Intrusion Detection Based on Federated Learning: A Systematic Review

IF 23.8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

ACM Computing Surveys Pub Date : 2025-04-23 DOI:10.1145/3731596

Jose Hernandez-Ramos, Georgios Karopoulos, Efstratios Chatzoglou, Vasileios Kouliaridis, Enrique Marmol, Aurora Gonzalez-Vidal, Georgios Kambourakis

{"title":"Intrusion Detection Based on Federated Learning: A Systematic Review","authors":"Jose Hernandez-Ramos, Georgios Karopoulos, Efstratios Chatzoglou, Vasileios Kouliaridis, Enrique Marmol, Aurora Gonzalez-Vidal, Georgios Kambourakis","doi":"10.1145/3731596","DOIUrl":null,"url":null,"abstract":"The evolution of cybersecurity is closelynked to the development and improvement of artificial intelligence (AI). As a key tool for realizing more cybersecure ecosystems, Intrusion Detection Systems (IDSs) have evolved tremendously in recent years by integrating machine learning (ML) techniques to detect increasingly sophisticated cybersecurity attacks hidden in big data. However, traditional approaches rely on centralized learning, in which data from end nodes are shared with data centers for analysis. Recently, the application of federated learning (FL) in this context has attracted great interest to come up with collaborative intrusion detection approaches where data does not need to be shared. Due to the recent rise of this field, this work presents a complete, contemporary taxonomy for FL-enabled IDS approaches that stems from a comprehensive survey of the literature from 2018 to 2022. Precisely, our discussion includes an analysis of the main ML models, datasets, aggregation functions, as well as implementation libraries employed by the proposed FL-enabled IDS approaches. On top of everything else, we provide a critical view of the current state of the research around this topic, and describe the main challenges and future directions based on the analysis of the literature and our own experience in this area.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":"91 1","pages":""},"PeriodicalIF":23.8000,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3731596","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

The evolution of cybersecurity is closelynked to the development and improvement of artificial intelligence (AI). As a key tool for realizing more cybersecure ecosystems, Intrusion Detection Systems (IDSs) have evolved tremendously in recent years by integrating machine learning (ML) techniques to detect increasingly sophisticated cybersecurity attacks hidden in big data. However, traditional approaches rely on centralized learning, in which data from end nodes are shared with data centers for analysis. Recently, the application of federated learning (FL) in this context has attracted great interest to come up with collaborative intrusion detection approaches where data does not need to be shared. Due to the recent rise of this field, this work presents a complete, contemporary taxonomy for FL-enabled IDS approaches that stems from a comprehensive survey of the literature from 2018 to 2022. Precisely, our discussion includes an analysis of the main ML models, datasets, aggregation functions, as well as implementation libraries employed by the proposed FL-enabled IDS approaches. On top of everything else, we provide a critical view of the current state of the research around this topic, and describe the main challenges and future directions based on the analysis of the literature and our own experience in this area.

查看原文本刊更多论文

基于联邦学习的入侵检测系统综述

网络安全的演变与人工智能的发展和完善密切相关。作为实现更安全的网络生态系统的关键工具，入侵检测系统（ids）近年来通过集成机器学习（ML）技术来检测隐藏在大数据中的日益复杂的网络安全攻击，取得了巨大的发展。然而，传统方法依赖于集中式学习，其中来自终端节点的数据与数据中心共享以进行分析。最近，在这种情况下，联邦学习（FL）的应用引起了人们的极大兴趣，提出了不需要共享数据的协作入侵检测方法。由于这一领域最近的兴起，这项工作提出了一个完整的、当代的基于fl的IDS方法分类，该分类源于对2018年至2022年文献的全面调查。准确地说，我们的讨论包括分析主要的ML模型、数据集、聚合函数，以及被提议的支持fl的IDS方法所采用的实现库。最重要的是，我们提供了围绕这一主题的研究现状的批判性观点，并根据文献分析和我们自己在这一领域的经验描述了主要挑战和未来的方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Computing Surveys 工程技术-计算机：理论方法

CiteScore

33.20

自引率

0.60%

发文量

372

审稿时长

12 months

期刊介绍： ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.