Please wait a minute...
浙江大学学报(工学版)
Journal of ZheJiang University (Engineering Science)  2025, Vol. 59 Issue (6): 1201-1210    DOI: 10.3785/j.issn.1008-973X.2025.06.011
    
Network intrusion detection method based on federated learning and spatiotemporal feature fusion
Lihong WANG1(),Xinqian LIU1,2,*(),Jing LI1,Zhiquan FENG2,3
1. School of Computer Science and Technology, Shandong University of Technology, Zibo 255000, China
2. Shandong Provincial Key Laboratory of Network Based Intelligent Computing, Jinan 250000, China
3. Artificial Intelligence Institute, University of Jinan, Jinan 250000, China
Download: HTML     PDF(1580KB) HTML
Export: BibTeX | EndNote (RIS)      

Abstract  

To address the limitations of incomplete feature extraction and the issues of data silos and privacy leakage in traditional centralized intrusion detection systems, an intrusion detection method based on federated learning and spatio-temporal feature fusion was proposed. Convolutional neural networks and long short-term memory networks were used to extract temporal and spatial features respectively. These extracted features were then concatenated in parallel to generate fused features. A multi-head attention mechanism was employed to identify critical characteristics within the network traffic data, followed by training through bidirectional gated recurrent units and final classification via Softmax function. During the model training process, in order to prevent privacy leakage, the inherent characteristics of federated learning were leveraged to enable data to remain local for neural network model training. Experimental results demonstrated that the proposed model achieved accuracy rates of 99.00%, 97.64%, and 75.28% on the CIC-IDS2018, NSL-KDD, and UNSW-NB15 datasets, respectively.

Key wordsintrusion detection      deep learning      federated learning      convolutional neural network (CNN)      long short-term memory network (LSTM)     
Received: 11 April 2024      Published: 30 May 2025
CLC:  TP 399  
Fund:  山东省网络环境智能计算技术重点实验室开放基金资助项目.
Corresponding Authors: Xinqian LIU     E-mail: 1872897112@qq.com;lxq@sdut.edu.cn
Service
E-mail this article
Add to my bookshelf
Add to citation manager
E-mail Alert
RSS
Articles by authors
Lihong WANG
Xinqian LIU
Jing LI
Zhiquan FENG
Cite this article:

Lihong WANG,Xinqian LIU,Jing LI,Zhiquan FENG. Network intrusion detection method based on federated learning and spatiotemporal feature fusion. Journal of ZheJiang University (Engineering Science), 2025, 59(6): 1201-1210.

URL:

https://www.zjujournals.com/eng/10.3785/j.issn.1008-973X.2025.06.011     OR     https://www.zjujournals.com/eng/Y2025/V59/I6/1201


基于联邦学习和时空特征融合的网络入侵检测方法

针对数据特征提取不全面、传统集中式入侵检测方法存在数据壁垒与隐私泄露的问题,提出基于联邦学习和时空特征融合的入侵检测方法.该方法旨在通过卷积神经网络和长短期记忆网络提取时间和空间特征,将提取的特征“并联”得到融合特征,通过多头注意力机制识别网络流量数据中的重要特征,通过双向门控循环单元进行训练,随后通过Softmax函数进行分类. 在模型训练过程中,为了防止隐私泄露,结合联邦学习的固有特性,允许数据留在本地用于训练神经网络模型.实验结果表明,该模型在数据集CIC-IDS2018、NSL-KDD和UNSW-NB15上的准确率分别达到99.00%、97.64%和75.28%.


关键词: 入侵检测,  深度学习,  联邦学习,  卷积神经网络(CNN),  长短期记忆网络(LSTM) 
Fig.1 Intrusion detection framework
Fig.2 FL-CNN-LSTM methodology overview
Fig.3 CNN structure model diagram
Fig.4 FL structure model diagram
Fig.5 Model diagram of CNN-LSTM tandem structure
数据集A/%F1/%
并联串联并联串联
CIC-IDS201899.006.6399.010.86
NSL-KDD97.6496.6967.7958.40
UNSW-NB1575.2810.0873.711.87
Tab.1 Accuracy and F1 score for different connection methods
数据集A/%F1/%
CIC-IDS201899.0098.6699.0198.66
NSL-KDD97.6497.0267.7958.39
UNSW-NB1575.2867.9873.7165.22
Tab.2 Accuracy and F1 score with or without attention mechanisms
数据集A/%F1/%
联邦集中联邦集中
CIC-IDS201899.0099.0899.0199.14
NSL-KDD97.6497.8867.7968.12
UNSW-NB1575.2877.4273.7176.36
Tab.3 Accuracy and F1 score with federated or centralized learning
Fig.6 Comparison of detection results of CIC-IDS2018 dataset
Fig.7 Comparison of detection results of NSL-KDD dataset
Fig.8 Comparison of detection results of UNSW-NB15 dataset
[1]   AMARAL A A, DE SOUZA MENDES L, ZARPELÃO B B, et al Deep IP flow inspection to detect beyond network anomalies[J]. Computer Communications, 2017, 98: 80- 96
doi: 10.1016/j.comcom.2016.12.007
[2]   HINDY H, ATKINSON R, TACHTATZIS C, et al Utilising deep learning techniques for effective zero-day attack detection[J]. Electronics, 2020, 9 (10): 1684
doi: 10.3390/electronics9101684
[3]   SAID R B, ASKERZADE I. Attention-based CNN-BiLSTM deep learning approach for network intrusion detection system in software defined networks [C]// 5th International Conference on Problems of Cybernetics and Informatics. Baku: IEEE, 2023: 1–5.
[4]   KHAN M A HCRNNIDS: hybrid convolutional recurrent neural network-based network intrusion detection system[J]. Processes, 2021, 9 (5): 834
doi: 10.3390/pr9050834
[5]   WISANWANICHTHAN T, THAMMAWICHAI M A double-layered hybrid approach for network intrusion detection system using combined naive Bayes and SVM[J]. IEEE Access, 2021, 9: 138432- 138450
doi: 10.1109/ACCESS.2021.3118573
[6]   SAADAT H, ABOUMADI A, MOHAMED A, et al. Hierarchical federated learning for collaborative IDS in IoT applications [C]// 10th Mediterranean Conference on Embedded Computing. Budva: IEEE, 2021: 1–6.
[7]   ZHAO R, WANG Y, XUE Z, et al Semisupervised federated-learning-based intrusion detection method for Internet of Things[J]. IEEE Internet of Things Journal, 2023, 10 (10): 8645- 8657
doi: 10.1109/JIOT.2022.3175918
[8]   OKEY O D, MELGAREJO D C, SAADI M, et al Transfer learning approach to IDS on cloud IoT devices using optimized CNN[J]. IEEE Access, 2023, 11: 1023- 1038
doi: 10.1109/ACCESS.2022.3233775
[9]   SONG J, WANG X, HE M, et al CSK-CNN: network intrusion detection model based on two-layer convolution neural network for handling imbalanced dataset[J]. Information, 2023, 14 (2): 130
doi: 10.3390/info14020130
[10]   AZIZJON M, JUMABEK A, KIM W. 1D CNN based network intrusion detection with normalization on imbalanced data [C]// International Conference on Artificial Intelligence in Information and Communication. Fukuoka: IEEE, 2020: 218–224.
[11]   缪祥华, 单小撤 基于密集连接卷积神经网络的入侵检测技术研究[J]. 电子与信息学报, 2020, 42 (11): 2706- 2712
MIAO Xianghua, SHAN Xiaoche Research on intrusion detection technology based on densely connected convolutional neural networks[J]. Journal of Electronics and Information Technology, 2020, 42 (11): 2706- 2712
doi: 10.11999/JEIT190655
[12]   ALKADI O, MOUSTAFA N, TURNBULL B, et al A deep blockchain framework-enabled collaborative intrusion detection for protecting IoT and cloud networks[J]. IEEE Internet of Things Journal, 2021, 8 (12): 9463- 9472
doi: 10.1109/JIOT.2020.2996590
[13]   SIVAMOHAN S, SRIDHAR S S, KRISHNAVENI S. An effective recurrent neural network (RNN) based intrusion detection via bi-directional long short-term memory [C]// International Conference on Intelligent Technologies. Hubli: IEEE, 2021: 1–5.
[14]   TANG T A, MHAMDI L, MCLERNON D, et al. Deep recurrent neural network for intrusion detection in SDN-based networks [C]// 4th IEEE Conference on Network Softwarization and Workshops. Montreal: IEEE, 2018: 202–206.
[15]   THILAGAM T, ARUNA R Intrusion detection for network based cloud computing by custom RC-NN and optimization[J]. ICT Express, 2021, 7 (4): 512- 520
doi: 10.1016/j.icte.2021.04.006
[16]   WANG W, SHENG Y, WANG J, et al HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J]. IEEE Access, 2017, 6: 1792- 1806
[17]   HALBOUNI A, GUNAWAN T S, HABAEBI M H, et al CNN-LSTM: hybrid deep neural network for network intrusion detection system[J]. IEEE Access, 2022, 10: 99837- 99849
doi: 10.1109/ACCESS.2022.3206425
[18]   MYNHOFF P A, MOCANU E, GIBESCU M. Statistical learning versus deep learning: performance comparison for building energy prediction methods [C]// IEEE/PES Innovative Smart Grid Technologies Conference Europe. Piscataway: IEEE, 2018: 1–6.
[19]   SHISRUT R, AISHWARYA S, VINAYAKUMAR R, et al Intrusion detection systems using classical machine learning techniques vs integrated unsupervised feature learning and deep neural network[J]. Internet Technology Letters, 2020, 5 (1): e232
[20]   MOTHUKURI V, KHARE P, PARIZI R M, et al Federated-learning-based anomaly detection for IoT security attacks[J]. IEEE Internet of Things Journal, 2022, 9 (4): 2545- 2554
doi: 10.1109/JIOT.2021.3077803
[21]   ZHAO Y, CHEN J, WU D, et al. Multi-task network anomaly detection using federated learning [C]// 10th International Symposium on Information and Communication Technology. NewYork: ACM, 2019: 273–279.
[22]   FRIHA O, FERRAG M A, SHU L, et al FELIDS: federated learning-based intrusion detection system for agricultural Internet of Things[J]. Journal of Parallel and Distributed Computing, 2022, 165: 17- 31
doi: 10.1016/j.jpdc.2022.03.003
[23]   ANASTASAKIS Z, PSYCHOGYIOS K, VELIVASSAKI T, et al. Enhancing cyber security in IoT systems using FL-based IDS with differential privacy [C]// Global Information Infrastructure and Networking Symposium. Argostoli: IEEE, 2022: 30–34.
[24]   ALI AL-ATHBA AL-MARRI N, CIFTLER B S, ABDALLAH M M. Federated mimic learning for privacy preserving intrusion detection [C]// IEEE International Black Sea Conference on Communications and Networking. Odessa: IEEE, 2020: 1–6.
[25]   SHARAFALDIN I, LASHKARI A H, GHORBANI A Toward generating a new intrusion detection dataset and intrusion traffic characterization[J]. ICISSp, 2018, 1: 108- 116
[26]   CHAE H, JO B, CHOI S H, et al Feature selection for intrusion detection using NSL-KDD[J]. Recent Advances in Computer Science, 2013, 20132: 184- 187
[1] Yongqing CAI,Cheng HAN,Wei QUAN,Wudi CHEN. Visual induced motion sickness estimation model based on attention mechanism[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(6): 1110-1118.
[2] Zan CHEN,Ran LI,Yuanjing FENG,Yongqiang LI. Video snapshot compressive imaging reconstruction based on temporal super-resolution[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(5): 956-963.
[3] Li MA,Yongshun WANG,Yao HU,Lei FAN. Pre-trained long-short spatiotemporal interleaved Transformer for traffic flow prediction applications[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(4): 669-678.
[4] Qiaohong CHEN,Menghao GUO,Xian FANG,Qi SUN. Image captioning based on cross-modal cascaded diffusion model[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(4): 787-794.
[5] Zhengyu GU,Feifei LAI,Chen GENG,Ximing WANG,Yakang DAI. Knowledge-guided infarct segmentation of ischemic stroke[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(4): 814-820.
[6] Minghui YAO,Yueyan WANG,Qiliang WU,Yan NIU,Cong WANG. Siamese networks algorithm based on small human motion behavior recognition[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(3): 504-511.
[7] Liming LIANG,Pengwei LONG,Jiaxin JIN,Renjie LI,Lu ZENG. Steel surface defect detection algorithm based on improved YOLOv8s[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(3): 512-522.
[8] Kaibo YANG,Mingen ZHONG,Jiawei TAN,Zhiying DENG,Mengli ZHOU,Ziji XIAO. Small-scale sparse smoke detection in multiple fire scenarios based on semi-supervised learning[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(3): 546-556.
[9] Zhichao CHEN,Jie YANG,Fan LI,Zhicheng FENG. Review on deep learning-based key algorithm for train running environment perception[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(1): 1-17.
[10] Dengfeng LIU,Shihai CHEN,Wenjing GUO,Zhilei CHAI. Efficient halftone algorithm based on lightweight residual networks[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(1): 62-69.
[11] Yi ZHAO,Chun AN,Minghao LI,Jianxiao MA,Shuo HUAI. Selection of lane-changing distance for vehicles in urban expressway interchange weaving section[J]. Journal of ZheJiang University (Engineering Science), 2025, 59(1): 205-212.
[12] Fan LI,Jie YANG,Zhicheng FENG,Zhichao CHEN,Yunxiao FU. Pantograph-catenary contact point detection method based on image recognition[J]. Journal of ZheJiang University (Engineering Science), 2024, 58(9): 1801-1810.
[13] Li XIAO,Zhigang CAO,Haoran LU,Zhijian HUANG,Yuanqiang CAI. Elastic metamaterial design based on deep learning and gradient optimization[J]. Journal of ZheJiang University (Engineering Science), 2024, 58(9): 1892-1901.
[14] Shuhan WU,Dan WANG,Yuanfang CHEN,Ziyu JIA,Yueqi ZHANG,Meng XU. Attention-fused filter bank dual-view graph convolution motor imagery EEG classification[J]. Journal of ZheJiang University (Engineering Science), 2024, 58(7): 1326-1335.
[15] Linrui LI,Dongsheng WANG,Hongjie FAN. Fact-based similar case retrieval methods based on statutory knowledge[J]. Journal of ZheJiang University (Engineering Science), 2024, 58(7): 1357-1365.