Privacy-Preserving Network Intrusion Detection using Federated Learning

Abstract

Internet of Things (IoT) devices are more vulnerable to viruses, assaults, and harmful activities as they are developed in tandem with the rise in cybercrime. Network Intrusion Detection Systems (NIDS) are generally used to detect attacks in the IoT devices. Machine learning (ML) techniques are being employed to improve these systems. This study compares various ML techniques to develop NIDS using UNSW-NB15 dataset and proposes a federated learning (FL) approach to overcome the limitations of classical ML approaches. Feature selection is done on the basis of correlation between them and five ML approaches are implemented: Logistic Regression, K-Nearest Neighbors, Random Forest (RF), Decision Tree and Artificial Neural Network. RF was found to be the best performing model for both binary and multi-class classification. However, there are certain limitations in this centralized approach which assumes the presence of a central organisation to store and execute analysis on data from all participant devices. FL is a decentralized approach where each IoT device is considered as a client and models are trained on these devices without transmitting data. This preserves privacy of data and also reduces data transfer costs as only model weights are shared instead of huge data. To assess the effectiveness of the proposed method, we conduct extensive experiments on the UNSW-NB15 dataset. The proposed FL detection model is shown to be both accurate and superior to the centralised model in experiments and empirical analyses, demonstrating its resilience and benefits.