Privacy Preserving Federated Learning for Distributed Intrusion Detection: Differential Privacy Guarantees, NonIID Convergence, and Byzantine Robustness

Article Sidebar

PDF
Published: 2023-08-16
DOI: https://doi.org/10.15662/IJRPETM.2023.0604011
Keywords:
Federated Learning, Differential Privacy, Intrusion Detection, NonIID Data, Byzantine Robustness, Gradient Compression, Privacy Preserving ML, Fed Prox, DPSGD, Renyi DP

Main Article Content

Pavan Navandar
Cybersecurity Lead, USA

Abstract

Federated learning (FL) enables collaborative intrusion detection system (IDS) training across organizations that cannot share raw network traffic due to privacy, regulatory, or competitive constraints. However, naive FL deployments are vulnerable to gradient inversion attacks that reconstruct private training data from gradient updates, suffer severe accuracy degradation under nonidentically distributed (nonIID) data partitions across heterogeneous network environments, and are susceptible to Byzantine manipulation by adversarial clients. This paper presents FedIDSDP, a differentially private federated learning framework for distributed IDS that simultaneously addresses all three challenges. The framework applies Renyi Differential Privacy (RDP) accounting with perlayer gradient clipping, a communication efficient Top gradient scarification scheme achieving 90% compression with less than 1.2% accuracy loss, and an adaptive Fed Prox regularization term dynamically calibrated to client data heterogeneity via Maximum Mean Discrepancy (MMD). Theoretical analysis establishes (epsilon=1.0, delta=10^5)DP guarantees across 200 communication rounds for five heterogeneous client organizations. Byzantine fault tolerance under 20% malicious client fraction is provided by Krum aggregation. Empirical evaluation on CICIDS2018 with Dirichlet nonIID partitioning (alpha=0.5) demonstrates FedIDSDP achieves 97.8% F1score, within 1.2 percentage points of centralized training, while providing provable privacy guarantees and 73% communication overhead reduction. Ablation studies confirm each component's contribution; distribution shift experiments validate adaptive weight updating.

Article Details

Issue

Vol. 6 No. 4 (2023): International Journal of Research Publications in Engineering, Technology and Management

Section

Articles

How to Cite

Privacy Preserving Federated Learning for Distributed Intrusion Detection: Differential Privacy Guarantees, NonIID Convergence, and Byzantine Robustness. (2023). International Journal of Research Publications in Engineering, Technology and Management (IJRPETM), 6(4), 9055-9062. https://doi.org/10.15662/IJRPETM.2023.0604011

References

[1] ENISA. (2021). ENISA Threat Landscape 2021. European Union Agency for Cybersecurity. https://www.enisa.europa.eu/publications/enisathreatlandscape2021

[2] European Parliament. (2016). Regulation (EU) 2016/679 (GDPR). Official Journal of the European Union, L119, 188.

[3] McMahan, H. B., Moore, E., Ramage, D., Hampson, S., & y Arcas, B. A. (2017). Efficient communication is learning of deep networks from decentralized data. Proc. AISTATS, 54, 12731282.

[4] Zhu, L., Liu, Z., & Han, S. (2019). Deep leakage from gradients. Advances in Neural Information Processing Systems, 32, 1474714756.

[5] Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., & Shmatikov, V. (2020). How to do backdoor federate learning. Proc. AISTATS 2020, 29382948.

[6] Li, T., Sahu, A. K., Zaheer, M., Sanjabi, M., Talwalkar, A., & Smith, V. (2020). Federated optimization in heterogeneous networks. Proc. Moseys 2020.

[7] Preuveneers, D., et al. (2018). Chained anomaly detection models for federated learning. Applied Sciences, 8(12), 2663. https://doi.org/10.3390/app8122663

[8] Nguyen, T. D., Marchal, S., Miettinen, M., Fereydoun, H., Asokan, N., & Sadeghi, A. R. (2022). DIoT: A federated self-learning anomaly detection system for IoT. Proc. IEEE ICDCS 2022.

[9] Dwork, C., McSherry, F., Nissim, K., & Smith, A. (2006). Calibrating noise to sensitivity in confidential data analysis. Proc. TCC 2006, LNCS 3876, 265284.

[10] Abadi, M., Chu, A., Goodfellow, I., McMahan, H. B., Mironov, I., Talwar, K., & Zhang, L. (2016). Deep learning with differential privacy. Proc. ACM CCS 2016, 308318.

[11] Mironov, I. (2017). Renyi differential privacy of the Gaussian mechanism. Proc. IEEE CSF 2017, 132141.

[12] McMahan, B., Ramage, D., Talwar, K., & Zhang, L. (2018). Learning differentially private recurrent language models. ICLR 2018. arXiv:1710.06963.

[13] Zhao, Y., Li, M., Lai, L., Suda, N., Cavin, D., & Chandra, V. (2018). Federated learning with nonacid data. arXiv:1806.00582.

[14] Gretton, A., Borgwardt, K. M., Rasch, M. J., Scholkopf, B., & Smola, A. (2012). A kernel two sample test. Journal of Machine Learning Research, 13, 723773.

[15] Blanchard, P., El Mhamdi, E. M., Guerraoui, R., & Stainer, J. (2017). Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in NeurIPS 30.

[16] Stich, S. U., Cordonnier, J. B., & Jaggi, M. (2018). Sportified SGD with memory. Advances in Nauris 31, 44474458.

[17] Bonawitz, K., et al. (2017). Practical secure aggregation for privacy preserving machine learning. Proc. ACM CCS 2017, 11751191.

[18] Sharafuddin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset. Proc. ICISSP 2018, 108116.