Related papers: WeiDetect: Weibull Distribution-Based Defense against Poisoning Attacks in Federated Learning for Network Intrusion Detection Systems

WeiDetect: Weibull Distribution-Based Defense against Poisoning Attacks in Federated Learning for Network Intrusion Detection Systems

URL: http://arxiv.org/abs/2504.04367v2
Date: Sat, 19 Apr 2025 15:07:05 GMT
Title: WeiDetect: Weibull Distribution-Based Defense against Poisoning Attacks in Federated Learning for Network Intrusion Detection Systems
Authors: Sameera K. M., Vinod P., Anderson Rocha, Rafidha Rehiman K. A., Mauro Conti,
Abstract summary: We propose WeiDetect, a two-phase, server-side defense mechanism for FL-based NIDS that detects malicious participants.<n>We conducted experiments to evaluate the effectiveness of our approach in diverse attack settings.<n>Our findings highlight that WeiDetect outperforms state-of-the-art defense approaches.
Score: 23.03944479383518
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: In the era of data expansion, ensuring data privacy has become increasingly critical, posing significant challenges to traditional AI-based applications. In addition, the increasing adoption of IoT devices has introduced significant cybersecurity challenges, making traditional Network Intrusion Detection Systems (NIDS) less effective against evolving threats, and privacy concerns and regulatory restrictions limit their deployment. Federated Learning (FL) has emerged as a promising solution, allowing decentralized model training while maintaining data privacy to solve these issues. However, despite implementing privacy-preserving technologies, FL systems remain vulnerable to adversarial attacks. Furthermore, data distribution among clients is not heterogeneous in the FL scenario. We propose WeiDetect, a two-phase, server-side defense mechanism for FL-based NIDS that detects malicious participants to address these challenges. In the first phase, local models are evaluated using a validation dataset to generate validation scores. These scores are then analyzed using a Weibull distribution, identifying and removing malicious models. We conducted experiments to evaluate the effectiveness of our approach in diverse attack settings. Our evaluation included two popular datasets, CIC-Darknet2020 and CSE-CIC-IDS2018, tested under non-IID data distributions. Our findings highlight that WeiDetect outperforms state-of-the-art defense approaches, improving higher target class recall up to 70% and enhancing the global model's F1 score by 1% to 14%.

Related papers

SRFed: Mitigating Poisoning Attacks in Privacy-Preserving Federated Learning with Heterogeneous Data [5.7335377562335275]
Federated Learning (FL) enables collaborative model training without exposing clients' private data, and has been widely adopted in privacy-sensitive scenarios.<n>It faces two critical security threats: curious servers that may launch inference attacks to reconstruct clients' private data, and compromised clients that can launch poisoning attacks to disrupt model aggregation.<n>We propose SRFed, an efficient Byzantine-robust and privacy-preserving FL framework for Non-IID scenarios.
arXiv Detail & Related papers (2026-02-18T14:14:38Z)
Beyond Denial-of-Service: The Puppeteer's Attack for Fine-Grained Control in Ranking-Based Federated Learning [37.22418291316679]
We introduce the Edge Control Attack (ECA), the first fine-grained control attack tailored to ranking-based FL frameworks.<n>ECA achieves fine-grained accuracy control with an average error of only 0.224%, outperforming the baseline by up to 17x.<n>Our findings highlight the need for stronger defenses against advanced poisoning attacks.
arXiv Detail & Related papers (2026-01-21T06:03:11Z)
Federated Learning in the Wild: A Comparative Study for Cybersecurity under Non-IID and Unbalanced Settings [1.441946602098626]
Federated Learning (FL) has emerged as a novel paradigm that enables collaborative training of ML models across multiple clients.<n>This study systematically reviews and evaluates a range of FL methods in the context of intrusion detection for DDoS attacks.<n>To the best of our knowledge, this is the first comparative analysis of FL algorithms for intrusion detection under realistic non-i.i.d. and unbalanced settings.
arXiv Detail & Related papers (2025-09-22T14:25:32Z)
FEDLAD: Federated Evaluation of Deep Leakage Attacks and Defenses [50.921333548391345]
Federated Learning is a privacy preserving decentralized machine learning paradigm.<n>Recent research has revealed that private ground truth data can be recovered through a gradient technique known as Deep Leakage.<n>This paper introduces the FEDLAD Framework (Federated Evaluation of Deep Leakage Attacks and Defenses), a comprehensive benchmark for evaluating Deep Leakage attacks and defenses.
arXiv Detail & Related papers (2024-11-05T11:42:26Z)
Enabling Privacy-Preserving Cyber Threat Detection with Federated Learning [4.475514208635884]
This study systematically profiles the (in)feasibility of learning for privacy-preserving cyber threat detection in terms of effectiveness, byzantine resilience, and efficiency. It shows that FL-trained detection models can achieve a performance that is comparable to centrally trained counterparts. Under a realistic threat model, FL turns out to be adversary-resistant to attacks of both data poisoning and model poisoning.
arXiv Detail & Related papers (2024-04-08T01:16:56Z)
Vulnerability Detection with Code Language Models: How Far Are We? [40.455600722638906]
PrimeVul is a new dataset for training and evaluating code LMs for vulnerability detection. It incorporates a novel set of data labeling techniques that achieve comparable label accuracy to human-verified benchmarks. It also implements a rigorous data de-duplication and chronological data splitting strategy to mitigate data leakage issues.
arXiv Detail & Related papers (2024-03-27T14:34:29Z)
Enhancing IoT Security Against DDoS Attacks through Federated Learning [0.0]
Internet of Things (IoT) has ushered in transformative connectivity between physical devices and the digital realm. Traditional DDoS mitigation approaches are ill-equipped to handle the intricacies of IoT ecosystems. This paper introduces an innovative strategy to bolster the security of IoT networks against DDoS attacks by harnessing the power of Federated Learning.
arXiv Detail & Related papers (2024-03-16T16:45:28Z)
Attention-GAN for Anomaly Detection: A Cutting-Edge Approach to Cybersecurity Threat Management [0.0]
This paper proposes an innovative Attention-GAN framework for enhancing cybersecurity, focusing on anomaly detection. The proposed approach aims to generate diverse and realistic synthetic attack scenarios, thereby enriching the dataset and improving threat identification. Integrating attention mechanisms with Generative Adversarial Networks (GANs) is a key feature of the proposed method. The attention-GAN framework has emerged as a pioneering approach, setting a new benchmark for advanced cyber-defense strategies.
arXiv Detail & Related papers (2024-02-25T01:10:55Z)
Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS) FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z)
Model Stealing Attack against Graph Classification with Authenticity, Uncertainty and Diversity [80.16488817177182]
GNNs are vulnerable to the model stealing attack, a nefarious endeavor geared towards duplicating the target model via query permissions. We introduce three model stealing attacks to adapt to different actual scenarios.
arXiv Detail & Related papers (2023-12-18T05:42:31Z)
A Novel Federated Learning-Based IDS for Enhancing UAVs Privacy and Security [1.2999518604217852]
Unmanned aerial vehicles (UAVs) operating within Flying Ad-hoc Networks (FANETs) encounter security challenges due to the dynamic and distributed nature of these networks. Previous studies predominantly focused on centralized intrusion detection, assuming a central entity responsible for storing and analyzing data from all devices. This paper introduces the Federated Learning-based Intrusion Detection System (FL-IDS), addressing challenges encountered by centralized systems in FANETs.
arXiv Detail & Related papers (2023-12-07T08:50:25Z)
Effective Intrusion Detection in Highly Imbalanced IoT Networks with Lightweight S2CGAN-IDS [48.353590166168686]
Internet of Things (IoT) networks contain benign traffic far more than abnormal traffic, with some rare attacks. Most existing studies have been focused on sacrificing the detection rate of the majority class in order to improve the detection rate of the minority class. We propose a lightweight framework named S2CGAN-IDS to expand the number of minority categories in both data space and feature space.
arXiv Detail & Related papers (2023-06-06T14:19:23Z)
Avoid Adversarial Adaption in Federated Learning by Multi-Metric Investigations [55.2480439325792]
Federated Learning (FL) facilitates decentralized machine learning model training, preserving data privacy, lowering communication costs, and boosting model performance through diversified data sources. FL faces vulnerabilities such as poisoning attacks, undermining model integrity with both untargeted performance degradation and targeted backdoor attacks. We define a new notion of strong adaptive adversaries, capable of adapting to multiple objectives simultaneously. MESAS is the first defense robust against strong adaptive adversaries, effective in real-world data scenarios, with an average overhead of just 24.37 seconds.
arXiv Detail & Related papers (2023-06-06T11:44:42Z)
Federated Deep Learning for Intrusion Detection in IoT Networks [1.3097853961043058]
A common approach to implementing AI-based Intrusion Detection systems (IDSs) in distributed IoT systems is in a centralised manner. This approach may violate data privacy and prohibit IDS scalability. We design an experiment representative of the real world and evaluate the performance of an FL-based IDS.
arXiv Detail & Related papers (2023-06-05T09:08:24Z)
Clustered Data Sharing for Non-IID Federated Learning over Wireless Networks [39.80420645943706]
Federated Learning (FL) is a distributed machine learning approach to leverage data from the Internet of Things (IoT) Current FL algorithms face the challenges of non-independent and identically distributed (non-IID) data, which causes high communication costs and model accuracy declines. We propose a clustered data sharing framework which spares the partial data from cluster heads to credible associates through device-to-device (D2D) communication.
arXiv Detail & Related papers (2023-02-17T07:11:02Z)
Federated Learning for Malware Detection in IoT Devices [35.00570367521957]
A framework that uses federated learning to detect malware affecting IoT devices is presented. N-BaIoT, a dataset modeling network traffic of several real IoT devices while affected by malware, has been used to evaluate the proposed framework.
arXiv Detail & Related papers (2021-04-15T13:14:22Z)
Systematic Evaluation of Privacy Risks of Machine Learning Models [41.017707772150835]
We show that prior work on membership inference attacks may severely underestimate the privacy risks. We first propose to benchmark membership inference privacy risks by improving existing non-neural network based inference attacks. We then introduce a new approach for fine-grained privacy analysis by formulating and deriving a new metric called the privacy risk score.
arXiv Detail & Related papers (2020-03-24T00:53:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.