Decentralized Collaborative Model Learning for Enhanced Distributed Intrusion Detection

Abstract

The increasing reliance on networked technologies has triggered a digital transformation in interconnected systems through integrating diverse technologies. This interconnectivity has considerably expanded the attack surface of networks, resulting in a proliferation of cyber-attacks both in number and sophistication. To counteract this trend, the analysis of network traffic through Intrusion Detection Systems (IDS) has emerged as a critical component in the arsenal of network security tools. In response to the escalating rate and complexity of cyber-attacks, researchers have turned to Machine Learning (ML) and Deep Learning (DL) techniques to develop IDS capable of addressing both known and zero-day attacks. While a considerable volume of work has conventionally focused on centralized approaches, this study conducts an empirical investigation of a decentralized learning framework for detecting network intrusions. The proposed scheme adopts a framework that leverages federated learning to surmount the limitations associated with centralized data, integrating federated learning with potent privacy mechanisms, differential privacy to fortify IDS. The analysis of both centralized and decentralized learning scenarios discloses nuanced insights into detection performance. The centralized approach achieves a TPR of 99.51%, followed by 98.05% and 95.31% for the decentralized approach without and with privacy enhancement scheme, respectively. While the centralized approach exhibits slightly better detection performance, its impact on data privacy renders it impractical for real-world implementation. The results underscore the efficiency and efficacy of the designed framework, establishing a model that classifies distinct benign and intrusive traffic patterns from various organizations without requiring inter-organizational data exchange.