skip to main content
10.1145/3368926.3369705acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoictConference Proceedingsconference-collections
research-article

Multi-Task Network Anomaly Detection using Federated Learning

Published: 04 December 2019 Publication History

Abstract

Because of the complexity of network traffic, there are various significant challenges in the network anomaly detection fields. One of the major challenges is the lack of labeled training data. In this paper, we use federated learning to tackle data scarcity problem and to preserve data privacy, where multiple participants collaboratively train a global model. Unlike the centralized training architecture, participants do not need to share their training to the server in federated learning, which can prevent the training data from being exploited by attackers. Moreover, most of the previous works focus on one specific task of anomaly detection, which restricts the application areas and can not provide more valuable information to network administrators. Therefore, we propose a multi-task deep neural network in federated learning (MT-DNN-FL) to perform network anomaly detection task, VPN (Tor) traffic recognition task, and traffic classification task, simultaneously. Compared with multiple single-task models, the multi-task method can reduce training time overhead. Experiments conducted on well-known CICIDS2017, ISCXVPN2016, and ISCXTor2016 datasets, show that the detection and classification performance achieved by the proposed method is better than the baseline methods in centralized training architecture.

References

[1]
Jasmin Kevric, Samed Jukic, and Abdulhamit Subasi. An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Computing and Applications, 28(1):1051--1058, 2017.
[2]
Rana Aamir Raza Ashfaq, Xi-Zhao Wang, Joshua Zhexue Huang, Haider Abbas, and Yu-Lin He. Fuzziness based semi-supervised learning approach for intrusion detection system. Information Sciences, 378:484--497, 2017.
[3]
Wathiq Laftah Al-Yaseen, Zulaiha Ali Othman, and Mohd Zakree Ahmad Nazri. Multilevel hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system. Expert Systems with Applications, 67:296--303, 2017.
[4]
Shui Yu, Wanlei Zhou, Weijia Jia, Song Guo, Yong Xiang, and Feilong Tang. Discriminating ddos attacks from flash crowds using flow correlation coefficient. IEEE Transactions on Parallel and Distributed Systems, 23(6):1073--1080, 2011.
[5]
Sahil Garg, Kuljeet Kaur, Neeraj Kumar, and Joel JPC Rodrigues. Hybrid deep-learning-based anomaly detection scheme for suspicious flow detection in sdn: A social multimedia perspective. IEEE Transactions on Multimedia, 21(3):566--578, 2019.
[6]
Nathan Shone, Tran Nguyen Ngoc, Vu Dinh Phai, and Qi Shi. A deep learning approach to network intrusion detection. IEEE Transactions on Emerging Topics in Computational Intelligence, 2(1):41--50, 2018.
[7]
Zhipeng Li, Zheng Qin, Kai Huang, Xiao Yang, and Shuxiong Ye. Intrusion detection using convolutional neural networks for representation learning. In International Conference on Neural Information Processing, pages 858--866. Springer, 2017.
[8]
Tuan A Tang, Lotfi Mhamdi, Des McLernon, Syed Ali Raza Zaidi, and Mounir Ghogho. Deep learning approach for network intrusion detection in software defined networking. In 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), pages 258--263. IEEE, 2016.
[9]
Yisroel Mirsky, Tomer Doitshman, Yuval Elovici, and Asaf Shabtai. Kitsune: an ensemble of autoencoders for online network intrusion detection. In Network and Distributed Systems Security Symposium (NDSS), 2018.
[10]
He Huang, Haojiang Deng, Jun Chen, Luchao Han, and Wei Wang. Automatic multi-task learning system for abnormal network traffic detection. International Journal of Emerging Technologies in Learning, 13(4), 2018.
[11]
Shahbaz Rezaei and Xin Liu. Multi-task learning for network traffic classification. arXiv preprint arXiv:1906.05248, 2019.
[12]
Haifeng Sun, Yunming Xiao, Jing Wang, Jingyu Wang, Qi Qi, Jianxin Liao, and Xiulei Liu. Common knowledge based and one-shot learning enabled multi-task traffic classification. IEEE Access, 7:39485--39495, 2019.
[13]
Zilong Lin, Yong Shi, and Zhi Xue. Idsgan: Generative adversarial networks for attack generation against intrusion detection. arXiv preprint arXiv:1809.02077, 2018.
[14]
Shui Yu, Song Guo, and Ivan Stojmenovic. Fool me if you can: Mimicking attacks and anti-attacks in cyberspace. IEEE Transactions on Computers, 64(1):139--151, 2013.
[15]
Jakub Konečny, H Brendan McMahan, Felix X Yu, Peter Richtárik, Ananda Theertha Suresh, and Dave Bacon. Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492, 2016.
[16]
Jakub Konečny, H Brendan McMahan, Daniel Ramage, and Peter Richtárik. Federated optimization: Distributed machine learning for on-device intelligence. arXiv preprint arXiv:1610.02527, 2016.
[17]
Evita Bakopoulou, Balint Tillman, and Athina Markopoulou. A federated learning approach for mobile packet classification. arXiv preprint arXiv:1907.13113, 2019.
[18]
H Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, et al. Communication-efficient learning of deep networks from decentralized data. arXiv preprint arXiv:1602.05629, 2016.
[19]
Qiang Yang, Yang Liu, Tianjian Chen, and Yongxin Tong. Federated machine learning: Concept and applications. ACM Transactions on Intelligent Systems and Technology (TIST), 10(2):12, 2019.
[20]
Reza Shokri and Vitaly Shmatikov. Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, pages 1310--1321. ACM, 2015.
[21]
Donna Xu, Yaxin Shi, Ivor W Tsang, Yew-Soon Ong, Chen Gong, and Xiaobo Shen. A survey on multi-output learning. arXiv preprint arXiv:1901.00248, 2019.
[22]
Yu Zhang and Qiang Yang. A survey on multi-task learning. arXiv preprint arXiv:1707.08114, 2017.
[23]
Wenyi Huang and Jack W Stokes. Mtnet: a multi-task neural network for dynamic malware classification. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 399--418. Springer, 2016.
[24]
Andrew L Maas, Awni Y Hannun, and Andrew Y Ng. Rectifier nonlinearities improve neural network acoustic models. In The 30th International Conference on Machine Learning, volume 30, page 3, 2013.
[25]
Inc The Tor Project. Tor: Anonymity online, 2015.
[26]
Jun Zhang, Xiao Chen, Yang Xiang, Wanlei Zhou, and Jie Wu. Robust network traffic classification. IEEE/ACM Transactions on Networking (TON), 23(4):1257--1270, 2015.
[27]
Diederik P. Kingma and Jimmy Ba. Adam: A method for stochastic optimization. In International Conference on Learning Representations, 2015.
[28]
Iman Sharafaldin, Arash Habibi Lashkari, and Ali A Ghorbani. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy, pages 108--116, 2018.
[29]
Gerard Draper-Gil, Arash Habibi Lashkari, Mohammad Saiful Islam Mamun, and Ali A Ghorbani. Characterization of encrypted and vpn traffic using time-related. In Proceedings of the 2nd international conference on information systems security and privacy (ICISSP'16), pages 407--414, 2016.
[30]
Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun, and Ali A Ghorbani. Characterization of tor traffic using time based features. In Proceedings of the 3rd international conference on information systems security and privacy (ICISSP'17), pages 253--262, 2017.

Cited By

View all
  • (2025)FADngs: Federated Learning for Anomaly DetectionIEEE Transactions on Neural Networks and Learning Systems10.1109/TNNLS.2024.335066036:2(2578-2592)Online publication date: Feb-2025
  • (2025)Semi-asynchronous federated learning-based privacy-preserving intrusion detection for advanced metering infrastructureInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2025.10074249(100742)Online publication date: Jul-2025
  • (2025)A comprehensive survey of Federated Intrusion Detection Systems: Techniques, challenges and solutionsComputer Science Review10.1016/j.cosrev.2024.10071756(100717)Online publication date: May-2025
  • Show More Cited By

Index Terms

  1. Multi-Task Network Anomaly Detection using Federated Learning

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    SoICT '19: Proceedings of the 10th International Symposium on Information and Communication Technology
    December 2019
    551 pages
    ISBN:9781450372459
    DOI:10.1145/3368926
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    In-Cooperation

    • SOICT: School of Information and Communication Technology - HUST
    • NAFOSTED: The National Foundation for Science and Technology Development

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 04 December 2019

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Deep Neural Networks
    2. Federated Learning
    3. Network Anomaly Detection

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    SoICT 2019

    Acceptance Rates

    Overall Acceptance Rate 147 of 318 submissions, 46%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)287
    • Downloads (Last 6 weeks)19
    Reflects downloads up to 20 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)FADngs: Federated Learning for Anomaly DetectionIEEE Transactions on Neural Networks and Learning Systems10.1109/TNNLS.2024.335066036:2(2578-2592)Online publication date: Feb-2025
    • (2025)Semi-asynchronous federated learning-based privacy-preserving intrusion detection for advanced metering infrastructureInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2025.10074249(100742)Online publication date: Jul-2025
    • (2025)A comprehensive survey of Federated Intrusion Detection Systems: Techniques, challenges and solutionsComputer Science Review10.1016/j.cosrev.2024.10071756(100717)Online publication date: May-2025
    • (2024)Balancing Between Privacy and Utility for Affect Recognition Using Multitask Learning in Differential Privacy–Added Federated Learning Settings: Quantitative StudyJMIR Mental Health10.2196/6000311(e60003-e60003)Online publication date: 23-Dec-2024
    • (2024)FEDDBN-IDS: federated deep belief network-based wireless network intrusion detection systemEURASIP Journal on Information Security10.1186/s13635-024-00156-52024:1Online publication date: 4-Apr-2024
    • (2024)A Critical Review of Artificial Intelligence Based Approaches in Intrusion Detection: A Comprehensive AnalysisJournal of Engineering10.1155/2024/39091732024:1Online publication date: 15-Apr-2024
    • (2024)Taxonomy and Survey of Collaborative Intrusion Detection System using Federated LearningACM Computing Surveys10.1145/370172457:4(1-36)Online publication date: 10-Dec-2024
    • (2024)When Two-Layer Federated Learning and Mean-Field Game Meet 5G and Beyond Security: Cooperative Defense Systems for 5G and Beyond Network SlicingIEEE Transactions on Network and Service Management10.1109/TNSM.2023.329456821:1(1178-1189)Online publication date: Feb-2024
    • (2024)FedStream: A Federated Learning Framework on Heterogeneous Streaming Data for Next-Generation Traffic AnalysisIEEE Transactions on Network Science and Engineering10.1109/TNSE.2023.329280511:3(2485-2496)Online publication date: May-2024
    • (2024)Swarm Learning and Knowledge Distillation Empowered Self-Driving Detection Against Threat Behavior for Intelligent IoTIEEE Transactions on Mobile Computing10.1109/TMC.2023.333051423:6(7117-7134)Online publication date: Jun-2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media