Trust-based federated learning for network anomaly detection

With the rapid development of social networks and the massive popularity of intelligent mobile terminals, network anomaly detection is becoming increasingly important. In daily work and life, edge nodes store a large number of network local connection data and audit data, which can be used to analyze network abnormal behavior. With the increasingly close network communication, the amount of network connection and other related data collected by each network terminal is increasing. Machine learning has become a classification method to analyze the features of big data in the network. Face to the problems of excessive data and long response time for network anomaly detection, we propose a trust-based Federated learning anomaly detection algorithm. We use the edge nodes to train the local data model, and upload the machine learning parameters to the central node. Meanwhile, according to the performance of edge nodes training, we set different weights to match the processing capacity of each terminal which will obtain faster convergence speed and better attack classification accuracy. The user’s private information will only be processed locally and will not be uploaded to the central server, which can reduce the risk of information disclosure. Finally, we compare the basic federated learning model and TFCNN algorithm on KDD Cup 99 dataset and MNIST dataset. The experimental results show that the TFCNN algorithm can improve accuracy and communication efficiency.

GTF: An Adaptive Network Anomaly Detection Method at the Network Edge

Network Anomaly Detection (NAD) has become the foundation for network management and security due to the rapid development and adoption of edge computing technologies. There are two main characteristics of NAD tasks: tabular input data and imbalanced classes. Tabular input data format means NAD tasks take both sparse categorical features and dense numerical features as input. In order to achieve good performance, the detection model needs to handle both types of features efficiently. Among all widely used models, Gradient Boosting Decision Tree (GBDT) and Neural Network (NN) are the two most popular ones. However, each method has its limitation: GBDT is inefficient when dealing with sparse categorical features, while NN cannot yield satisfactory performance for dense numerical features. Imbalanced classes may downgrade the classifier’s performance and cause biased results towards the majority classes, often neglected by many exiting NAD studies. Most of the existing solutions addressing imbalance suffer from poor performance, high computational consumption, or loss of vital information under such a scenario. In this paper, we propose an adaptive ensemble-based method, named GTF, which combines TabTransformer and GBDT to leverage categorical and numerical features effectively and introduces Focal Loss to mitigate the imbalance classification. Our comprehensive experiments on two public datasets demonstrate that GTF can outperform other well-known methods in both multiclass and binary cases. Our implementation also shows that GTF has limited complexity, making it be a good candidate for deployment at the network edge.

Optimizing Network Anomaly Detection Based on Network Traffic

Cyber-attack is a very hot topic today. Nowadays, systems must always be connected to the internet, and network infrastructure keeps growing in both scale and complexity. Therefore, the problem of detecting and warning cyber-attacks is now very urgent. To improve the effectiveness of detecting cyber-attacks, many methods and techniques were applied. In this paper, we propose to apply two methods of optimizing cyber-attack detection based on the IDS 2018 dataset using Principal Component Analysis (PCA) and machine learning algorithms. In the experimental section, we compare and evaluate the efficiency of the algorithm through 2 parameters: detection and processing time, and the accuracy of the algorithm. The experimental results show that the model using optimized features has brought an apparent and better effect than models that have not reduced the feature dimension. Keywords— PCA; Network traffic; Anomaly; Cyberattack detection.

Novel Classification of IoT Devices Based on Traffic Flow Features

The concept of IoT (Internet of Things) assumes a continuous increase in the number of devices, which raises the problem of classifying them for different purposes. Based on their semantic characteristics, meaning, functionality or domain of usage, the system classes have been identified so far. This research purpose is to identify devices classes based on traffic flow characteristics such as the coefficient of variation of the received and sent data ratio. Such specified classes can combine devices based on behavior predictability and can serve as the basis for the creation of network management or network anomaly detection classification models. Four generic classes of IoT devices where defined by using the classification of the coefficient of variation method.

Novel Classification of IoT Devices Based on Traffic Flow Features

The concept of IoT (Internet of Things) assumes a continuous increase in the number of devices, which raises the problem of classifying them for different purposes. Based on their semantic characteristics, meaning, functionality or domain of usage, the system classes have been identified so far. This research purpose is to identify devices classes based on traffic flow characteristics such as the coefficient of variation of the received and sent data ratio. Such specified classes can combine devices based on behavior predictability and can serve as the basis for the creation of network management or network anomaly detection classification models. Four generic classes of IoT devices where defined by using the classification of the coefficient of variation method.