the proposed model ensures more privacy without sharing the local data, improved classification performance even with less tagged data, and less overhead in communication.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Shaashwat Agrawal,Sagnik Sarkar,Ons Aouedi,Gokul Yenduri,Kandaraj Piamrat,Sweta Bhattacharya,Praveen Kumar Reddy Maddikunta,Thippa Reddy Gadekallu

DOI: https://doi.org/10.48550/arXiv.2106.09527

2021-06-16

Abstract:The rapid development of the Internet and smart devices trigger surge in network traffic making its infrastructure more complex and heterogeneous. The predominated usage of mobile phones, wearable devices and autonomous vehicles are examples of distributed networks which generate huge amount of data each and every day. The computational power of these devices have also seen steady progression which has created the need to transmit information, store data locally and drive network computations towards edge devices. Intrusion detection systems play a significant role in ensuring security and privacy of such devices. Machine Learning and Deep Learning with Intrusion Detection Systems have gained great momentum due to their achievement of high classification accuracy. However the privacy and security aspects potentially gets jeopardised due to the need of storing and communicating data to centralized server. On the contrary, federated learning (FL) fits in appropriately as a privacy-preserving decentralized learning technique that does not transfer data but trains models locally and transfers the parameters to the centralized server. The present paper aims to present an extensive and exhaustive review on the use of FL in intrusion detection system. In order to establish the need for FL, various types of IDS, relevant ML approaches and its associated issues are discussed. The paper presents detailed overview of the implementation of FL in various aspects of anomaly detection. The allied challenges of FL implementations are also identified which provides idea on the scope of future direction of research. The paper finally presents the plausible solutions associated with the identified challenges in FL based intrusion detection system implementation acting as a baseline for prospective research.

Cryptography and Security,Machine Learning

Zouhair Chiba,Noreddine Abghour,Khalid Moussaid,Amina El omri,Mohamed Rida

DOI: https://doi.org/10.1016/j.cose.2019.06.013

2019-09-01

Abstract:<p>The appealing features of Cloud Computing continue to fuel its adoption and its integration in many sectors such industry, governments, education and entertainment. Nevertheless, uploading sensitive data to public cloud storage services poses security risks such as integrity, availability and confidentiality to organizations. Moreover, the open and distributed (decentralized) structure of the cloud has resulted this class of computing, prone to cyber attackers and intruders. Thereby, it is imperative to develop an anomaly network intrusion system to detect and prevent both inside and outside assaults in cloud environment with high detection precision and low false warnings. In this work, we propose an intelligent approach to build automatically an efficient and effective Deep Neural Network (DNN) based anomaly Network IDS using a hybrid optimization framework (IGASAA) based on Improved Genetic Algorithm (IGA) and Simulated Annealing Algorithm (SAA). The IDS resulted is called "MLIDS" (Machine Learning based Intrusion Detection System). Genetic Algorithm (GA) is improved through optimization strategies, namely Parallel Processing and Fitness Value Hashing, which reduce execution time, convergence time and save processing power. Moreover, SAA was incorporated to IGA with the aim to optimize its heuristic search. Our approach consists of using IGASAA in order to search the optimal or near-optimal combination of most relevant values of the parameters included in construction of DNN based IDS or impacting its performance, like feature selection, data normalization, architecture of DNN, activation function, learning rate and Momentum term, which ensure high detection rate, high accuracy and low false alarm rate. For simulation and validation of the proposed method, CloudSim 4.0 simulator platform and three benchmark IDS datasets were used, namely CICIDS2017, NSL-KDD version 2015 and CIDDS-001. The implementation results of our model demonstrate its ability to detect intrusions with high detection accuracy and low false alarm rate, and indicate its superiority in comparison with state-of-the-art methods.</p>

computer science, information systems

Zhigang Jin,Junyi Zhou,Bing Li,Xiaodong Wu,Chenxu Duan

DOI: https://doi.org/10.1016/j.future.2023.09.019

IF: 7.307

2023-09-20

Future Generation Computer Systems

Abstract:With the advantage of analyzing data of multiple work sites comprehensively while ensuring data privacy, federated learning-based intrusion detection systems (IDS) are emerging as a distributed intrusion detection paradigm. Most of these IDS are assumed to work on static data. However, in the actual network environment, the practice of setting data as static will lead to the phenomenon known as catastrophic forgetting, where old classes that have already appeared would be forgotten. In this paper, we propose a novel IDS framework called FL-IIDS to effectively address the catastrophic forgetting problem. Firstly, a new loss function is synthetically designed for local model training. With the new function, the class gradient balance loss function assigns different learning weights to data of the new and old classes so that the learning rate of the new classes would decrease and the memory of the overall old classes would be deepened. Moreover, the sample label smoothing loss function leverages the knowledge distillation method to enhance the local model memory for every specific class of old classes. Secondly, the relay client fusing sample reconstruction is employed to mitigate the spread of catastrophic forgetting globally without compromising data privacy. Extensive experimental results on the UNSW-NB15 dataset and the CICIDS2018 dataset show that our proposed framework improves the memory capability for old classes substantially without affecting the detection effectiveness of the IDS for new classes.

computer science, theory & methods