A novel Federated Learning method with Domain Adaptation and Model Selection for Intrusion Detection-Reference-Cited by-同舟云学术

A novel Federated Learning method with Domain Adaptation and Model Selection for Intrusion Detection

Published:2024-07-24 Issue: Volume: Page:
ISSN:
Container-title:
language:
Short-container-title:

Author:

Li Xiaoyu¹,Su Kai²,Liu Jingjing¹,Wu Weifei¹,Bao Liying¹

Affiliation:

1. Beijing Institute of Remote Sensing Equipment

2. Academy of China Chang Feng Electro-Mechanical Technology

Abstract

At present, the intrusion detection data of a single organization is insufficient, the intrusion detection data of each organization cannot meet the conditions of independent and identical distribution, and the distribution of each organization in different geographical locations will also cause the transmission difficulties of data and data leakage problems, which poses a huge challenge to the existing intrusion detection methods based on machine learning. To remedy the problem, a novel Federated Learning Algorithm with Domain Adaptation and Model Selection for Intrusion Detection (FEDTLDAM) is proposed in this paper. FEDTLDAM uses the proposed transfer deep learning model under the federation learning framework to train the local learning model on each organization's local intrusion detection data (source domain) and the global model of the public server (target), and t the designed local model selection method was used to select the local model. Only the local model parameters that meet the conditions are uploaded to the public cloud server to share the knowledge of each organization model, improve the intrusion detection effect of the target model, and ensure the security and privacy of the data of each organization. The domain adaptation strategy of the transfer deep learning model not only considers the difference of distribution between marginal probability and conditional probability, but also utilized the designed weighted method to measure the importance of the above two distribution differences to improve the model learning effect. The model selection method reduces the influence of bad local models, reduces the communication overhead, and improves the global model detection performance. The proposed algorithm FEDTLDAM is verified by experiments on three intrusion detection datasets ISCX2012, NSL-KDD and CICIDS2017, and the results show that compared with the benchmark algorithms, the proposed method has significantly improved the detection accuracy, training efficiency and other key performance indicators. In addition, FEDTLDAM also has good ability of generalization and data privacy protection, and significant application potential in the field of network security.

Publisher

Springer Science and Business Media LLC

Reference25 articles.

1. An Efficient Federated Learning System for Network Intrusion Detection [J];Li Jianbin;IEEE Systems Journal,2023

2. Wang H, Gu J, Wang S. An effective intrusion detection framework based on SVM with feature augmentation[J]. Knowledge-Based Systems, 2017.

3. An intrusion detection method based on active transfer learning[J];Li J;Intelligent Data Analysis,2020

4. Gu J, Lu S. An effective intrusion detection approach using SVM with nave Bayes feature embedding[J]. Computers & Security, 2020, 103(3):102158.

5. A Convolutional Neural Network for Improved Anomaly-Based Network Intrusion Detection[J];Altwaijry Najwa;Big Data,2021