Chained Anomaly Detection Models for Federated Learning: An Intrusion Detection Case Study

【Author】 Preuveneers, Davy; Rimmer, Vera; Tsingenopoulos, Ilias; Spooren, Jan; Joosen, Wouter; Ilie-Zudor, Elisabeth

【Source】APPLIED SCIENCES-BASEL

【Abstract】The adoption of machine learning and deep learning is on the rise in the cybersecurity domain where these AI methods help strengthen traditional system monitoring and threat detection solutions. However, adversaries too are becoming more effective in concealing malicious behavior amongst large amounts of benign behavior data. To address the increasing time-to-detection of these stealthy attacks, interconnected and federated learning systems can improve the detection of malicious behavior by joining forces and pooling together monitoring data. The major challenge that we address in this work is that in a federated learning setup, an adversary has many more opportunities to poison one of the local machine learning models with malicious training samples, thereby influencing the outcome of the federated learning and evading detection. We present a solution where contributing parties in federated learning can be held accountable and have their model updates audited. We describe a permissioned blockchain-based federated learning method where incremental updates to an anomaly detection machine learning model are chained together on the distributed ledger. By integrating federated learning with blockchain technology, our solution supports the auditing of machine learning models without the necessity to centralize the training data. Experiments with a realistic intrusion detection use case and an autoencoder for anomaly detection illustrate that the increased complexity caused by blockchain technology has a limited performance impact on the federated learning, varying between 5 and 15%, while providing full transparency over the distributed training process of the neural network. Furthermore, our blockchain-based federated learning solution can be generalized and applied to more sophisticated neural network architectures and other use cases.

【Keywords】blockchain; federated deep learning; anomaly detection; audit; performance

【标题】联邦学习的链式异常检测模型：入侵检测案例研究

【摘要】机器学习和深度学习的采用在网络安全领域呈上升趋势，这些人工智能方法有助于加强传统的系统监控和威胁检测解决方案。然而，攻击者在隐藏大量良性行为数据中的恶意行为方面也变得更加有效。为了解决这些隐形攻击的检测时间越来越长的问题，互连和联邦学习系统可以通过联合力量和汇集监控数据来改进对恶意行为的检测。我们在这项工作中解决的主要挑战是，在联邦学习设置中，对手有更多机会用恶意训练样本毒害本地机器学习模型之一，从而影响联邦学习的结果并逃避检测。我们提出了一个解决方案，在该解决方案中，联邦学习的贡献方可以被追究责任，并对其模型更新进行审计。我们描述了一种基于许可的基于区块链的联邦学习方法，其中异常检测机器学习模型的增量更新在分布式账本上链接在一起。通过将联邦学习与区块链技术相结合，我们的解决方案支持机器学习模型的审计，而无需集中训练数据。实际入侵检测用例和异常检测自动编码器的实验表明，区块链技术导致的复杂性增加对联邦学习的性能影响有限，在 5% 到 15% 之间变化，同时提供了分布式训练过程的完全透明性。神经网络。此外，我们基于区块链的联邦学习解决方案可以推广并应用于更复杂的神经网络架构和其他用例。

【关键词】区块链；联合深度学习；异常检测；审计;表现

【发表时间】2018

【收录时间】2022-07-06

【文献类型】Article

【论文大主题】区块链联邦学习

【论文小主题】联邦学习为主体

【影响因子】2.838

【翻译者】石东瑛