Anomaly Detection via Federated Learning

TL;DR

This paper introduces a federated learning-based anomaly detection system that uses autoencoders and classifiers to identify malicious network activity while preserving client data privacy.

Contribution

It presents a novel federated learning framework with a min-max scalar and sampling technique called FedSam for improved anomaly detection in cybersecurity.

Findings

Federated learning enhances intrusion detection accuracy.

FedSam improves model training efficiency.

The system effectively detects malicious network activity.

Abstract

Machine learning has helped advance the field of anomaly detection by incorporating classifiers and autoencoders to decipher between normal and anomalous behavior. Additionally, federated learning has provided a way for a global model to be trained with multiple clients' data without requiring the client to directly share their data. This paper proposes a novel anomaly detector via federated learning to detect malicious network activity on a client's server. In our experiments, we use an autoencoder with a classifier in a federated learning framework to determine if the network activity is benign or malicious. By using our novel min-max scalar and sampling technique, called FedSam, we determined federated learning allows the global model to learn from each client's data and, in turn, provide a means for each client to improve their intrusion detection system's defense against cyber-attacks.