Multi-task network anomaly detection using federated learning
Paper
Paper/Presentation Title | Multi-task network anomaly detection using federated learning |
---|---|
Presentation Type | Paper |
Authors | Zhao, Ying, Chen, Junjun, Wu, Di, Teng, Jian and Yu, Shui |
Journal or Proceedings Title | Proceedings of the 10th international symposium on information and communication technology (SoICT 2019) |
Journal Citation | pp. 273-279 |
Number of Pages | 7 |
Year | 2019 |
Publisher | Association for Computing Machinery (ACM) |
Place of Publication | United States |
ISBN | 9781450372459 |
Digital Object Identifier (DOI) | https://doi.org/10.1145/3368926.3369705 |
Web Address (URL) of Paper | https://dl.acm.org/doi/abs/10.1145/3368926.3369705 |
Web Address (URL) of Conference Proceedings | https://dl.acm.org/doi/proceedings/10.1145/3368926 |
Conference/Event | 10th international symposium on information and communication technology (SoICT 2019) |
Event Details | 10th international symposium on information and communication technology (SoICT 2019) Delivery In person Event Date 04 to end of 06 Dec 2019 Event Location Hanoi, Viet Nam |
Abstract | Because of the complexity of network traffic, there are various significant challenges in the network anomaly detection fields. One of the major challenges is the lack of labeled training data. In this paper, we use federated learning to tackle data scarcity problem and to preserve data privacy, where multiple participants collaboratively train a global model. Unlike the centralized training architecture, participants do not need to share their training to the server in federated learning, which can prevent the training data from being exploited by attackers. Moreover, most of the previous works focus on one specific task of anomaly detection, which restricts the application areas and can not provide more valuable information to network administrators. Therefore, we propose a multi-task deep neural network in federated learning (MT-DNN-FL) to perform network anomaly detection task, VPN (Tor) traffic recognition task, and traffic classification task, simultaneously. Compared with multiple single-task models, the multi-task method can reduce training time overhead. Experiments conducted on well-known CICIDS2017, ISCXVPN2016, and ISCXTor2016 datasets, show that the detection and classification performance achieved by the proposed method is better than the baseline methods in centralized training architecture. |
Keywords | Network security; Security and privacy |
Contains Sensitive Content | Does not contain sensitive content |
ANZSRC Field of Research 2020 | 460609. Networking and communications |
4602. Artificial intelligence | |
4604. Cybersecurity and privacy | |
Public Notes | Files associated with this item cannot be displayed due to copyright restrictions. |
Byline Affiliations | Beijing University of Chemical Technology, China |
University of Technology Sydney |
https://research.usq.edu.au/item/z4y1x/multi-task-network-anomaly-detection-using-federated-learning
37
total views0
total downloads2
views this month0
downloads this month