Machine learning has helped advance the field of anomaly detection by incorporating classifiers and autoencoders to decipher between normal and anomalous behavior. Additionally, federated learning has provided a way for a global model to be trained with multiple clients' data without requiring the client to directly share their data. This paper proposes a novel anomaly detector via federated learning to detect malicious network activity on a client's server. In our experiments, we use an autoencoder with a classifier in a federated learning framework to determine if the network activity is benign or malicious. By using our novel min-max scalar and sampling technique, called FedSam, we determined federated learning allows the global model to learn from each client's data and, in turn, provide a means for each client to improve their intrusion detection system's defense against cyber-attacks.
翻译:机器学习通过整合分类器和自动编码器,在正常行为和异常行为之间进行分解,帮助推进异常现象检测领域。 此外,联合学习提供了一种方法,使全球模型在不要求客户直接分享数据的情况下接受多个客户数据的培训。本文提出通过联合学习发现异常现象检测器,以探测客户服务器上的恶意网络活动。在实验中,我们使用一个带有分类器的自动编码器,在联合学习框架中确定网络活动是无害还是恶意的。我们确定,通过使用我们的新颖的微麦卡路拉和取样技术,即FedSam,我们确定联合学习使全球模型能够从每个客户的数据中学习,并反过来为每个客户提供一种手段,以改进其入侵探测系统对网络攻击的防御。