Network intrusion detection model based on efficient federated learning algorithm

doi:10.11772/j.issn.1001-9081.2022020305

Journal of Computer Applications ›› 2023, Vol. 43 ›› Issue (4): 1169-1175.DOI: 10.11772/j.issn.1001-9081.2022020305

Special Issue: 网络空间安全

• Cyber security • Previous Articles Next Articles

Network intrusion detection model based on efficient federated learning algorithm

Shaochen HAO, Zizuan WEI, Yao MA, Dan YU, Yongle CHEN()

College of Information and Computer，Taiyuan University of Technology，Jinzhong Shanxi 030600，China

Received:2022-03-15 Revised:2022-05-24 Accepted:2022-05-26 Online:2022-09-02 Published:2023-04-10
Contact: Yongle CHEN
About author:HAO Shaochen， born in 1998， M. S. candidate. His research interests include federated learning， Internet of Things （IoT） security.
WEI Zizuan， born in 2001， M. S. candidate. His research interests include blockchain security.
MA Yao， born in 1982， Ph. D.， lecturer. His research interests include web security.
YU Dan， born in 1983， Ph. D. Her research interests include wireless sensor networks， IoT.
Supported by:
Basic Research Program of Shanxi Province(20210302123131)

基于高效联邦学习算法的网络入侵检测模型

郝劭辰, 卫孜钻, 马垚, 于丹, 陈永乐()

太原理工大学信息与计算机学院，山西晋中 030600

通讯作者: 陈永乐
作者简介:郝劭辰（1998—），男，山西太原人，硕士研究生，CCF会员，主要研究方向：联邦学习、物联网（IoT）安全；
卫孜钻（2001—），男，山西运城人，硕士研究生，主要研究方向：区块链安全；
马垚（1982—），男，山西太原人，讲师，博士，主要研究方向：网络安全；
于丹（1983—），女，山西太原人，博士，主要研究方向：无线传感网络、IoT；
基金资助:
山西省基础研究计划项目(20210302123131)

Abstract

Abstract:

After the introduction of federated learning technology in intrusion detection scenarios， there is a problem that the traffic data between nodes is non-independent and identically distributed （non-iid）， which makes it difficult for models to aggregate and obtain a high recognition rate. To solve this problem， an efficient federated learning algorithm named H?E?Fed was constructed， and a network intrusion detection model based on this algorithm was proposed. Firstly， a global model for traffic data was designed by the coordinator and was sent to the intrusion detection nodes for model training. Then， by the coordinator， the local models were collected and the skewness of the covariance matrix of the local models between nodes was evaluated， so as to measure the correlation of models between nodes， thereby reassigning model aggregation parameters and generating a new global model. Finally， multiple rounds of interactions between the coordinator and the nodes were carried out until the global model converged. Experimental results show that compared with the models based on FedAvg （Federated Averaging） algorithm and FedProx algorithm， under data non-iid phenomenon between nodes， the proposed model has the communication consumption relatively low. And on KDDCup99 dataset and CICIDS2017 dataset， compared with baseline models， the proposed model has the accuracy improved by 10.39%， 8.14% and 4.40%， 5.98% respectively.

Key words: federated learning, intrusion detection, machine learning, model aggregation, information security

摘要：

为解决在入侵检测场景中引入联邦学习技术后，由于节点间存在流量数据非独立同分布（non-iid）现象而导致模型难以聚合并得到高识别率的问题，构造了一种高效联邦学习算法（H-E-Fed），并基于该算法构建了对应的入侵检测模型。首先，协调方设计针对流量数据的全局模型，并下发至入侵检测节点间进行模型训练；然后，协调方收集本地模型，并对节点间本地模型的协方差矩阵评估偏度，以衡量节点间模型的相关性，从而重新分配模型聚合参数，并生成新的全局模型；最后，协调方与节点多轮交互，直至全局模型收敛。实验结果表明，与基于联邦平均（FedAvg）算法和FedProx算法的模型相比，基于高效联邦学习算法的入侵检测模型在节点间产生数据non-iid现象时的通信消耗更低；且在KDDCup99数据集和CICIDS2017数据集上，与基线模型相比，准确率分别提升了10.39%、8.14%与4.40%、5.98%。

关键词: 联邦学习, 入侵检测, 机器学习, 模型聚合, 信息安全

CLC Number:

TP389.1

Shaochen HAO, Zizuan WEI, Yao MA, Dan YU, Yongle CHEN. Network intrusion detection model based on efficient federated learning algorithm[J]. Journal of Computer Applications, 2023, 43(4): 1169-1175.

郝劭辰, 卫孜钻, 马垚, 于丹, 陈永乐. 基于高效联邦学习算法的网络入侵检测模型[J]. 《计算机应用》唯一官方网站, 2023, 43(4): 1169-1175.

Figures/Tables 8

References 29

1	AMARAL A A， DE SOUZA MENDES L， ZARPELÃO B B， et al. Deep IP flow inspection to detect beyond network anomalies［J］. Computer Communications， 2017， 98：80-96. 10.1016/j.comcom.2016.12.007
2	HINDY H， ATKINSON R， TACHTATZIS C， et al. Utilising deep learning techniques for effective zero-day attack detection［J］. Electronics， 2020， 9（10）： No.1684. 10.3390/electronics9101684
3	WU W F， LI R F， XIE G Q， et al. A survey of intrusion detection for in-vehicle networks［J］. IEEE Transactions on Intelligent Transportation Systems， 2020， 21（3）：919-933. 10.1109/tits.2019.2908074
4	李硕豪，张军. 贝叶斯网络结构学习综述［J］. 计算机应用研究， 2015， 32（3）： 641-646. 10.3969/j.issn.1001-3695.2015.03.001
	LI S H， ZHANG J. Summary of Bayesian networks structure learning［J］. Application Research of Computers， 2015， 32（3）： 641-646. 10.3969/j.issn.1001-3695.2015.03.001
5	YIN C L， ZHU Y F， FEI J L， et al. A deep learning approach for intrusion detection using recurrent neural networks［J］. IEEE Access， 2017， 5： 21954-21961. 10.1109/access.2017.2762418
6	AL-ABASSI， KARIMIPOUR H， DEHGHANTANHA A， et al. An ensemble deep learning-based cyber-attack detection in industrial control system［J］. IEEE Access， 2020， 8： 83965-83973. 10.1109/access.2020.2992249
7	HOMOLIAK I， TEKNÖS M， OCHOA M， et al. Improving network intrusion detection classifiers by non-payload-based exploit-independent obfuscations： an adversarial approach［J］. EAI Endorsed Transactions on Security and Safety， 2018， 5（17）： No.e4. 10.4108/eai.10-1-2019.156245
8	ANDRESINI G， APPICE A， DE ROSE L， et al. GAN augmentation to deal with imbalance in imaging-based intrusion detection［J］. Future Generation Computer Systems， 2021， 123： 108-127. 10.1016/j.future.2021.04.017
9	DUAN T， TIAN Y H， ZHANG H R， et al. Intelligent processing of intrusion detection data［J］. IEEE Access， 2020， 8： 78330-78342. 10.1109/access.2020.2989498
10	王蓉，马春光，武朋. 基于联邦学习和卷积神经网络的入侵检测方法［J］. 信息网络安全， 2020， 20（4）： 47-54. 10.3969/j.issn.1671-1122.2020.04.006
	WANG R， MA C G， WU P. An intrusion detection method based on federated learning and convolutional neural network［J］. Netinfo Security， 2020， 20（4）： 47-54. 10.3969/j.issn.1671-1122.2020.04.006
11	赵英，王丽宝，陈骏君，等. 基于联邦学习的网络异常检测［J］. 北京化工大学学报（自然科学版）， 2021， 48（2）： 92-99. 10.13543/j.bhxbzr.2021.02.012
	ZHAO Y， WANG L B， CHEN J J， et al. Network anomaly detection based on federated learning［J］. Journal of Beijing University of Chemical Technology （Natural Science Edition）， 2021， 48（2）： 92-99. 10.13543/j.bhxbzr.2021.02.012
12	HASSAN M M， GUMAEI A， ALSANAD A， et al. A hybrid deep learning model for efficient intrusion detection in big data environment［J］. Information Sciences， 2020， 513： 386-396. 10.1016/j.ins.2019.10.069
13	KAIROUZ P， McMAHAN H B， AVENT B， et al. Advances and open problems in federated learning［J］. Foundations and Trends® in Machine Learning， 2021， 14（1/2）： 1-210. 10.1561/2200000083
14	KALIMUTHAN C， AROKIA RENJIT J. Review on intrusion detection using feature selection with machine learning techniques［J］. Materials Today： Proceedings， 2020， 33（Pt 7）： 3794-3802. 10.1016/j.matpr.2020.06.218
15	LeCUN Y， BOSER B， DENKER J S， et al. Backpropagation applied to handwritten zip code recognition［J］. Neural Computation， 1989， 1（4）： 541-551. 10.1162/neco.1989.1.4.541
16	HOCHREITER S， SCHMIDHUBER J. Long short-term memory［J］. Neural computation， 1997， 9（8）： 1735-1780. 10.1162/neco.1997.9.8.1735
17	张昊，张小雨，张振友，等. 基于深度学习的入侵检测模型综述［J］. 计算机工程与应用， 2022， 58（6）：17-28. 10.3778/j.issn.1002-8331.2107-0084
	ZHANG H， ZHANG X Y， ZHANG Z Y， et al. Summary of intrusion detection models based on deep learning［J］. Computer Engineering and Applications， 2022， 58（6）：17-28. 10.3778/j.issn.1002-8331.2107-0084
18	McMAHAN H B， MOORE E， RAMAGE D， et al. Communication-efficient learning of deep networks from decentralized data［C］// Proceedings of the 20th International Conference on Artificial Intelligence and Statistics. New York： JMLR.org， 2017： 1273-1282.
19	AGRAWAL S， SARKAR S， AOUEDI O， et al. Federated learning for intrusion detection system： concepts， challenges and future directions［J］. Computer Communications， 2022， 195： 346-361. 10.1016/j.comcom.2022.09.012
20	NAIM C， YE F W， ROUAYHEB S EL. ON-OFF privacy with correlated requests［C］// Proceedings of the 2019 IEEE International Symposium on Information Theory. Piscataway： IEEE， 2019： 817-821. 10.1109/isit.2019.8849461
21	BONAWITZ K， EICHNER H， GRIESKAMP W， et al. Towards federated learning at scale： system design［C/OL］// Proceedings of the 2nd Conference on Machine Learning and Systems. ［2021-11-23］..
22	SATTLER F， WIEDEMANN S， MÜLLER K R， et al. Robust and communication-efficient federated learning from non-iid data［J］. IEEE Transactions on Neural Networks and Learning Systems， 2020， 31（9）： 3400-3413. 10.1109/tnnls.2019.2944481
23	WOODWORTH B， PATEL K K， SREBRO N. Minibatch vs local SGD for heterogeneous distributed learning［C］// Proceedings of the 34th International Conference on Neural Information Processing Systems. Red Hook， NY： Curran Associates Inc.， 2020： 6281-6292.
24	REDDI S J， CHARLES Z， ZAHEER M， et al. Adaptive federated optimization［EB/OL］. （2021-09-08）［2021-11-19］..
25	LI T， SAHU A K， ZAHEER M， et al. Federated optimization in heterogeneous networks［C/OL］// Proceedings of the 3rd Conference on Machine Learning and Systems. ［2021-11-23］.. 10.1109/ieeeconf44664.2019.9049023
26	XIE C， KOYEJO S， GUPTA I. Asynchronous federated optimization［C/OL］// Proceedings of the 12th Annual Workshop on Optimization for Machine Learning. ［2021-12-19］..
27	YU H， JIN R， YANG S. On the linear speedup analysis of communication efficient momentum SGD for distributed non-convex optimization［C］// Proceedings of the 26th International Conference on Machine Learning. New York： JMLR.org， 2019： 7184-7193.
28	LI K， ZHOU H C， TU Z， et al. Distributed network intrusion detection system in satellite-terrestrial integrated networks using federated learning［J］. IEEE Access， 2020， 8： 214852-214865. 10.1109/access.2020.3041641
29	SUN Y W， ESAKI H， OCHIAI H. Adaptive intrusion detection in the networking of large-scale LANs with segmented federated learning［J］. IEEE Open Journal of the Communications Society， 2021， 2： 102-112. 10.1109/ojcoms.2020.3044323

标识类型	标识解释	所含具体标识
Normal	正常记录	Normal
DoS	拒绝服务攻击	back、land、neptune、pod、smurf、 teardrop
Probing	监视和其他探测活动	ipsweep、nmap、portsweep、satan
R2L	来自远程机器的非法访问	ftp_write、guess_passwd、imap、 multihop、phf、spy、warezmaster
U2R	普通用户对本地超级用户特权的非法访问	buffer_overflow、loadmodule、 perl、rootkit

标识类型	标识解释	所含具体标识
Normal	正常记录	Normal
DoS	拒绝服务攻击	back、land、neptune、pod、smurf、 teardrop
Probing	监视和其他探测活动	ipsweep、nmap、portsweep、satan
R2L	来自远程机器的非法访问	ftp_write、guess_passwd、imap、 multihop、phf、spy、warezmaster
U2R	普通用户对本地超级用户特权的非法访问	buffer_overflow、loadmodule、 perl、rootkit

标识类型	标识数	占比/%	标识类型	标识数	占比/%
BotNet	2 075	0.18	FTP Patator	19 941	1.71
DDoS	261 226	22.35	HeartBleed	9 859	0.84
Goldneye	20 543	1.76	Infiltration	5 330	0.46
Dos Hulk	474 656	40.61	PortScan	319 636	27.35
Slowhttp DoS	6 786	0.58	SSH Patator	27 545	2.36
Slowloris DoS	10 537	0.90	Web Attack	10 537	0.90

标识类型	标识数	占比/%	标识类型	标识数	占比/%
BotNet	2 075	0.18	FTP Patator	19 941	1.71
DDoS	261 226	22.35	HeartBleed	9 859	0.84
Goldneye	20 543	1.76	Infiltration	5 330	0.46
Dos Hulk	474 656	40.61	PortScan	319 636	27.35
Slowhttp DoS	6 786	0.58	SSH Patator	27 545	2.36
Slowloris DoS	10 537	0.90	Web Attack	10 537	0.90

数据集	数据分布场景	模型	通信轮数	准确率/%
KDDCup99	iid	FedAvg（CNN）^［10］	27	96.37
		FedProx（CNN）^［25］	24	96.48
		H-E-Fed（CNN）	26	96.51
	non-iid	FedAvg（CNN）^［10］	68	86.27
		FedProx（CNN）^［25］	46	88.06
		H-E-Fed（CNN）	56	95.23
	数据分布均匀但数据量匮乏	CNN	32	72.31
CICIDS2017	iid	FedAvg（CNN）^［10］	49	91.10
		FedProx（CNN）^［25］	39	87.16
		H-E-Fed（CNN）	46	93.25
	non-iid	FedAvg（CNN）^［10］	88	87.23
		FedProx（CNN）^［25］	86	85.93
		H-E-Fed（CNN）	88	91.07
		H-E-Fed（CNN+LSTM）	87	93.21
	数据分布均匀但数据量匮乏	CNN+LSTM^［12］	83	89.73

Network intrusion detection model based on efficient federated learning algorithm

基于高效联邦学习算法的网络入侵检测模型

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 8

References 29

Related Articles 15

Recommended Articles

Metrics

[1]	Jiepo FANG, Chongben TAO. Hybrid internet of vehicles intrusion detection system for zero-day attacks [J]. Journal of Computer Applications, 2024, 44(9): 2763-2769.
[2]	Tingwei CHEN, Jiacheng ZHANG, Junlu WANG. Random validation blockchain construction for federated learning [J]. Journal of Computer Applications, 2024, 44(9): 2770-2776.
[3]	Zheyuan SHEN, Keke YANG, Jing LI. Personalized federated learning method based on dual stream neural network [J]. Journal of Computer Applications, 2024, 44(8): 2319-2325.
[4]	Zihao YAO, Yuanming LI, Ziqiang MA, Yang LI, Lianggen WEI. Multi-object cache side-channel attack detection model based on machine learning [J]. Journal of Computer Applications, 2024, 44(6): 1862-1871.
[5]	Wei LUO, Jinquan LIU, Zheng ZHANG. Dual vertical federated learning framework incorporating secret sharing technology [J]. Journal of Computer Applications, 2024, 44(6): 1872-1879.
[6]	Xuebin CHEN, Zhiqiang REN, Hongyang ZHANG. Review on security threats and defense measures in federated learning [J]. Journal of Computer Applications, 2024, 44(6): 1663-1672.
[7]	Wei SHE, Yang LI, Lihong ZHONG, Defeng KONG, Zhao TIAN. Hyperparameter optimization for neural network based on improved real coding genetic algorithm [J]. Journal of Computer Applications, 2024, 44(3): 671-676.
[8]	Yi ZHENG, Cunyi LIAO, Tianqian ZHANG, Ji WANG, Shouyin LIU. Image denoising-based cell-level RSRP estimation method for urban areas [J]. Journal of Computer Applications, 2024, 44(3): 855-862.
[9]	Sunjie YU, Hui ZENG, Shiyu XIONG, Hongzhou SHI. Incentive mechanism for federated learning based on generative adversarial network [J]. Journal of Computer Applications, 2024, 44(2): 344-352.
[10]	Zucuan ZHANG, Xuebin CHEN, Rui GAO, Yuanhuai ZOU. Federated learning client selection method based on label classification [J]. Journal of Computer Applications, 2024, 44(12): 3759-3765.
[11]	Xuebin CHEN, Changsheng QU. Overview of backdoor attacks and defense in federated learning [J]. Journal of Computer Applications, 2024, 44(11): 3459-3469.
[12]	Shuaihua ZHANG, Shufen ZHANG, Mingchuan ZHOU, Chao XU, Xuebin CHEN. Malicious traffic detection model based on semi-supervised federated learning [J]. Journal of Computer Applications, 2024, 44(11): 3487-3494.
[13]	Jie WU, Xuezhong QIAN, Wei SONG. Personalized federated learning based on similarity clustering and regularization [J]. Journal of Computer Applications, 2024, 44(11): 3345-3353.
[14]	Renke SUN, Zhiyu HUANGFU, Hu CHEN, Zhongnian LI, Xinzheng XU. Survey of neural architecture search [J]. Journal of Computer Applications, 2024, 44(10): 2983-2994.
[15]	Wenze CHAI, Jing FAN, Shukui SUN, Yiming LIANG, Jingfeng LIU. Overview of deep metric learning [J]. Journal of Computer Applications, 2024, 44(10): 2995-3010.