Network Anomaly Detection Using Federated Learning

TL;DR

This paper introduces a federated learning framework for network anomaly detection that enhances scalability, privacy, and efficiency, outperforming traditional centralized models in accuracy and speed.

Contribution

It presents a novel deep neural network approach for federated network anomaly detection suitable for low to mid-end devices, addressing scalability and privacy issues.

Findings

Achieved 97.21% accuracy on UNSW-NB15 dataset

Reduced training time compared to centralized models

Enhanced privacy by not sharing raw training data

Abstract

Due to the veracity and heterogeneity in network traffic, detecting anomalous events is challenging. The computational load on global servers is a significant challenge in terms of efficiency, accuracy, and scalability. Our primary motivation is to introduce a robust and scalable framework that enables efficient network anomaly detection. We address the issue of scalability and efficiency for network anomaly detection by leveraging federated learning, in which multiple participants train a global model jointly. Unlike centralized training architectures, federated learning does not require participants to upload their training data to the server, preventing attackers from exploiting the training data. Moreover, most prior works have focused on traditional centralized machine learning, making federated machine learning under-explored in network anomaly detection. Therefore, we propose a deep neural network framework that could work on low to mid-end devices detecting network anomalies while checking if a request from a specific IP address is malicious or not. Compared to multiple traditional centralized machine learning models, the deep neural federated model reduces training time overhead. The proposed method performs better than baseline machine learning techniques on the UNSW-NB15 data set as measured by experiments conducted with an accuracy of 97.21% and a faster computation time.