Federated Learning-Based Intrusion Detection on Non-IID Data

Abstract

AbstractIntrusion detection is an effective means to deal with network attacks. Currently, the commonly used detection methods are based on machine learning. However, traditional machine learning-based methods are centralized architectures that require uploading data to cloud servers, which face serious latency and data security issues. Federated learning (FL) can collaboratively train a machine learning model with good performance while the data is kept locally on the client, which can effectively make up for the shortcomings of the centralized architecture. Most of the current research on using FL methods in machine learning-based intrusion detection ideally consider the data to be independent and identically distributed (IID), which doesn’t conform to real scenarios. In the real world, due to the different environment of the client, the types of attacks contained in the data owned by each client may be different. Therefore, we study the effects of various non-independent and identically distribution (non-IID) settings on FL in detail and give specific partitioning methods. In addition, we also propose a FL data rebalancing method based on auxiliary classifier generative adversarial networks (ACGAN), which is experimentally validated on the UNSW-NB15 dataset. Experiments show that the proposed data augmentation method can well improve the impact of non-IID data on FL.KeywordsFederated learningIntrusion detectionNon independent identically distributedData augmentationACGAN