STUDY AND ANALYSIS OF INTRUSION DETECTION SYSTEM USING FEDERATED MACHINE LEARNING

Abstract

Zero days attacks are the mutated version of existing attacks for which there are no pre-existing solution and are very difficult to detect. Zero day attacks are becoming a challenging issue in maximum organization. Zero-days attacks need real-time monitoring but existing machine learning techniques take years to update their dataset for detecting different attacks. Modern IDS made with centralized machine learning algo does not assure the privacy of the client data and information because the directly exchange the raw data between central server and the edge nodes. In the case of federated learning, datasets are updated on a daily basis which makes it very effective to detect zero-days attacks. Additionally, in federated learning, the data is not exported at the server side but only modal parameters are exchanged between server and the edge nodes, which also preserves the privacy of people but that were serious issue in centralized machine learning. We have proposed a architecture for Building Intrusion Detection System using Federated training which can detect the attacks by learning from the neighboring nodes in a network organization in the real time. This can help in constructing a generalized ability of detecting the zero day attack and further these can help to prevent the zero day attack as early as possible. Supervised ML algo need labelled input and have been found to be inefficient for detecting the zero day attack because zero day are not known and they are unlabeled. In our approach, we have used both concept of the K-means clustering for labelling and federated training using Artificial Neural Network for making the Intrusion Detection System. CICDS2017 dataset have been used which have fourteen different types of zero day attack and achieved accuracy of 82.82 percent and 88.72 percent by using dual clustering and multi clustering concept respectively.