Abstract
Scanning attacks are the first step in the attempt to compromise the security of systems. Machine learning (ML) has been used for network intrusion detection systems (NIDS) to protect systems by learning misbehavior based on network traffic. This paper demonstrates that Federated Learning (FL) is a promising approach to achieve better detection performance than traditional local training and inference on distributed agents. Also, this FL approach brings privacy, efficiency, and it is suitable for distributed ML-based NIDS solutions. We present a horizontal FL setup using Logistic Regression with FedAvg strategy applied to 13 agents (data silos) capable of providing an iterative process of constant learning improvement. Our results indicate a more stable learning process when observed the F1-score average, whereas the traditional NIDS approach (local trained models) present lesser performance and bigger variability to classify scanning and benign traffic. We tested our model performance on the TON_IoT dataset containing network traffic from a virtualized heterogeneous network composed of cloud, fog, and edge layers.
- Tianlong Yu, Vyas Sekar, Srinivasan Seshan, Yuvraj Agarwal, and Chenren Xu. Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the internet-of-things. In Proceedings of the 14th ACM Workshop on Hot Topics in Networks, pages 1--7, 2015.Google ScholarDigital Library
- Francesca Meneghello, Matteo Calore, Daniel Zucchetto, Michele Polese, and Andrea Zanella. Iot: Internet of threats? a survey of practical security vulnerabilities in real iot devices. IEEE Internet of Things Journal, 6(5):8182--8201, 2019.Google ScholarCross Ref
- Nadia Chaabouni, Mohamed Mosbah, Akka Zemmari, Cyrille Sauvignac, and Parvez Faruki. Network intrusion detection for iot security based on learning techniques. IEEE Communications Surveys Tutorials, 21(3):2671--2701, 2019.Google ScholarCross Ref
- Ansam Khraisat, Iqbal Gondal, Peter Vamplew, and Joarder Kamruzzaman. Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1):20, 2019.Google ScholarCross Ref
- Scott Rose, Oliver Borchert, Stu Mitchell, and Sean Connelly. Zero trust architecture. Technical report, National Institute of Standards and Technology, 2019.Google Scholar
- Sawsan Abdul Rahman, Hanine Tout, Chamseddine Talhi, and Azzam Mourad. Internet of things intrusion detection: Centralized, on-device, or federated learning? IEEE Network, 34(6):310--317, 2020.Google ScholarDigital Library
- Tarun Yadav and Arvind Mallari Rao. Technical aspects of cyber kill chain. In International Symposium on Security in Computing and Communication, pages 438--452. Springer, 2015.Google ScholarCross Ref
- Blake E Strom, Andy Applebaum, Doug P Miller, Kathryn C Nickels, Adam G Pennington, and Cody B Thomas. Mitre att&ck: Design and philosophy. Technical report, 2018.Google Scholar
- Gustavo De Carvalho Bertoli, Lourenço Alves Pereira Júnior, Osamu Saotome, Aldri L. Dos Santos, Filipe Alves Neto Verri, Cesar Augusto Cavalheiro Marcondes, Sidnei Barbieri, Moises S. Rodrigues, and José M. Parente De Oliveira. An end-toend framework for machine learning-based network intrusion detection system. IEEE Access, 9:106790--106805, 2021.Google ScholarCross Ref
- Viraaji Mothukuri, Prachi Khare, Reza M. Parizi, Seyedamin Pouriyeh, Ali Dehghantanha, and Gautam Srivastava. Federated learning-based anomaly detection for iot security attacks. IEEE Internet of Things Journal, 2021.Google Scholar
- Zhuo Chen, Na Lv, Pengfei Liu, Yu Fang, Kun Chen, and Wu Pan. Intrusion detection for wireless edge networks based on federated learning. IEEE Access, 8:217463--217472, 2020.Google ScholarCross Ref
- S Hettich. Kdd cup 1999 data. The UCI KDD Archive, 1999.Google Scholar
- Iman Sharafaldin, Arash Habibi Lashkari, and Ali A Ghorbani. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1:108--116, 2018.Google Scholar
- Iman Almomani, Bassam Al-Kasasbeh, and Mousa Al-Akhras. Wsn-ds: A dataset for intrusion detection systems in wireless sensor networks. Journal of Sensors, 2016, 2016.Google Scholar
- Robin Sommer and Vern Paxson. Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE Symposium on Security and Privacy, pages 305--316, 2010.Google ScholarDigital Library
- Qiaofeng Qin, Konstantinos Poularakis, Kin K Leung, and Leandros Tassiulas. Line-speed and scalable intrusion detection at the network edge via federated learning. In 2020 IFIP Networking Conference (Networking), pages 352--360. IEEE, 2020.Google Scholar
- Elaheh Biglar Beigi, Hossein Hadian Jazi, Natalia Stakhanova, and Ali A. Ghorbani. Towards effective feature selection in machine learning-based botnet detection approaches. In 2014 IEEE Conference on Communications and Network Security, pages 247--255, 2014.Google ScholarCross Ref
- Dinesh Chowdary Attota, Viraaji Mothukuri, Reza M. Parizi, and Seyedamin Pouriyeh. An ensemble multi-view federated learning intrusion detection for iot. IEEE Access, 9:117734--117745, 2021.Google ScholarCross Ref
- Hanan Hindy, Ethan Bayne, Miroslav Bures, Robert Atkinson, Christos Tachtatzis, and Xavier Bellekens. Machine learning based iot intrusion detection system: an mqtt case study (mqtt-iot-ids2020 dataset). In International Networking Conference, pages 73--84. Springer, 2020.Google Scholar
- Abdullah Alsaedi, Nour Moustafa, Zahir Tari, Abdun Mahmood, and Adnan Anwar. Ton_iot telemetry dataset: A new generation dataset of iot and iiot for data-driven intrusion detection systems. IEEE Access, 8:165130--165150, 2020.Google ScholarCross Ref
- Eduardo K. Viegas, Altair O. Santin, and Luiz S. Oliveira. Toward a reliable anomaly-based intrusion detection in real-world environments. Computer Networks, 127:200--216, 2017.Google ScholarDigital Library
- Mohanad Sarhan, Siamak Layeghy, Nour Moustafa, and Marius Portmann. Towards a standard feature set of nids datasets. arXiv preprint arXiv:2101.11315, 2021.Google Scholar
- Nour Moustafa. A new distributed architecture for evaluating ai-based security systems at the edge: Network ton_iot datasets. Sustainable Cities and Society, 72:102994, 2021.Google ScholarCross Ref
- Qiang Yang, Yang Liu, Tianjian Chen, and Yongxin Tong. Federated machine learning: Concept and applications. ACM Transactions on Intelligent Systems and Technology (TIST), 10(2):1--19, 2019.Google Scholar
- Yue Zhao, Meng Li, Liangzhen Lai, Naveen Suda, Damon Civin, and Vikas Chandra. Federated learning with non-iid data. arXiv preprint arXiv:1806.00582, 2018.Google Scholar
- Hangyu Zhu, Jinjin Xu, Shiqing Liu, and Yaochu Jin. Federated learning on non-iid data: A survey. arXiv preprint arXiv:2106.06843, 2021.Google Scholar
Recommendations
Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats
Despite its technological benefits, the Internet of Things (IoT) has cyber weaknesses due to vulnerabilities in the wireless medium. Machine Larning (ML)-based methods are widely used against cyber threats in IoT networks with promising performance. An ...
FederatedReverse: A Detection and Defense Method Against Backdoor Attacks in Federated Learning
IH&MMSec '21: Proceedings of the 2021 ACM Workshop on Information Hiding and Multimedia SecurityFederated learning is a secure machine learning technology proposed to protect data privacy and security in machine learning model training. However, recent studies show that federated learning is vulnerable to backdoor attacks, such as model ...
Fortifying Your Defenses: Techniques to Thwart Adversarial Attacks and Boost Performance of Machine Learning-Based Intrusion Detection Systems
WiseML'23: Proceedings of the 2023 ACM Workshop on Wireless Security and Machine LearningMachine learning has seen significant advancements in recent years and has proven to be highly effective in a wide range of applications, including intrusion detection systems (IDS). However, while working in adversarial environments, machine learning-...
Comments