Research On Network Intrusion Detection Based On Federated Learning

In the 21st century,the development of the Internet has brought great convenience to people's lives.At the same time,network security issues are becoming more and more serious.Network intrusion detection technology is an important technology to solve network security problems.However,there are still two main challenges in the field of network intrusion detection:the problem of small amount of data and low quality and the problem of privacy leakage.Enterprises only have a small amount of data.Due to the high cost of manual labeling,most of the data is unlabeled data,and it is difficult to train a model with high prediction accuracy;at the same time,training data involves sensitive information,and model information may be leaked Risks,such as attackers can use publicly published models to restore training data.Data between enterprises cannot be integrated,forming a phenomenon of "data islands".Network security vendors can only use their own data to do network intrusion detection,and cannot integrate data from other vendors.Incomplete data makes the intrusion detection model obtained by training not comprehensive enough.Aiming at the "Isolated Data Island" problem in current network intrusion detection methods,this dissertation designed and implemented a network intrusion detection method based on federated learning.Compared with the traditional network intrusion detection technology,this method does not need to concentrate the data in the data center for training,but only needs to aggregate the model parameters trained by each federated learning user locally using their own data through the parameter server.In this way,network security vendors benefit from the global sharing model without uploading local private data and maintain the data security of network security vendors.At the same time,experiments have verified that each user can get a better global sharing model.This dissertation compares the effects of traditional network intrusion detection models through experiments,and uses the more effective convolutional neural network(CNN)model as the underlying training model of the federal network intrusion detection system.Aiming at the lack of performance of the global shared model obtained by the federal network intrusion system,this dissertation proposes a performance optimization method.The accuracy of each user's locally trained model on the validation set is used to determine the user's weight in the global update,using KDD99 data Set,the experiment shows that the accuracy rate increased by 0.9%after optimization.Aiming at the security problem of the federal network intrusion detection system framework,this dissertation introduces differential privacy into the federal network intrusion detection system to further protect user privacy.At the same time,the experimental results show that when the privacy budget is ?=12 and ?=0.01,the best accuracy is 91.3%,and the best result without differential privacy is 91.7%,the error is 0.4%.A balance can be struck between the level of privacy protection and the performance of the model,depending on the privacy budget required by the user.