Federated reinforcement learning based intrusion detection system using dynamic attention mechanism

Abstract

Due to the recent advancements in the Internet of Things (IoT) and cloud computing technologies, the detection and prevention of intrusions in enterprise networks have become a crucial and challenging task. Real-time monitoring of network traffic and resources is required to protect those networks from intrusions. An Intrusion Detection System (IDS) analyses the data packets from the network and the system-level applications to detect any malicious activity. However, existing IDSs require all the data, collected at different network nodes, to be collated at one central location to perform the analysis for any model development. This approach hampers the data privacy at the network nodes as the data needs to be shared with other nodes. Furthermore, many of the existing IDSs are unable to adapt to evolving attack patterns, which may result in poor network vulnerability detection and significant degradation in the performance of the systems. To address these limitations, we present a Federated Deep Reinforcement Learning-based IDS in which multiple agents are deployed on the network in a distributed fashion, and each of these agents runs a Deep Q-Network logic. We considered the data privacy concerns of each agent while designing the system. In our system, the data at each agent node is not shared with any other nodes. At the same time, however, all the agents in the system benefit, via the attention weighted model aggregation process, from the distribution and pattern of the data available at all the other agents. We have also developed an attention mechanism that dynamically determines attention value of an agent, which is used in the model aggregation process. Our model can be scaled to large networks and is resistant to hardware or network failures at any agent node. We have tested and evaluated our proposed system on the cloud-based ISOT-CID dataset and the standard benchmark NSL-KDD dataset. The experimental findings demonstrate the performance and robustness of our proposed model in terms of metrics like accuracy, precision, false-positive rate, and area under the ROC curve.