Federated Intrusion Detection System Based on Unsupervised Machine Learning

• URL: http://arxiv.org/abs/2503.22065v1
• Date: Fri, 28 Mar 2025 01:01:58 GMT
• Title: Federated Intrusion Detection System Based on Unsupervised Machine Learning
• Authors: Maxime Gourceyraud, Rim Ben Salem, Christopher Neal, Frédéric Cuppens, Nora Boulahia Cuppens,
• Abstract summary: Intrusion Detection System (IDS) research has increasingly moved towards the adoption of machine learning methods.<n>Most IDS systems rely on supervised learning approaches, necessitating a fully labeled training set.<n>We propose an IDS architecture that utilizes unsupervised learning to reduce the need for labeling.
• Score: 0.6990493129893112
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Recent Intrusion Detection System (IDS) research has increasingly moved towards the adoption of machine learning methods. However, most of these systems rely on supervised learning approaches, necessitating a fully labeled training set. In the realm of network intrusion detection, the requirement for extensive labeling can become impractically burdensome. Moreover, while IDS training could benefit from inter-company knowledge sharing, the sensitive nature of cybersecurity data often precludes such cooperation. To address these challenges, we propose an IDS architecture that utilizes unsupervised learning to reduce the need for labeling. We further facilitate collaborative learning through the implementation of a federated learning framework. To enhance privacy beyond what current federated clustering models offer, we introduce an innovative federated K-means++ initialization technique. Our findings indicate that transitioning from a centralized to a federated setup does not significantly diminish performance.

Related papers

• Multi-Agent Collaborative Intrusion Detection for Low-Altitude Economy IoT: An LLM-Enhanced Agentic AI Framework [60.72591149679355]
  The rapid expansion of low-altitude economy Internet of Things (LAE-IoT) networks has created unprecedented security challenges.<n>Traditional intrusion detection systems fail to tackle the unique characteristics of aerial IoT environments.<n>We introduce a large language model (LLM)-enabled agentic AI framework for enhancing intrusion detection in LAE-IoT networks.
  arXiv  Detail & Related papers  (2026-01-25T12:47:25Z)
• FetFIDS: A Feature Embedding Attention based Federated Network Intrusion Detection Algorithm [10.662159185662796]
  Intrusion Detection Systems (IDS) have an increasingly important role in preventing exploitation of network vulnerabilities by malicious actors.<n>Recent deep learning based developments have resulted in significant improvements in the performance of IDS systems.<n>We present FetFIDS, where we explore the employment of feature embedding instead of positional embedding to improve intrusion detection performance.
  arXiv  Detail & Related papers  (2025-08-12T16:16:29Z)
• Does Machine Unlearning Truly Remove Model Knowledge? A Framework for Auditing Unlearning in LLMs [58.24692529185971]
  We introduce a comprehensive auditing framework for unlearning evaluation comprising three benchmark datasets, six unlearning algorithms, and five prompt-based auditing methods.<n>We evaluate the effectiveness and robustness of different unlearning strategies.
  arXiv  Detail & Related papers  (2025-05-29T09:19:07Z)
• Towards Certified Unlearning for Deep Neural Networks [50.816473152067104]
  certified unlearning has been extensively studied in convex machine learning models.<n>We propose several techniques to bridge the gap between certified unlearning and deep neural networks (DNNs)
  arXiv  Detail & Related papers  (2024-08-01T21:22:10Z)
• Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
  We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
  arXiv  Detail & Related papers  (2024-01-22T14:16:37Z)
• Improving Transferability of Network Intrusion Detection in a Federated Learning Setup [11.98319841778396]
  Network Intrusion Detection Systems (IDS) aim to detect the presence of an intruder by analyzing network packets arriving at an internet connected device. Deep learning systems, popular due to their superior performance compared to traditional IDS, depend on availability of high quality training data for diverse intrusion classes. We propose two techniques to significantly improve the transferability of a federated intrusion detection system.
  arXiv  Detail & Related papers  (2024-01-07T17:52:41Z)
• Exploring Federated Unlearning: Analysis, Comparison, and Insights [101.64910079905566]
  federated unlearning enables the selective removal of data from models trained in federated systems.<n>This paper examines existing federated unlearning approaches, examining their algorithmic efficiency, impact on model accuracy, and effectiveness in preserving privacy.<n>We propose the OpenFederatedUnlearning framework, a unified benchmark for evaluating federated unlearning methods.
  arXiv  Detail & Related papers  (2023-10-30T01:34:33Z)
• Decentralized Online Federated G-Network Learning for Lightweight Intrusion Detection [2.7225008315665424]
  This paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection architecture based on the G-Network model with collaborative learning. The performance evaluation results using public Kitsune and Bot-IoT datasets show that DOF-ID significantly improves the intrusion detection performance in all of the collaborating components.
  arXiv  Detail & Related papers  (2023-06-22T16:46:00Z)
• Few-shot Weakly-supervised Cybersecurity Anomaly Detection [1.179179628317559]
  We propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework. This framework incorporates data augmentation, representation learning and ordinal regression. We then evaluated and showed the performance of our implemented framework on three benchmark datasets.
  arXiv  Detail & Related papers  (2023-04-15T04:37:54Z)
• Safe Multi-agent Learning via Trapping Regions [89.24858306636816]
  We apply the concept of trapping regions, known from qualitative theory of dynamical systems, to create safety sets in the joint strategy space for decentralized learning. We propose a binary partitioning algorithm for verification that candidate sets form trapping regions in systems with known learning dynamics, and a sampling algorithm for scenarios where learning dynamics are not known.
  arXiv  Detail & Related papers  (2023-02-27T14:47:52Z)
• GowFed -- A novel Federated Network Intrusion Detection System [0.15469452301122172]
  This work presents GowFed, a novel network threat detection system that combines the usage of Gower Dissimilarity matrices and Federated averaging. Different approaches of GowFed have been developed based on state-of the-art knowledge: (1) a vanilla version; and (2) a version instrumented with an attention mechanism. Overall, GowFed intends to be the first stepping stone towards the combined usage of Federated Learning and Gower Dissimilarity matrices to detect network threats in industrial-level networks.
  arXiv  Detail & Related papers  (2022-10-28T23:53:37Z)
• A review of Federated Learning in Intrusion Detection Systems for IoT [0.15469452301122172]
  Intrusion detection systems are evolving into intelligent systems that perform data analysis searching for anomalies in their environment. Deep learning technologies opened the door to build more complex and effective threat detection models. Current approaches rely on powerful centralized servers that receive data from all their parties. This paper focuses on the application of Federated Learning approaches in the field of Intrusion Detection.
  arXiv  Detail & Related papers  (2022-04-26T17:00:07Z)
• Deep Transfer Learning: A Novel Collaborative Learning Model for Cyberattack Detection Systems in IoT Networks [17.071452978622123]
  Federated Learning (FL) has recently become an effective approach for cyberattack detection systems. FL can improve learning efficiency, reduce communication overheads and enhance privacy for cyberattack detection systems. Challenges in implementation of FL in such systems include unavailability of labeled data and dissimilarity of data features in different IoT networks.
  arXiv  Detail & Related papers  (2021-12-02T05:26:29Z)
• Federated Learning: A Signal Processing Perspective [144.63726413692876]
  Federated learning is an emerging machine learning paradigm for training models across multiple edge devices holding local datasets, without explicitly exchanging the data. This article provides a unified systematic framework for federated learning in a manner that encapsulates and highlights the main challenges that are natural to treat using signal processing tools.
  arXiv  Detail & Related papers  (2021-03-31T15:14:39Z)
• Self-organizing Democratized Learning: Towards Large-scale Distributed Learning Systems [71.14339738190202]
  democratized learning (Dem-AI) lays out a holistic philosophy with underlying principles for building large-scale distributed and democratized machine learning systems. Inspired by Dem-AI philosophy, a novel distributed learning approach is proposed in this paper. The proposed algorithms demonstrate better results in the generalization performance of learning models in agents compared to the conventional FL algorithms.
  arXiv  Detail & Related papers  (2020-07-07T08:34:48Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.