Federated learning for 5G and beyond, a blessing and a curse- an experimental study on intrusion detection systems

Abstract

5G's service providers now leverage Deep Learning (DL) to automate their network slice management, provisioning, and security. To this end, each slice owner contributes data to feed a common dataset used to train centralized learning models. However, this method raises privacy considerations that prevent its usage. Therefore, Federated learning (FL), a collaborative approach that ensures data privacy, is being investigated while striving toward the same performance as centralized learning. As 5G and beyond services are so diverse, the local slice's data is not intended to reflect the entire data distribution. Thus, local data of slices are Non-Independently and non-Identically distributed (Non-IID), posing a challenge for FL-based models. In this paper, we investigate the use of FL to secure network slices and detect potential attacks. For that purpose, we first propose an architecture for deploying intrusion detection systems (IDSs) in 5G and beyond networks. Next, we thoroughly evaluate the latest state-of-art FL algorithms, including FedAvg, FedProx, FedPer, and SCAFFOLD, in the context of Independently and Identically Distributed (IID) and Non-IID data distributions. We compare these FL models to centralized and local DL models. We find that SCAFFOLD outperforms all the other FL algorithms and ensures a stable learning loss convergence, a promising finding that strengthens the case for leveraging FL in IDS development. Nevertheless, none of the FL models could achieve the centralized model's performance in Non-IID scenarios.