<p>Federated learning enables collaborative intrusion detection without centralizing raw traffic records, but it also limits the server’s ability to inspect client behavior during training. This creates a client-level auditability problem: a federated intrusion-detection model may preserve high global predictive utility while malicious clients remain difficult to distinguish from benign participants. This problem becomes more challenging under adaptive gradient mimicry, where malicious clients deliberately make their submitted updates appear plausible in update space. This paper evaluates client-level auditability in federated intrusion detection under adaptive gradient mimicry. We examine whether simple update-space audit signals, including update norm, distance to benign reference behavior, and cosine similarity, retain malicious-client ranking information when the attacker reduces update-space abnormality. We then study temporal semantic auditing as complementary inspection evidence by evaluating client-updated temporary models over a fixed probe set and extracting attribution-derived behavior using Gradient<InlineEquation ID="IEq1"><EquationSource Format="TEX">\(\times \)</EquationSource><EquationSource Format="MATHML"><math><mo>×</mo></math></EquationSource></InlineEquation>Input, Integrated Gradients, and an LRP-style relevance proxy. Experiments on UNSW-NB15, N-BaIoT, and CICIDS2017 under non-IID federated settings show that adaptive mimicry can weaken or directionally invert update-space audit signals, making malicious clients appear unusually close to benign reference behavior. Attribution-derived temporal evidence provides complementary but bounded separability, especially through gradient–semantic discordance. However, a two-dataset semantic-aware stress test shows that this separability can be reduced when the attacker approximates the semantic audit objective. Overall, the study shows that global IDS utility, update-space plausibility, aggregation robustness, and client-level auditability are distinct security properties. Temporal semantic auditing should therefore be interpreted as a client-level inspection layer rather than a standalone defense.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Beyond update-space auditing: temporal semantic evidence for adaptive deceptive client detection in federated intrusion detection

  • Reem Almarwani,
  • Maryam Almarwani

摘要

Federated learning enables collaborative intrusion detection without centralizing raw traffic records, but it also limits the server’s ability to inspect client behavior during training. This creates a client-level auditability problem: a federated intrusion-detection model may preserve high global predictive utility while malicious clients remain difficult to distinguish from benign participants. This problem becomes more challenging under adaptive gradient mimicry, where malicious clients deliberately make their submitted updates appear plausible in update space. This paper evaluates client-level auditability in federated intrusion detection under adaptive gradient mimicry. We examine whether simple update-space audit signals, including update norm, distance to benign reference behavior, and cosine similarity, retain malicious-client ranking information when the attacker reduces update-space abnormality. We then study temporal semantic auditing as complementary inspection evidence by evaluating client-updated temporary models over a fixed probe set and extracting attribution-derived behavior using Gradient\(\times \)×Input, Integrated Gradients, and an LRP-style relevance proxy. Experiments on UNSW-NB15, N-BaIoT, and CICIDS2017 under non-IID federated settings show that adaptive mimicry can weaken or directionally invert update-space audit signals, making malicious clients appear unusually close to benign reference behavior. Attribution-derived temporal evidence provides complementary but bounded separability, especially through gradient–semantic discordance. However, a two-dataset semantic-aware stress test shows that this separability can be reduced when the attacker approximates the semantic audit objective. Overall, the study shows that global IDS utility, update-space plausibility, aggregation robustness, and client-level auditability are distinct security properties. Temporal semantic auditing should therefore be interpreted as a client-level inspection layer rather than a standalone defense.