With the increasing number of attacks on distributed networks, machine learning has proven effective in detecting intrusions. However, these techniques pose the problem of significant computational overhead and the risk of invasion of privacy. In addition, cyberattacks are evolving more rapidly than ever. To address the above issues, we propose a new method for intrusion detection in distributed networks called Continual Federated Learning (CFL). The use of Federated Learning (FL) in a distributed network protects the confidentiality of the data of each participant while at the same time improving the collaboration between the participants to produce higher quality models. In addition, Continual Learning (CL) constantly updates the model to be ready to detect new intrusions. As a result, the combination of continual learning and federated learning will provide an updated model capable of easily and effectively detecting new intrusions. To demonstrate the effectiveness of the proposed CFL methodology, we use it to detect intrusions in an SDN environment.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Continual Federated Learning Approach for Distributed Network Intrusion Detection: A Case Study on Software Defined Networking

  • Ameni Chetouane,
  • Kamel Karoui

摘要

With the increasing number of attacks on distributed networks, machine learning has proven effective in detecting intrusions. However, these techniques pose the problem of significant computational overhead and the risk of invasion of privacy. In addition, cyberattacks are evolving more rapidly than ever. To address the above issues, we propose a new method for intrusion detection in distributed networks called Continual Federated Learning (CFL). The use of Federated Learning (FL) in a distributed network protects the confidentiality of the data of each participant while at the same time improving the collaboration between the participants to produce higher quality models. In addition, Continual Learning (CL) constantly updates the model to be ready to detect new intrusions. As a result, the combination of continual learning and federated learning will provide an updated model capable of easily and effectively detecting new intrusions. To demonstrate the effectiveness of the proposed CFL methodology, we use it to detect intrusions in an SDN environment.