当前位置: X-MOL 学术IEEE Open J. Commun. Soc. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Adaptive Intrusion Detection in the Networking of Large-Scale LANs With Segmented Federated Learning
IEEE Open Journal of the Communications Society ( IF 6.3 ) Pub Date : 2020-12-16 , DOI: 10.1109/ojcoms.2020.3044323
Yuwei Sun 1 , Hiroshi Esaki 1 , Hideya Ochiai 1
Affiliation  

Predominant network intrusion detection systems (NIDS) aim to identify malicious traffic patterns based on a handcrafted dataset of rules. Recently, the application of machine learning in NIDS helps alleviate the enormous effort of human observation. Federated learning (FL) is a collaborative learning scheme concerning distributed data. Instead of sharing raw data, it allows a participant to share only a trained local model. Despite the success of existing FL solutions, in NIDS, a network’s traffic data distribution does not always fit into the single global model of FL; some networks have similarities with each other but other networks do not. We propose Segmented-Federated Learning (Segmented-FL), where by employing periodic local model evaluation and network segmentation, we aim to bring similar network environments to the same group. A comparison between FL and our method was conducted against a range of metrics including the weighted precision, recall, and F1 score, using a collected dataset from 20 massively distributed networks within 60 days. By studying the optimized hyperparameters of Segmented-FL and employing three evaluation methods, it shows that Segmented-FL has better performance in all three types of intrusion detection tasks, achieving validation weighted F1 scores of 0.964, 0.803, and 0.912 with Method A, Method B, and Method C respectively. For each method, this scheme shows a gain of 0.1%, 4.0% and 1.1% in performance compared with FL.

中文翻译:

具有分段联合学习的大型局域网网络中的自适应入侵检测

主要的网络入侵检测系统(NIDS)旨在基于手工制作的规则数据集识别恶意流量模式。最近,机器学习在NIDS中的应用有助于减轻人类观察的巨大努力。联合学习(FL)是一种有关分布式数据的协作学习方案。代替共享原始数据,它允许参与者仅共享训练有素的本地模型。尽管现有的FL解决方案取得了成功,但在NIDS中,网络的流量数据分发并不总是适合于FL的单个全局模型。一些网络彼此相似,而其他网络则没有。我们提出了分段联合学习(Segmented-FL),其中通过采用定期的局部模型评估和网络分段,我们旨在将相似的网络环境引入同一组。我们使用60天之内从20个大规模分布的网络中收集的数据集,对一系列指标(包括加权精度,召回率和F1得分)进行了FL和我们方法的比较。通过研究Segmented-FL的优化超参数并采用三种评估方法,它表明Segmented-FL在所有三种类型的入侵检测任务中均具有更好的性能,方法A,Method的验证加权F1得分分别为0.964、0.803和0.912。 B和方法C分别。对于每种方法,与FL相比,此方案的性能分别提高了0.1%,4.0%和1.1%。通过研究Segmented-FL的优化超参数并采用三种评估方法,它表明Segmented-FL在所有三种类型的入侵检测任务中均具有更好的性能,方法A,Method的验证加权F1得分分别为0.964、0.803和0.912。 B和方法C分别。对于每种方法,与FL相比,此方案的性能分别提高了0.1%,4.0%和1.1%。通过研究Segmented-FL的优化超参数并采用三种评估方法,它表明Segmented-FL在所有三种类型的入侵检测任务中均具有更好的性能,方法A,Method的验证加权F1得分分别为0.964、0.803和0.912。 B和方法C分别。对于每种方法,与FL相比,此方案的性能分别提高了0.1%,4.0%和1.1%。
更新日期:2021-01-16
down
wechat
bug