FGAN: Federated Generative Adversarial Networks for Anomaly Detection in Network Traffic

TL;DR

This paper introduces FGAN, a federated GAN framework for network anomaly detection that preserves privacy and allows decentralized training across large, diverse networks, improving detection of various attacks.

Contribution

It proposes a federated architecture for GAN-based anomaly detection in network traffic, addressing privacy concerns and enhancing adaptability across different network regions.

Findings

Enables decentralized training of GANs for network security

Improves anomaly detection across diverse network environments

Maintains privacy of network data during training

Abstract

Over the last two decades, a lot of work has been done in improving network security, particularly in intrusion detection systems (IDS) and anomaly detection. Machine learning solutions have also been employed in IDSs to detect known and plausible attacks in incoming traffic. Parameters such as packet contents, sender IP and sender port, connection duration, etc. have been previously used to train these machine learning models to learn to differentiate genuine traffic from malicious ones. Generative Adversarial Networks (GANs) have been significantly successful in detecting such anomalies, mostly attributed to the adversarial training of the generator and discriminator in an attempt to bypass each other and in turn increase their own power and accuracy. However, in large networks having a wide variety of traffic at possibly different regions of the network and susceptible to a large number of potential attacks, training these GANs for a particular kind of anomaly may make it oblivious to other anomalies and attacks. In addition, the dataset required to train these models has to be made centrally available and publicly accessible, posing the obvious question of privacy of the communications of the respective participants of the network. The solution proposed in this work aims at tackling the above two issues by using GANs in a federated architecture in networks of such scale and capacity. In such a setting, different users of the network will be able to train and customize a centrally available adversarial model according to their own frequently faced conditions. Simultaneously, the member users of the network will also able to gain from the experiences of the other users in the network.