Trusted Encrypted Traffic Intrusion Detection Method Based on Federated Learning and Autoencoder  

作　　者：Wang Zixuan Miao Cheng Xu Yuhua Li Zeyi Sun Zhixin Wang Pan 

机构地区：[1]School of Modern Posts,Nanjing University of Posts&Telecommunications,Nanjing 210003,China [2]School of Computer Science,Nanjing University of Posts&Telecommunications,Nanjing 210003,China

出　　处：《China Communications》2024年第8期211-235,共25页中国通信（英文版）

基　　金：supported by National Natural Science Fundation of China under Grant 61972208;National Natural Science Fundation(General Program)of China under Grant 61972211;National Key Research and Development Project of China under Grant 2020YFB1804700;Future Network Innovation Research and Application Projects under Grant No.2021FNA02006;2021 Jiangsu Postgraduate Research Innovation Plan under Grant No.KYCX210794.

摘　　要：With the rapid development of the Internet,network security and data privacy are increasingly valued.Although classical Network Intrusion Detection System(NIDS)based on Deep Learning(DL)models can provide good detection accuracy,but collecting samples for centralized training brings the huge risk of data privacy leakage.Furthermore,the training of supervised deep learning models requires a large number of labeled samples,which is usually cumbersome.The“black-box”problem also makes the DL models of NIDS untrustworthy.In this paper,we propose a trusted Federated Learning(FL)Traffic IDS method called FL-TIDS to address the above-mentioned problems.In FL-TIDS,we design an unsupervised intrusion detection model based on autoencoders that alleviates the reliance on marked samples.At the same time,we use FL for model training to protect data privacy.In addition,we design an improved SHAP interpretable method based on chi-square test to perform interpretable analysis of the trained model.We conducted several experiments to evaluate the proposed FL-TIDS.We first determine experimentally the structure and the number of neurons of the unsupervised AE model.Secondly,we evaluated the proposed method using the UNSW-NB15 and CICIDS2017 datasets.The exper-imental results show that the unsupervised AE model has better performance than the other 7 intrusion detection models in terms of precision,recall and f1-score.Then,federated learning is used to train the intrusion detection model.The experimental results indicate that the model is more accurate than the local learning model.Finally,we use an improved SHAP explainability method based on Chi-square test to analyze the explainability.The analysis results show that the identification characteristics of the model are consistent with the attack characteristics,and the model is reliable.

关 键 词：autoencoder federated learning intrusion detection model interpretation unsupervised learning 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术] TP18[自动化与计算机技术—计算机科学与技术]