A Cyber Threat Intelligence Sharing Scheme based on Federated Learning for Network Intrusion Detection

by   Mohanad Sarhan, et al.

The uses of Machine Learning (ML) in detection of network attacks have been effective when designed and evaluated in a single organisation. However, it has been very challenging to design an ML-based detection system by utilising heterogeneous network data samples originating from several sources. This is mainly due to privacy concerns and the lack of a universal format of datasets. In this paper, we propose a collaborative federated learning scheme to address these issues. The proposed framework allows multiple organisations to join forces in the design, training, and evaluation of a robust ML-based network intrusion detection system. The threat intelligence scheme utilises two critical aspects for its application; the availability of network data traffic in a common format to allow for the extraction of meaningful patterns across data sources. Secondly, the adoption of a federated learning mechanism to avoid the necessity of sharing sensitive users' information between organisations. As a result, each organisation benefits from other organisations cyber threat intelligence while maintaining the privacy of its data internally. The model is trained locally and only the updated weights are shared with the remaining participants in the federated averaging process. The framework has been designed and evaluated in this paper by using two key datasets in a NetFlow format known as NF-UNSW-NB15-v2 and NF-BoT-IoT-v2. Two other common scenarios are considered in the evaluation process; a centralised training method where the local data samples are shared with other organisations and a localised training method where no threat intelligence is shared. The results demonstrate the efficiency and effectiveness of the proposed framework by designing a universal ML model effectively classifying benign and intrusive traffic originating from multiple organisations without the need for local data exchange.


HBFL: A Hierarchical Blockchain-based Federated Learning Framework for a Collaborative IoT Intrusion Detection

The continuous strengthening of the security posture of IoT ecosystems i...

Leveraging Sharing Communities to Achieve Federated Learning for Cybersecurity

Automated cyber threat detection in computer networks is a major challen...

Collaborative Information Sharing for ML-Based Threat Detection

Recently, coordinated attack campaigns started to become more widespread...

Dancing in the Dark: Private Multi-Party Machine Learning in an Untrusted Setting

Distributed machine learning (ML) systems today use an unsophisticated t...

Federated Learning Approach for Distributed Ransomware Analysis

Researchers have proposed a wide range of ransomware detection and analy...

GowFed – A novel Federated Network Intrusion Detection System

Network intrusion detection systems are evolving into intelligent system...

Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach

The constantly evolving digital transformation imposes new requirements ...

Please sign up or login with your details

Forgot password? Click here to reset