Information Security and Privacy (SIG SEC)

Paper Type

ERF

Paper Number

1703

Description

Intrusion Detection Systems (IDSs) are essential part of a security solution to monitor the network traffics and detect malicious attacks. In a collaborative IDS, multiple IDSs work together to effectively detect large scaled and across platforms or operating systems attacks. However, the participating nodes in a CIDS may hesitate to share their network traffic data due to privacy concerns. In this paper, we propose a federated learning enabled CIDS architecture leveraging its privacy-reserving feature. An unsupervised machine learning algorithm, Self-Organizing Maps (SOM), is adopted as the intrusion detection method. Based on our knowledge, this research is the first attempt incorporating SOM and federated learning into CIDS. We believe that the proposed framework can greatly improve both precision and recall of the intrusion detection. This paper is research in progress. We are in the process of developing a preliminary research prototype and designing experiments for validations.

Share

COinS
 
Aug 9th, 12:00 AM

An Architecture for Federated Learning Enabled Collaborative Intrusion Detection System

Intrusion Detection Systems (IDSs) are essential part of a security solution to monitor the network traffics and detect malicious attacks. In a collaborative IDS, multiple IDSs work together to effectively detect large scaled and across platforms or operating systems attacks. However, the participating nodes in a CIDS may hesitate to share their network traffic data due to privacy concerns. In this paper, we propose a federated learning enabled CIDS architecture leveraging its privacy-reserving feature. An unsupervised machine learning algorithm, Self-Organizing Maps (SOM), is adopted as the intrusion detection method. Based on our knowledge, this research is the first attempt incorporating SOM and federated learning into CIDS. We believe that the proposed framework can greatly improve both precision and recall of the intrusion detection. This paper is research in progress. We are in the process of developing a preliminary research prototype and designing experiments for validations.