NIDS-FLGDP: Network Intrusion Detection Algorithm Based on Gaussian Differential Privacy Federated Learning

Abstract

As a widely used network security defense technology, network intrusion detection has more deep learning methods used to improve the performance of intrusion detection. However, this method requires a large-scale network traffic data set for training, increasing privacy leakage risk. In this paper, a network intrusion detection algorithm based on Gaussian differential privacy federated learning (NIDS-FLGDP) is proposed. NIDS-FLGDP adopts the client–server architecture of federated learning, introduces the differential privacy of the Gaussian mechanism to ensure the security of the calculation process, uses the improved FedAvg algorithm to reduce communication overhead, and uses the improved 1D CNN to participate in collaborative training for the local model. Optimal parameters for Gaussian differential privacy and the optimal number of participating clients were determined from experiments. Model accuracy rates for binary classification and multi-classification training NIDS-FLGDP are 0.97, 0.975, 0.97 and 0.97, 0.985, 0.96, respectively, for KDD CUP99, NSL_KDD, and UNSW_NB15 network intrusion detection datasets. The results show that NIDS-FLGDP improves intrusion detection performance while protecting network traffic privacy compared with the previous methods. Its applicability and effectiveness have been fully verified, which provides a practical reference for the safe processing and analysis of a large number of diversified network traffic data in the future.