Fed-Evolver: An automated evolving approach for federated Intrusion Detection System using adversarial autoencoder in SDN-enabled networks

Intrusion Detection Systems (IDS) have garnered escalating significance in response to the evolving landscape of cyberattacks, driven by the adaptability and versatility of Software Defined Networking (SDN)-based networks in enhancing security orchestration. Although Machine Learning (ML) models have been developed for IDS, they require large amounts of labeled data to achieve high performance. However, acquiring labels for attacks is a time-consuming process and can cause problems in deploying the existing ML models in new systems or lower performance due to a shortage of labeled data on pre-trained datasets. Additionally, such ML-based IDS models lack the self-learning function to automatically adapt to new cyberattacks during network operations. To overcome these challenges, our work proposes Fed-Evolver, an automated evolving approach for federated IDS that combines Generative Adversarial Networks (GANs) with Auto Encoder (AE) and a semi-supervised adversarial Autoencoder (SSAAE) for spotting intrusion actions. Our Fed-Evolver leverages supervised and unsupervised learning strategies to build efficient IDS models in the context of labeled data scarcity with the help of Federated Learning (FL). It allows data owners to collaborate for training intrusion detection models to provide the self-evolving capability in SDN-enabled networks. Our proposed framework is evaluated on 6 cyberattack datasets, including CICIDS2018, CIC-ToN-IoT, NF-UNSW-NB15, InSDN, InSecLab-IDS2021, DNP3 Intrusion Detection, and it outperforms other ML methods even when trained with only 1% proportion of labeled data, achieving consistently high performance across all metrics on the datasets.