Federated-Learning-Empowered Semi-Supervised Active Learning Framework for Intrusion Detection in ZSM

Abstract

Exponential growth of novel radical applications and services in sixth-generation (6G) networks is expected to increase the complexity of managing existing network infrastructures. In this context, the zero touch network and service management (ZSM) paradigm, which leverages AI, SDN, and NFV techniques, is seen as a promising solution to automatically manage and orchestrate network resources. However, due to the closed-loop operation and automated end-to-end framework in a distributed 6G network, the ZSM architecture, along with its potential benefits, is exposed to various security threats. A recently proposed solution to address privacy concerns is federated learning (FL), whereby distributed training is performed, and the aggregated model parameters, instead of clients' raw data, are forwarded to the global server. However, most of the existing FL and semi-supervised learning (SSL) models for intrusion detection are based on the assumption that fully labeled data are always available at the server and client sides, which is not practical due to the high labeling costs and privacy constraints in the 6G network. In this article, we propose a novel FL-empowered semi-supervised active learning (FL-SSAL) security orchestration framework for the Label-at-Client scenario where, along with unlabeled samples, clients have a small portion of labeled data. The entropy-based active learning selects the most informative samples for data annotation and leverages the unlabeled data using a semi-supervised approach. The results of our experimental evaluations performed on the private, not independent and identically distributed (non-IID) dataset demonstrate that FL-SSAL achieves higher intrusion detection accuracy and has less communication overhead than baseline schemes with less labeled data.