FLAD: Adaptive Federated Learning for DDoS attack detection

被引:33
作者
Doriguzzi-Corin, Roberto [1 ]
Siracusa, Domenico [1 ]
机构
[1] Fdn Bruno Kessler, Cybersecur Ctr, Trento, Italy
关键词
Network security; Intrusion detection; Distributed denial of service; Federated Learning; Heterogeneous data;
D O I
10.1016/j.cose.2023.103597
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Federated Learning (FL) has been recently receiving increasing consideration from the cybersecurity community as a way to collaboratively train deep learning models with distributed profiles of cyber threats, with no disclosure of training data. Nevertheless, the adoption of FL in cybersecurity is still in its infancy, and a range of practical aspects have not been properly addressed yet. Indeed, the Federated Averaging algorithm at the core of the FL concept requires the availability of test data to control the FL process. Although this might be feasible in some domains, test network traffic of newly discovered attacks cannot be always shared without disclosing sensitive information. In this paper, we address the convergence of the FL process in dynamic cybersecurity scenarios, where the trained model must be frequently updated with new recent attack profiles to empower all members of the federation with the latest detection features. To this aim, we propose FLAD (adaptive Federated Learning Approach to DDoS attack detection), an FL solution for cybersecurity applications based on an adaptive mechanism that orchestrates the FL process by dynamically assigning more computation to those members whose attacks profiles are harder to learn, without the need of sharing any test data to monitor the performance of the trained model. Using a recent dataset of DDoS attacks, we demonstrate that FLAD outperforms state-of-the-art FL algorithms in terms of convergence time and accuracy across a range of unbalanced datasets of heterogeneous DDoS attacks. We also show the robustness of our approach in a realistic scenario, where we retrain the deep learning model multiple times to introduce the profiles of new attacks on a pre-trained model.
引用
收藏
页数:13
相关论文
共 52 条
[1]  
Abadi M, 2016, PROCEEDINGS OF OSDI'16: 12TH USENIX SYMPOSIUM ON OPERATING SYSTEMS DESIGN AND IMPLEMENTATION, P265
[2]  
Antonakakis M, 2017, PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY '17), P1093
[3]  
Bagdasaryan E, 2020, PR MACH LEARN RES, V108, P2938
[4]   A Survey of Deep Learning Methods for Cyber Security [J].
Berman, Daniel S. ;
Buczak, Anna L. ;
Chavis, Jeffrey S. ;
Corbett, Cherita L. .
INFORMATION, 2019, 10 (04)
[5]   Federated learning with hierarchical clustering of local updates to improve training on non-IID data [J].
Briggs, Christopher ;
Fan, Zhong ;
Andras, Peter .
2020 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2020,
[6]  
Combs G., 2022, TSHARK DUMP ANAL NET
[7]   DDoS Attack Detection via Privacy-aware Federated Learning and Collaborative Mitigation in Multi-domain Cyber Infrastructures [J].
Dimolianis, Marinos ;
Kalogeras, Dimitrios K. ;
Kostopoulos, Nikos ;
Maglaris, Vasilis .
PROCEEDINGS OF THE 2022 IEEE 11TH INTERNATIONAL CONFERENCE ON CLOUD NETWORKING (IEEE CLOUDNET 2022), 2022, :118-125
[8]   Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection [J].
Doriguzzi-Corin, R. ;
Millar, S. ;
Scott-Hayward, S. ;
Martinez-del-Rincon, J. ;
Siracusa, D. .
IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2020, 17 (02) :876-889
[9]  
Doriguzzi-Corin Roberto, 2023, FLAD source code
[10]   Self-Balancing Federated Learning With Global Imbalanced Data in Mobile Systems [J].
Duan, Moming ;
Liu, Duo ;
Chen, Xianzhang ;
Liu, Renping ;
Tan, Yujuan ;
Liang, Liang .
IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2021, 32 (01) :59-71