Abstract
Predominant network intrusion detection systems (NIDS) aim to identify malicious traffic patterns based on a handcrafted dataset of rules. Recently, the application of machine learning in NIDS helps alleviate the enormous effort of human observation. Federated learning (FL) is a collaborative learning scheme concerning distributed data. Instead of sharing raw data, it allows a participant to share only a trained local model. Despite the success of existing FL solutions, in NIDS, a network's traffic data distribution does not always fit into the single global model of FL; some networks have similarities with each other but other networks do not. We propose Segmented-Federated Learning (Segmented-FL), where by employing periodic local model evaluation and network segmentation, we aim to bring similar network environments to the same group. A comparison between FL and our method was conducted against a range of metrics including the weighted precision, recall, and F1 score, using a collected dataset from 20 massively distributed networks within 60 days. By studying the optimized hyperparameters of Segmented-FL and employing three evaluation methods, it shows that Segmented-FL has better performance in all three types of intrusion detection tasks, achieving validation weighted F1 scores of 0.964, 0.803, and 0.912 with Method A, Method B, and Method C respectively. For each method, this scheme shows a gain of 0.1%, 4.0% and 1.1% in performance compared with FL.
Highlights
N ETWORK intrusion detection strategies existing in current systems have been revealing issues of low adaptivity to network traffic from various network environments
A device connected to a port of the switching hub or the router was used for collecting network traffic in the local area network (LAN) (Fig. 7)
We studied and applied a total of 60 days’ network traffic data from 20 participants’ LANs, from 1st October to 29th November in 2019
Summary
N ETWORK intrusion detection strategies existing in current systems have been revealing issues of low adaptivity to network traffic from various network environments. The scheme of federated learning (FL) was first proposed by Google to solve problems of data scarcity and privacy in the field of machine learning [1]. This scheme has been employed in applications such as image recognition, natural language processing, cybersecurity, and so on. It showed that by using this scheme, users could share intelligence on a machine learning task with each other, whereas without disclosing their raw data. Different from all users training a model under the single global model at the central server in FL, Segmented - FL has a feature that each segmented group of users is arranged with a specified global model for adaptive learning
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
