Decentralized Online Federated G-Network Learning for Lightweight Intrusion Detection
This addresses the problem of protecting vulnerable networked systems from zero-day attacks for cybersecurity applications, but it is incremental as it builds on existing federated learning and G-Network methods.
The paper tackles the challenge of detecting cyberattacks in distributed systems like supply chains where components have private local data, by proposing a decentralized online federated learning architecture based on G-Networks, which improves intrusion detection performance across all collaborating components with acceptable computation time.
Cyberattacks are increasingly threatening networked systems, often with the emergence of new types of unknown (zero-day) attacks and the rise of vulnerable devices. Such attacks can also target multiple components of a Supply Chain, which can be protected via Machine Learning (ML)-based Intrusion Detection Systems (IDSs). However, the need to learn large amounts of labelled data often limits the applicability of ML-based IDSs to cybersystems that only have access to private local data, while distributed systems such as Supply Chains have multiple components, each of which must preserve its private data while being targeted by the same attack To address this issue, this paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection (DOF-ID) architecture based on the G-Network model with collaborative learning, that allows each IDS used by a specific component to learn from the experience gained in other components, in addition to its own local data, without violating the data privacy of other components. The performance evaluation results using public Kitsune and Bot-IoT datasets show that DOF-ID significantly improves the intrusion detection performance in all of the collaborating components, with acceptable computation time for online learning.