基于高效联邦学习算法的网络入侵检测模型

Network intrusion detection model based on efficient federated learning algorithm

为解决在入侵检测场景中引入联邦学习技术后,由于节点间存在流量数据非独立同分布(non-iid)现象而导致模型难以聚合并得到高识别率的问题,构造了一种高效联邦学习算法(H-E-Fed),并基于该算法构建了对应的入侵检测模型。首先,协调方设计针对流量数据的全局模型,并下发至入侵检测节点间进行模型训练;然后,协调方收集本地模型,并对节点间本地模型的协方差矩阵评估偏度,以衡量节点间模型的相关性,从而重新分配模型聚合参数,并生成新的全局模型;最后,协调方与节点多轮交互,直至全局模型收敛。实验结果表明,与基于联邦平均(FedAvg)算法和FedProx算法的模型相比,基于高效联邦学习算法的入侵检测模型在节点间产生数据non-iid现象时的通信消耗更低;且在KDDCup99数据集和CICIDS2017数据集上,与基线模型相比,准确率分别提升了10.39%、8.14%与4.40%、5.98%。

After the introduction of federated learning technology in intrusion detection scenarios,there is a problem that the traffic data between nodes is non-independent and identically distributed(non-iid),which makes it difficult for models to aggregate and obtain a high recognition rate.To solve this problem,an efficient federated learning algorithm named H‑E‑Fed was constructed,and a network intrusion detection model based on this algorithm was proposed.Firstly,a global model for traffic data was designed by the coordinator and was sent to the intrusion detection nodes for model training.Then,by the coordinator,the local models were collected and the skewness of the covariance matrix of the local models between nodes was evaluated,so as to measure the correlation of models between nodes,thereby reassigning model aggregation parameters and generating a new global model.Finally,multiple rounds of interactions between the coordinator and the nodes were carried out until the global model converged.Experimental results show that compared with the models based on FedAvg(Federated Averaging)algorithm and FedProx algorithm,under data non-iid phenomenon between nodes,the proposed model has the communication consumption relatively low.And on KDDCup99 dataset and CICIDS2017 dataset,compared with baseline models,the proposed model has the accuracy improved by 10.39%,8.14%and 4.40%,5.98%respectively.