EEFED: Personalized Federated Learning of Execution&Evaluation Dual Network for CPS Intrusion Detection

Abstract

In the modern interconnected world, intelligent networks and computing technologies are increasingly being incorporated in industrial systems. However, this adoption of advanced technology has resulted in increased cyber threats to cyber-physical systems. Existing intrusion detection systems are continually challenged by constantly evolving cyber threats. Machine learning algorithms have been applied for intrusion detection. In these techniques, a classification model is trained by learning cyber behavior patterns. However, these models typically require considerable high-quality datasets. Limited attack samples are available because of the unpredictability and constant evolution of cyber threats. To address these problems, we propose a novel federated Execution & Evaluation dual network framework (EEFED), which allows multiple federal participants to personalize their local detection models undermining the original purpose of Federated Learning. Thus, a general global detection model was developed for collaboratively improving the performance of a single local model against cyberattacks. The proposed personalized update algorithm and the optimizing backtracking parameters replacement policy effectively reduced the negative influence of federated learning in imbalanced and non-i.i.d distribution of data. The proposed method improved model stability. Furthermore, extensive experiments conducted on a network dataset in various cyber scenarios revealed that the proposed method outperformed single model and state-of-the-art methods.