Göwfeda Novel Federated Network Intrusion Detection System

Belenguer, Aitor; Pascual, José Antonio; Navaridas, Javier

doi:10.2139/ssrn.4261807

Cited by 15 publications

(8 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Te authors reported an accuracy of 99.48%. Belenguer et al [41] proposed the GowFed to detect threats in industrial-level networks. Tis is a combination of federated learning and Gower dissimilarity matrices.…”

Section: Federated Learning For Security Monitoring In 5gmentioning

confidence: 99%

Balancing Data Privacy and 5G VNFs Security Monitoring: Federated Learning with CNN + BiLSTM + LSTM Model

Maiga,

Ataro,

Githinji

2024

Journal of Electrical and Computer Engineering

View full text Add to dashboard Cite

The cloudification of telecommunication network functions with 5G is a novelty that offers higher performance than that of previous generations. However, these virtual network functions (VNFs) are exposed to internet threats when hosted in the cloud, resulting in new security challenges. Another fact is that many VNFs vendors with different security policies will be implied in 5G deployment, creating a heterogeneous 5G network. The authorities also require data privacy enhancement in 5G deployment and there is the fact that mobile operators need to inspect data for malicious traffic detection. In this situation, how can network traffic inspections be conducted effectively without infringing on data privacy? This study addresses this gap by proposing a novel state-of-the-art hybrid deep neural network that combines a convolutional neural network (CNN) stacked to bidirectional long short-term memory (BiLSTM) and unidirectional long short-term memory (LSTM) for the deep inspection of network flow for malicious traffic detection. The approach utilizes federated learning (FL) to facilitate multiple VNFs vendors to collaboratively train the proposed model without sharing VNFs’ raw data, which can mitigate the risk of data privacy violation. The proposed framework incorporates transport layer security (TLS) encryption to prevent data tempering or man-in-the-middle attacks between VNFs. The framework was validated through simulation using open-access benchmark datasets (InSDN and CICIDS2017). They achieved 99.99% and 99.58% accuracy and 0.048% and 0.617% false-positive rates for the InSDN and CICIDS2017 datasets, respectively, for FL. This study demonstrates the potential of hybrid deep learning-based FL for heterogeneous 5G network VNFs security monitoring.

show abstract

Section: Federated Learning For Security Monitoring In 5gmentioning

confidence: 99%

Balancing Data Privacy and 5G VNFs Security Monitoring: Federated Learning with CNN + BiLSTM + LSTM Model

Maiga,

Ataro,

Githinji

2024

Journal of Electrical and Computer Engineering

View full text Add to dashboard Cite

show abstract

“…The Unisa Malware Dataset (UMD) was utilized by [110], while the CICIDS2017 dataset found attention from [81,111]. Multiple authors were involved in studying the TON_IoT dataset [55,83,84,90,93,94,112], while on N-BaIoT dataset [112], MNIST dataset [91], Edge-IIoTset dataset [77,92], CIC_IoT dataset [80], CSE-CIC-IDS dataset [113]. The SCADA dataset [88,89], NF-BoT-IoT-v2 dataset [114], while BoT-IoT dataset [79,86,95], MQTT dataset [115], and the Power Demand dataset [85].…”

Section: Table VI Analysis Of Most Popular Dataset For Aids Modelingmentioning

confidence: 99%

“…It deftly translates data into a tapestry of probabilities, assigning each class a likelihood based on the elegant equation: log(P(Y=k|X))/(1-P(Y=k|X)) = β₀ + β₁X₁ + ... + βₚXₚ, where P(Y=k|X) embodies the probability of reaching outcome k given data X and βs represent the nuanced weights assigned to each feature's influence. Toy classifiers [90], serving as training controls in this classification models, offer rudimentary decision rules, laying the groundwork for comprehending more algorithms that are intricate. Finally, in one-class SVMs stand as unsupervised approach [111], vigilantly guarding the borders of normalcy within the data.…”

Section: Classification Modelsmentioning

confidence: 99%

“…Also, they are made to enable the training of a global model while also preserving the privacy of data from individual devices [133]. Notably, Federated Averaging (FedAvg) [77,81,84,87,90,95,112,114], Federated+ (Fed+) [120], and Federated Stochastic Gradient Decent (FedSGD) [78,79,91] are the answer for RQ6, specifically identified three aggregation functions that are commonly employed in Fed-AIDS modeling on IoT devices. Figure 7 depicts these aggregation functions as appeared in the reviewed studies.…”

Section: E Aggregation Functionsmentioning

confidence: 99%

See 1 more Smart Citation

Review on Approaches of Federated Modeling in Anomaly-Based Intrusion Detection for IoT Devices

Isma’ila,

Danyaro,

Muazu

et al. 2024

IEEE Access

View full text Add to dashboard Cite

The novelty of Federated Learning (FL) has emerged as a promising alternative to centralized machine learning systems in the context of Anomaly-Based Intrusion Detection Systems (AIDS) deployed on Internet of Things (IoT) devices. Unlike traditional centralized models, FL allows on-device model training and updates, reducing privacy concerns and issues like single points of failure and high false alarm rates (FAR). This approach, termed 'Fed-AIDS,' offers a more secure and efficient solution. However, the development of Fed-AIDS models faces challenges related to limited training data and the diverse nature of IoT datasets. Additionally, FL's decentralized nature introduces weight divergence issues arising from non-Independently and Identically Distributed (non-IID) clients. To address these challenges and optimize Fed-AIDS modeling, interdisciplinary research efforts are vital. The primary objective of this study is to conduct an up-to-date review by adopting a Systematic Literature Review (SLR) approach to analyze existing studies of Fed-AIDS modeling procedures for IoT devices. Data from the published studies were retrieved from Scopus database, which covered major publishers like IEEE, Elsevier and others. Specifically, our review conducted from the following Fed-AIDS perspectives: workflow and tools, training dataset, complexities of non-IID data in Fed-AIDS models, classification tasks, aggregation tasks, and model validation metrics. Based on the research findings, the study highlights a series of challenges and proposes potential solutions to stand in future research in Fed-AIDS modeling, aiming to advance the field of IoT device security.

show abstract

“…Zhao et al [9] proposed an intrusion detection method based on semi-supervised cross-device FL, which utilizes unlabeled open data to improve classifier performance. GöwFed [10] is an industrial-level network threat detection system that incorporates gower dissimilarity matrices and federated averaging. XGBoost [11] is a cross-silo FL approach combining anonymity-based data aggregation and local differential privacy in anomaly detection.…”

Section: Challenging Issues and Related Workmentioning

confidence: 99%

Blockchain-Assisted Cross-silo Graph Federated Learning for Network Intrusion Detection

Shen,

Zhou,

Wang

et al. 2023

Preprint

View full text Add to dashboard Cite

In this paper, a blockchain-assisted cross-silo graph federated learning (B-CGFL) framework is presented for large-scale network intrusion detection, aiming to break down barriers among different organizations and achieve a secure and transparent multi-party collaboration ecosystem. The network scenario is divided into multiple regions. Organizations in each region leverage graph neural networks to analyze local network flow topology information and identify traffic types accurately. With cross-silo graph federated learning, coordinators and organizations collaboratively complete the training and updating of global intrusion detection models. Multiple coordinators jointly maintain a chain to improve the global model’s scalability and storage security. Oracle nodes bridge the off-chain data provider and on-chain smart contracts, enabling secure transmission in off-chain model accuracy testing. For fair competition, a reputation-aware model incentive mechanism is designed to improve global model quality. Security analysis confirms that B-CGFL can defend against inference attacks, model plagiarism, and tampering with model test results. Experiments on three challenging datasets ToN-IoT, CSE-CIC-IDS2018, and BoT-IoT demonstrate that compared with benchmark machine learning methods, B-CGFL exhibits superior performance in accuracy and F1-score and facilitates model quality improvement.

show abstract

Göwfeda Novel Federated Network Intrusion Detection System

Cited by 15 publications

References 33 publications

Balancing Data Privacy and 5G VNFs Security Monitoring: Federated Learning with CNN + BiLSTM + LSTM Model

Balancing Data Privacy and 5G VNFs Security Monitoring: Federated Learning with CNN + BiLSTM + LSTM Model

Review on Approaches of Federated Modeling in Anomaly-Based Intrusion Detection for IoT Devices

Blockchain-Assisted Cross-silo Graph Federated Learning for Network Intrusion Detection

Contact Info

Product

Resources

About