Decentralized Online Federated G-Network Learning for Lightweight Intrusion Detection

TL;DR

This paper introduces a decentralized online federated learning architecture for intrusion detection in networked systems, enabling multiple components to collaboratively learn from private data without privacy violations, improving detection accuracy.

Contribution

It proposes a novel DOF-ID framework based on G-Networks for privacy-preserving, collaborative, online intrusion detection across distributed system components.

Findings

Significant improvement in intrusion detection accuracy across components.

Effective online learning with acceptable computational overhead.

Validated on Kitsune and Bot-IoT datasets.

Abstract

Cyberattacks are increasingly threatening networked systems, often with the emergence of new types of unknown (zero-day) attacks and the rise of vulnerable devices. Such attacks can also target multiple components of a Supply Chain, which can be protected via Machine Learning (ML)-based Intrusion Detection Systems (IDSs). However, the need to learn large amounts of labelled data often limits the applicability of ML-based IDSs to cybersystems that only have access to private local data, while distributed systems such as Supply Chains have multiple components, each of which must preserve its private data while being targeted by the same attack To address this issue, this paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection (DOF-ID) architecture based on the G-Network model with collaborative learning, that allows each IDS used by a specific component to learn from the experience gained in other components, in addition to its own local data, without violating the data privacy of other components. The performance evaluation results using public Kitsune and Bot-IoT datasets show that DOF-ID significantly improves the intrusion detection performance in all of the collaborating components, with acceptable computation time for online learning.