StatAvg: Mitigating Data Heterogeneity in Federated Learning for Intrusion Detection Systems

TL;DR

This paper introduces StatAvg, a method to reduce data heterogeneity in federated learning for intrusion detection systems by sharing data statistics for improved normalization, enhancing model reliability across diverse clients.

Contribution

The paper proposes StatAvg, a novel data normalization technique that mitigates non-iid data issues in federated learning for cybersecurity applications.

Findings

StatAvg effectively reduces data heterogeneity in federated learning.

The method improves IDS performance on network and host datasets.

StatAvg seamlessly integrates with existing FL strategies.

Abstract

Federated learning (FL) is a decentralized learning technique that enables participating devices to collaboratively build a shared Machine Leaning (ML) or Deep Learning (DL) model without revealing their raw data to a third party. Due to its privacy-preserving nature, FL has sparked widespread attention for building Intrusion Detection Systems (IDS) within the realm of cybersecurity. However, the data heterogeneity across participating domains and entities presents significant challenges for the reliable implementation of an FL-based IDS. In this paper, we propose an effective method called Statistical Averaging (StatAvg) to alleviate non-independently and identically (non-iid) distributed features across local clients' data in FL. In particular, StatAvg allows the FL clients to share their individual data statistics with the server, which then aggregates this information to produce global statistics. The latter are shared with the clients and used for universal data normalisation. It is worth mentioning that StatAvg can seamlessly integrate with any FL aggregation strategy, as it occurs before the actual FL training process. The proposed method is evaluated against baseline approaches using datasets for network and host Artificial Intelligence (AI)-powered IDS. The experimental results demonstrate the efficiency of StatAvg in mitigating non-iid feature distributions across the FL clients compared to the baseline methods.