Decentralized Online Federated G-Network Learning for Lightweight Intrusion Detection

Abstract

Cyberattacks are increasingly threatening net-worked systems often with the emergence of new types of unknown (zero-day) attacks and the rise of vulnerable devices. uch attacks can also target multiple components of a Supply Chain which can be protected via Machine Learning (ML)-based Intrusion Detection Systems (IDSs). However the need to learn large amounts of labelled data often limits the applicability of ML-based IDSs to cybersystems that only have access to private local data while distributed systems such as Supply Chains have multiple components each of which must preserve its private data while being targeted by the same attack To address this issue this paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection (DOF-ID) architecture based on the G-Network model with collaborative learning that allows each IDS used by a specific component to learn from the experience gained in other components in addition to its own local data without violating the data privacy of other components. The performance evaluation results using public Kitsune and Bot-loT datasets show that DOF -ID significantly improves the intrusion detection performance in all of the collaborating components with acceptable computation time for online learning. © 2024 Elsevier B.V. All rights reserved.