Abstract
Machine Learning techniques for network-based intrusion detection are widely adopted in the scientific literature. Besides being highly variable, network traffic behavior changes over time, demanding proposed schemes to be periodically updated to ensure their reliability. Unfortunately, their efficiency is significantly limited in production environments. This paper proposes a new Federated Learning model for reliable network-based intrusion detection with highly confident model updates over time. Our proposed scheme assesses the classification reliability in an unsupervised fashion and rejects potential misclassifications even when outdated. In addition, it significantly eases the model update cost by conducting it in a Federated Learning rationale. To evaluate the effectiveness of our solution, we conduct an experimental campaign with a new dataset, MAWIFlow, with over 7 TB of real network traffic spanning a year. The achieved results of our proposed model are striking. It respectively improves the average false-positive and false-negative rates by up to 12% and 9.6% when no model updates are conducted. If done so, it can further improve the false-positive rate by up to 13% while rejecting only 3.6% of events and demanding only 0.3% of events for model updates. Further, the comparison against the traditional Federated Learning approach confirms our model’s remarkable performance in several scenarios. Finally, the quality and viability of our solution do prove that our approach can be successfully adopted for improving the accuracy and efficiency of classification systems in real-world scenarios where outdated models are prevalent and pave the way for future research in the area.
Pietro Tedeschi
Head of Cyber Electromagnetic Warfare Research
My research interests include Unmanned Aerial Vehicles Security, Maritime Security, Wireless Security, Internet of Things (IoT), Applied Cryptography, Privacy Preserving Systems, and Cyber-Physical Systems Security.