|
|
|
| Network intrusion detection method based on federated learning and spatiotemporal feature fusion |
Lihong WANG1( ),Xinqian LIU1,2,*(),Jing LI1,Zhiquan FENG2,3 |
1. School of Computer Science and Technology, Shandong University of Technology, Zibo 255000, China
2. Shandong Provincial Key Laboratory of Network Based Intelligent Computing, Jinan 250000, China
3. Artificial Intelligence Institute, University of Jinan, Jinan 250000, China |
|
|
|
Abstract To address the limitations of incomplete feature extraction and the issues of data silos and privacy leakage in traditional centralized intrusion detection systems, an intrusion detection method based on federated learning and spatio-temporal feature fusion was proposed. Convolutional neural networks and long short-term memory networks were used to extract temporal and spatial features respectively. These extracted features were then concatenated in parallel to generate fused features. A multi-head attention mechanism was employed to identify critical characteristics within the network traffic data, followed by training through bidirectional gated recurrent units and final classification via Softmax function. During the model training process, in order to prevent privacy leakage, the inherent characteristics of federated learning were leveraged to enable data to remain local for neural network model training. Experimental results demonstrated that the proposed model achieved accuracy rates of 99.00%, 97.64%, and 75.28% on the CIC-IDS2018, NSL-KDD, and UNSW-NB15 datasets, respectively.
|
|
Received: 11 April 2024
Published: 30 May 2025
|
|
|
| Fund: 山东省网络环境智能计算技术重点实验室开放基金资助项目. |
|
Corresponding Authors:
Xinqian LIU
E-mail: 1872897112@qq.com;lxq@sdut.edu.cn
|
基于联邦学习和时空特征融合的网络入侵检测方法
针对数据特征提取不全面、传统集中式入侵检测方法存在数据壁垒与隐私泄露的问题,提出基于联邦学习和时空特征融合的入侵检测方法.该方法旨在通过卷积神经网络和长短期记忆网络提取时间和空间特征,将提取的特征“并联”得到融合特征,通过多头注意力机制识别网络流量数据中的重要特征,通过双向门控循环单元进行训练,随后通过Softmax函数进行分类. 在模型训练过程中,为了防止隐私泄露,结合联邦学习的固有特性,允许数据留在本地用于训练神经网络模型.实验结果表明,该模型在数据集CIC-IDS2018、NSL-KDD和UNSW-NB15上的准确率分别达到99.00%、97.64%和75.28%.
关键词:
入侵检测,
深度学习,
联邦学习,
卷积神经网络(CNN),
长短期记忆网络(LSTM)
|
|
| [1] |
AMARAL A A, DE SOUZA MENDES L, ZARPELÃO B B, et al Deep IP flow inspection to detect beyond network anomalies[J]. Computer Communications, 2017, 98: 80- 96
doi: 10.1016/j.comcom.2016.12.007
|
|
|
| [2] |
HINDY H, ATKINSON R, TACHTATZIS C, et al Utilising deep learning techniques for effective zero-day attack detection[J]. Electronics, 2020, 9 (10): 1684
doi: 10.3390/electronics9101684
|
|
|
| [3] |
SAID R B, ASKERZADE I. Attention-based CNN-BiLSTM deep learning approach for network intrusion detection system in software defined networks [C]// 5th International Conference on Problems of Cybernetics and Informatics. Baku: IEEE, 2023: 1–5.
|
|
|
| [4] |
KHAN M A HCRNNIDS: hybrid convolutional recurrent neural network-based network intrusion detection system[J]. Processes, 2021, 9 (5): 834
doi: 10.3390/pr9050834
|
|
|
| [5] |
WISANWANICHTHAN T, THAMMAWICHAI M A double-layered hybrid approach for network intrusion detection system using combined naive Bayes and SVM[J]. IEEE Access, 2021, 9: 138432- 138450
doi: 10.1109/ACCESS.2021.3118573
|
|
|
| [6] |
SAADAT H, ABOUMADI A, MOHAMED A, et al. Hierarchical federated learning for collaborative IDS in IoT applications [C]// 10th Mediterranean Conference on Embedded Computing. Budva: IEEE, 2021: 1–6.
|
|
|
| [7] |
ZHAO R, WANG Y, XUE Z, et al Semisupervised federated-learning-based intrusion detection method for Internet of Things[J]. IEEE Internet of Things Journal, 2023, 10 (10): 8645- 8657
doi: 10.1109/JIOT.2022.3175918
|
|
|
| [8] |
OKEY O D, MELGAREJO D C, SAADI M, et al Transfer learning approach to IDS on cloud IoT devices using optimized CNN[J]. IEEE Access, 2023, 11: 1023- 1038
doi: 10.1109/ACCESS.2022.3233775
|
|
|
| [9] |
SONG J, WANG X, HE M, et al CSK-CNN: network intrusion detection model based on two-layer convolution neural network for handling imbalanced dataset[J]. Information, 2023, 14 (2): 130
doi: 10.3390/info14020130
|
|
|
| [10] |
AZIZJON M, JUMABEK A, KIM W. 1D CNN based network intrusion detection with normalization on imbalanced data [C]// International Conference on Artificial Intelligence in Information and Communication. Fukuoka: IEEE, 2020: 218–224.
|
|
|
| [11] |
缪祥华, 单小撤 基于密集连接卷积神经网络的入侵检测技术研究[J]. 电子与信息学报, 2020, 42 (11): 2706- 2712
MIAO Xianghua, SHAN Xiaoche Research on intrusion detection technology based on densely connected convolutional neural networks[J]. Journal of Electronics and Information Technology, 2020, 42 (11): 2706- 2712
doi: 10.11999/JEIT190655
|
|
|
| [12] |
ALKADI O, MOUSTAFA N, TURNBULL B, et al A deep blockchain framework-enabled collaborative intrusion detection for protecting IoT and cloud networks[J]. IEEE Internet of Things Journal, 2021, 8 (12): 9463- 9472
doi: 10.1109/JIOT.2020.2996590
|
|
|
| [13] |
SIVAMOHAN S, SRIDHAR S S, KRISHNAVENI S. An effective recurrent neural network (RNN) based intrusion detection via bi-directional long short-term memory [C]// International Conference on Intelligent Technologies. Hubli: IEEE, 2021: 1–5.
|
|
|
| [14] |
TANG T A, MHAMDI L, MCLERNON D, et al. Deep recurrent neural network for intrusion detection in SDN-based networks [C]// 4th IEEE Conference on Network Softwarization and Workshops. Montreal: IEEE, 2018: 202–206.
|
|
|
| [15] |
THILAGAM T, ARUNA R Intrusion detection for network based cloud computing by custom RC-NN and optimization[J]. ICT Express, 2021, 7 (4): 512- 520
doi: 10.1016/j.icte.2021.04.006
|
|
|
| [16] |
WANG W, SHENG Y, WANG J, et al HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection[J]. IEEE Access, 2017, 6: 1792- 1806
|
|
|
| [17] |
HALBOUNI A, GUNAWAN T S, HABAEBI M H, et al CNN-LSTM: hybrid deep neural network for network intrusion detection system[J]. IEEE Access, 2022, 10: 99837- 99849
doi: 10.1109/ACCESS.2022.3206425
|
|
|
| [18] |
MYNHOFF P A, MOCANU E, GIBESCU M. Statistical learning versus deep learning: performance comparison for building energy prediction methods [C]// IEEE/PES Innovative Smart Grid Technologies Conference Europe. Piscataway: IEEE, 2018: 1–6.
|
|
|
| [19] |
SHISRUT R, AISHWARYA S, VINAYAKUMAR R, et al Intrusion detection systems using classical machine learning techniques vs integrated unsupervised feature learning and deep neural network[J]. Internet Technology Letters, 2020, 5 (1): e232
|
|
|
| [20] |
MOTHUKURI V, KHARE P, PARIZI R M, et al Federated-learning-based anomaly detection for IoT security attacks[J]. IEEE Internet of Things Journal, 2022, 9 (4): 2545- 2554
doi: 10.1109/JIOT.2021.3077803
|
|
|
| [21] |
ZHAO Y, CHEN J, WU D, et al. Multi-task network anomaly detection using federated learning [C]// 10th International Symposium on Information and Communication Technology. NewYork: ACM, 2019: 273–279.
|
|
|
| [22] |
FRIHA O, FERRAG M A, SHU L, et al FELIDS: federated learning-based intrusion detection system for agricultural Internet of Things[J]. Journal of Parallel and Distributed Computing, 2022, 165: 17- 31
doi: 10.1016/j.jpdc.2022.03.003
|
|
|
| [23] |
ANASTASAKIS Z, PSYCHOGYIOS K, VELIVASSAKI T, et al. Enhancing cyber security in IoT systems using FL-based IDS with differential privacy [C]// Global Information Infrastructure and Networking Symposium. Argostoli: IEEE, 2022: 30–34.
|
|
|
| [24] |
ALI AL-ATHBA AL-MARRI N, CIFTLER B S, ABDALLAH M M. Federated mimic learning for privacy preserving intrusion detection [C]// IEEE International Black Sea Conference on Communications and Networking. Odessa: IEEE, 2020: 1–6.
|
|
|
| [25] |
SHARAFALDIN I, LASHKARI A H, GHORBANI A Toward generating a new intrusion detection dataset and intrusion traffic characterization[J]. ICISSp, 2018, 1: 108- 116
|
|
|
| [26] |
CHAE H, JO B, CHOI S H, et al Feature selection for intrusion detection using NSL-KDD[J]. Recent Advances in Computer Science, 2013, 20132: 184- 187
|
|
|
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
| |
Shared |
|
|
|
|
| |
Discussed |
|
|
|
|
