An Interpretable Federated Learning-based Network Intrusion Detection Framework
This addresses the need for interpretable and privacy-preserving intrusion detection for cybersecurity applications, though it appears incremental as it combines existing methods.
The paper tackles the problem of interpretability and data privacy in network intrusion detection systems by proposing FEDFOREST, a framework combining Gradient Boosting Decision Trees with Federated Learning, which achieved first place in a 2021 competition and demonstrated effectiveness across 4 datasets.
Learning-based Network Intrusion Detection Systems (NIDSs) are widely deployed for defending various cyberattacks. Existing learning-based NIDS mainly uses Neural Network (NN) as a classifier that relies on the quality and quantity of cyberattack data. Such NN-based approaches are also hard to interpret for improving efficiency and scalability. In this paper, we design a new local-global computation paradigm, FEDFOREST, a novel learning-based NIDS by combining the interpretable Gradient Boosting Decision Tree (GBDT) and Federated Learning (FL) framework. Specifically, FEDFOREST is composed of multiple clients that extract local cyberattack data features for the server to train models and detect intrusions. A privacy-enhanced technology is also proposed in FEDFOREST to further defeat the privacy of the FL systems. Extensive experiments on 4 cyberattack datasets of different tasks demonstrate that FEDFOREST is effective, efficient, interpretable, and extendable. FEDFOREST ranks first in the collaborative learning and cybersecurity competition 2021 for Chinese college students.