TY - GEN
T1 - Threat Intelligence with Non-IID Data in Federated Learning enabled Intrusion Detection for SDN
T2 - 24th International Arab Conference on Information Technology, ACIT 2023
AU - Kazmi, Syed Hussain Ali
AU - Qamar, Faizan
AU - Hassan, Rosilah
AU - Nisar, Kashif
AU - Dahnil, Dahlila Putri Binti
AU - Al-Betar, Mohammed Azmi
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - In the realm of cybersecurity, the ever-evolving threat landscape necessitates innovative approaches to design Intrusion Detection Systems (IDS). Software-Defined Networking (SDN) integrated with Deep Learning (DL) has emerged as a transformative paradigm of threat intelligence in IDS. However, centralized data processing in DL based IDS causes privacy issues. Within this context, Federated Learning (FL) has gained significant attention for its potential to enhance intrusion detection while maintaining privacy. This study presents an experimental investigation into the efficacy of FL-enabled intrusion detection in SDN environments, specifically addressing the challenging aspect of threat specific features selection in Non-IID (Non-Independently and Identically Distributed) data. We used the InSDN intrusion dataset containing different attacks including Denial-of-Service (DoS), Distributed-DoS (DDoS), brute force, probe, web and botnet attacks. After data pre-processing, Principal Component Analysis (PCA) is applied to analyze the impact of Non-IID data on features importance. The detailed results of simulations show large variations in features importance for Non-IID data in terms of quantity and threat type distribution. Furthermore, we discuss the implications of our results for future research directions.
AB - In the realm of cybersecurity, the ever-evolving threat landscape necessitates innovative approaches to design Intrusion Detection Systems (IDS). Software-Defined Networking (SDN) integrated with Deep Learning (DL) has emerged as a transformative paradigm of threat intelligence in IDS. However, centralized data processing in DL based IDS causes privacy issues. Within this context, Federated Learning (FL) has gained significant attention for its potential to enhance intrusion detection while maintaining privacy. This study presents an experimental investigation into the efficacy of FL-enabled intrusion detection in SDN environments, specifically addressing the challenging aspect of threat specific features selection in Non-IID (Non-Independently and Identically Distributed) data. We used the InSDN intrusion dataset containing different attacks including Denial-of-Service (DoS), Distributed-DoS (DDoS), brute force, probe, web and botnet attacks. After data pre-processing, Principal Component Analysis (PCA) is applied to analyze the impact of Non-IID data on features importance. The detailed results of simulations show large variations in features importance for Non-IID data in terms of quantity and threat type distribution. Furthermore, we discuss the implications of our results for future research directions.
KW - Federated Learning
KW - IDS
KW - Machine Learning
KW - Privacy
KW - SDN
UR - https://www.scopus.com/pages/publications/85189165235
U2 - 10.1109/ACIT58888.2023.10453867
DO - 10.1109/ACIT58888.2023.10453867
M3 - Conference contribution
AN - SCOPUS:85189165235
T3 - 2023 24th International Arab Conference on Information Technology, ACIT 2023
BT - 2023 24th International Arab Conference on Information Technology, ACIT 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 6 December 2023 through 8 December 2023
ER -