Abstract
Detecting intrusions in modern network infrastructures is challenging because of the growing size and, along with it, the increasing complexity of structure. While several approaches try to cope with those challenges, few address problems arising from heterogeneity and changes within those infrastructures.
We present a self-forming community approach that integrates federated learning (FL) with distributed intrusion detection systems based on anomaly detection. It autonomously separates the anomaly detection models into communities at runtime with the goal of mutual information exchange using FL techniques to improve detection accuracy. Community formation is realized via the introduction of a similarity score between each pair of models, indicating which models would profit from aggregation. Through a re-evaluation of the similarity score during runtime, changes in the deployed infrastructure can be considered, and the communities adapted. Our experiments show our approach reported no false alarms when evaluated with a real-world dataset and an intrusion detection rate of up to 97%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
- 4.
ISO/IEC 30141:2018.
References
Agrawal, S., et al.: Federated learning for intrusion detection system: concepts, challenges and future directions (2021)
Barry, B.I., Chan, H.A.: Intrusion detection systems. In: Handbook of Information and Communication Security, pp. 193–205. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-04117-4_10
Briggs, C., Fan, Z., Andras, P.: Federated learning with hierarchical clustering of local updates to improve training on non-IID data. In: 2020 International Joint Conference on Neural Networks (IJCNN), pp. 1–9 (2020). https://doi.org/10.1109/IJCNN48605.2020.9207469
Cho, K., van Merrienboer, B., Bahdanau, D., Bengio, Y.: On the properties of neural machine translation: encoder-decoder approaches (2014)
Cordero, C.G., Vasilomanolakis, E., Mühlhäuser, M., Fischer, M.: Community-based collaborative intrusion detection. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICST, vol. 164, pp. 665–681. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28865-9_44
GarcÃa-Teodoro, P., DÃaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1), 18–28 (2009). https://doi.org/10.1016/j.cose.2008.08.003, https://www.sciencedirect.com/science/article/pii/S0167404808000692
Kairouz, P., et al.: Advances and open problems in federated learning (2021)
McMahan, B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A.Y.: Communication-efficient learning of deep networks from decentralized data. In: Singh, A., Zhu, J. (eds.) Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. Proceedings of Machine Learning Research, vol. 54, pp. 1273–1282. PMLR, 20–22 April 2017. https://proceedings.mlr.press/v54/mcmahan17a.html
Nguyen, T.D., Marchal, S., Miettinen, M., Fereidooni, H., Asokan, N., Sadeghi, A.R.: DIoT: a federated self-learning anomaly detection system for IoT. In: 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pp. 756–767 (2019). https://doi.org/10.1109/ICDCS.2019.00080
Nguyen, T.D., et al.: FLAME: taming backdoors in federated learning. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 1415–1432 (2022)
Roy, A.G., Siddiqui, S., Pölsterl, S., Navab, N., Wachinger, C.: Brain0: a peer-to-peer environment for decentralized federated learning. CoRR abs/1905.06731 (2019). http://arxiv.org/abs/1905.06731
Saadat, H., Aboumadi, A., Mohamed, A., Erbad, A., Guizani, M.: Hierarchical federated learning for collaborative IDS in IoT applications. In: 2021 10th Mediterranean Conference on Embedded Computing (MECO), pp. 1–6. IEEE, Budva, Montenegro (2021). https://doi.org/10.1109/MECO52532.2021.9460304, https://ieeexplore.ieee.org/document/9460304/
Sun, Y., Ochiai, H., Esaki, H.: Intrusion detection with segmented federated learning for large-scale multiple LANs. In: 2020 International Joint Conference on Neural Networks (IJCNN), pp. 1–8. IEEE, Glasgow, United Kingdom (2020). https://doi.org/10.1109/IJCNN48605.2020.9207094, https://ieeexplore.ieee.org/document/9207094/
Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., Fischer, M.: Taxonomy and survey of collaborative intrusion detection. ACM Comput. Surv. 47(4), 1–33 (2015). https://doi.org/10.1145/2716260
Vasilomanolakis, E., Krügl, M., Cordero, C.G., Mühlhäuser, M., Fischer, M.: SkipMon: a locality-aware collaborative intrusion detection system. In: 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), pp. 1–8 (2015). https://doi.org/10.1109/PCCC.2015.7410282
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Eichhammer, P., Reiser, H.P. (2024). A Self-forming Community Approach for Intrusion Detection in Heterogeneous Networks. In: Fritsch, L., Hassan, I., Paintsil, E. (eds) Secure IT Systems. NordSec 2023. Lecture Notes in Computer Science, vol 14324. Springer, Cham. https://doi.org/10.1007/978-3-031-47748-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-47748-5_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47747-8
Online ISBN: 978-3-031-47748-5
eBook Packages: Computer ScienceComputer Science (R0)