{"title":"New Continual Federated Learning System for Intrusion Detection in SDN-Based Edge Computing","authors":"Ameni Chetouane, Kamel Karoui","doi":"10.1002/cpe.8332","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Software Defined Networking (SDN) is an open network approach that has been proposed to address some of the main problems with traditional networks. However, SDN faces cybersecurity issues. To provide a network defense against attacks, an Intrusion Detection System (IDS) needs to be updated and included into the SDN architecture on a regular basis. Machine learning methods have proved effective in detecting intrusions in SDN. Moreover, these techniques pose the problem of significant computational overload and the absence of regular updates when new cyber-attacks appear. To address these issues, we propose a new SDN-based cloud intrusion detection system called Continual Federated Learning (CFL). In CFL, we modify the classical federated learning process by granting a more important and dynamic role to each participating client. On the one hand, it can trigger this process whenever a new type of intrusion is detected. On the other hand, once the new model has been identified, the customer can decide whether or not to deploy it in his network. In addition, to verify the accuracy of the CFL system, we have formally specified it by a communication protocol. This specification organizes the exchanges between the different communicating entities involved in the CFL. To verify the accuracy of this specification, we described it using the PROMELA language and checked with the associated SPIN tool. On the experimental side, we deployed this specification of the CFL system in an SDN computing environment. We defined different scenarios, and we proposed that each client decides locally to deploy or not the newly obtained intrusion detection model. The decision is based on a modified metric where we integrate the severity of the intrusions. Experimental results using private local datasets show that the proposed CFL system can efficiently and accurately detect new types of intrusions while preserving client confidentiality. Thus, it can be considered a promising system for SDN-based edge computing.</p>\n </div>","PeriodicalId":55214,"journal":{"name":"Concurrency and Computation-Practice & Experience","volume":"37 2","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2024-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation-Practice & Experience","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/cpe.8332","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
Software Defined Networking (SDN) is an open network approach that has been proposed to address some of the main problems with traditional networks. However, SDN faces cybersecurity issues. To provide a network defense against attacks, an Intrusion Detection System (IDS) needs to be updated and included into the SDN architecture on a regular basis. Machine learning methods have proved effective in detecting intrusions in SDN. Moreover, these techniques pose the problem of significant computational overload and the absence of regular updates when new cyber-attacks appear. To address these issues, we propose a new SDN-based cloud intrusion detection system called Continual Federated Learning (CFL). In CFL, we modify the classical federated learning process by granting a more important and dynamic role to each participating client. On the one hand, it can trigger this process whenever a new type of intrusion is detected. On the other hand, once the new model has been identified, the customer can decide whether or not to deploy it in his network. In addition, to verify the accuracy of the CFL system, we have formally specified it by a communication protocol. This specification organizes the exchanges between the different communicating entities involved in the CFL. To verify the accuracy of this specification, we described it using the PROMELA language and checked with the associated SPIN tool. On the experimental side, we deployed this specification of the CFL system in an SDN computing environment. We defined different scenarios, and we proposed that each client decides locally to deploy or not the newly obtained intrusion detection model. The decision is based on a modified metric where we integrate the severity of the intrusions. Experimental results using private local datasets show that the proposed CFL system can efficiently and accurately detect new types of intrusions while preserving client confidentiality. Thus, it can be considered a promising system for SDN-based edge computing.
期刊介绍:
Concurrency and Computation: Practice and Experience (CCPE) publishes high-quality, original research papers, and authoritative research review papers, in the overlapping fields of:
Parallel and distributed computing;
High-performance computing;
Computational and data science;
Artificial intelligence and machine learning;
Big data applications, algorithms, and systems;
Network science;
Ontologies and semantics;
Security and privacy;
Cloud/edge/fog computing;
Green computing; and
Quantum computing.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
