The constantly evolving digital transformation imposes new requirements on our society. Aspects relating to reliance on the networking domain and the difficulty of achieving security by design pose a challenge today. As a result, data-centric and machine-learning approaches arose as feasible solutions for securing large networks. Although, in the network security domain, ML-based solutions face a challenge regarding the capability to generalize between different contexts. In other words, solutions based on specific network data usually do not perform satisfactorily on other networks. This paper describes the stacked-unsupervised federated learning (FL) approach to generalize on a cross-silo configuration for a flow-based network intrusion detection system (NIDS). The proposed approach we have examined comprises a deep autoencoder in conjunction with an energy flow classifier in an ensemble learning task. Our approach performs better than traditional local learning and naive cross-evaluation (training in one context and testing on another network data). Remarkably, the proposed approach demonstrates a sound performance in the case of non-iid data silos. In conjunction with an informative feature in an ensemble architecture for unsupervised learning, we advise that the proposed FL-based NIDS results in a feasible approach for generalization between heterogeneous networks. To the best of our knowledge, our proposal is the first successful approach to applying unsupervised FL on the problem of network intrusion detection generalization using flow-based data.
翻译:不断演变的数字化转型给我们的社会带来了新的要求。与依赖网络领域和难以通过设计实现安全有关的方面今天构成了挑战。结果,数据中心和机器学习方法成为确保大型网络安全的可行解决办法。虽然在网络安全领域,基于ML的解决办法在推广不同背景的能力方面面临着挑战。换句话说,基于具体网络数据的解决办法通常不能令人满意地在其他网络上发挥作用。本文件描述了堆叠而不受监督的未经监督的联动学习(FL)方法,以概括流基网络入侵探测系统跨空间配置。因此,我们所研究的拟议方法包括一个深度自动编码器,与一个能源流分类器一起,共同执行共同的学习任务。我们的方法比传统的本地学习和天真的交叉评价能力(在一种背景下进行培训和测试另一个网络数据)要好。 值得注意的是,拟议的方法在非二基数据集中表现出良好的表现。与一个内容化结构中的信息特征,用于不以流为基础的网络入侵探测系统(NIL)系统,我们建议,在不精确的网络中采用最佳的流式搜索方法。