Go to GLOBECOM 2021 homepageTowards Lightweight and Efficient Distributed Intrusion Detection Framework
Abstract: Federated learning (FL), as a promising distributed learning paradigm, has put many efforts into distributed intrusion detection systems (IDS), for defending against various malicious attacks, such as SQL injection and DDoS attacks. Compared with traditional IDS based on centralized deep learning (DL), FL-based solutions require not to share users' raw data while yielding better detection performance. However, state-of-the-art FL-based methods still suffer from two key limitations: 1) insufficient detection performance on non-independent and identically distributed (non-IID) data, and 2) high communication and computational overheads due to the utilization of large-scale neural network models. In this paper, we propose a lightweight collaborative intrusion detection framework, called CoLGBM, the first of its kind in the regime of decentralized IDS, where decision tree and light gradient boosting machine (LGBM) are combined for constructing the detection scheme. The main insight is that through combining user-trained decision trees (each user's decision tree is derived from its own data with unique distribution), our framework can perform effectively on non-IID data while working efficiently for handling enormous samples. Compared with the current FL-based methods, our CoLGBM achieves higher accuracy and lower overhead on both IID and non-IID data. Extensive experiment results demonstrate our scheme with high-level performance.
0 Replies
Loading