Developing a Transferable Federated Network Intrusion Detection System

TL;DR

This paper presents a deep learning-based federated intrusion detection system that enhances transferability across devices and datasets, using novel algorithms and a CNN model to improve detection of unknown attacks in a distributed network environment.

Contribution

It introduces algorithms and a CNN model that significantly improve transferability and generalization of intrusion detection systems across devices and datasets.

Findings

Achieves superior transferability performance.

Maintains high local detection rates.

Generalizes across datasets and different model backbones.

Abstract

Intrusion Detection Systems (IDS) are a vital part of a network-connected device. In this paper, we develop a deep learning based intrusion detection system that is deployed in a distributed setup across devices connected to a network. Our aim is to better equip deep learning models against unknown attacks using knowledge from known attacks. To this end, we develop algorithms to maximize the number of transferability relationships. We propose a Convolutional Neural Network (CNN) model, along with two algorithms that maximize the number of relationships observed. One is a two step data pre-processing stage, and the other is a Block-Based Smart Aggregation (BBSA) algorithm. The proposed system succeeds in achieving superior transferability performance while maintaining impressive local detection rates. We also show that our method is generalizable, exhibiting transferability potential across datasets and even with different backbones. The code for this work can be found at https://github.com/ghosh64/tabfidsv2.