FOCC: A Synthetically Balanced Federated One-Class-Classification for Cyber Threat Intelligence in Software Defined Networking

Federated Learning offers a promising approach for building Cyber Threat Intelligence (CTI) by utilizing cross-domain data in Software Defined Networking (SDN) while addressing privacy concerns. However, as sixth-generation (6G) systems evolve with heterogeneous characteristics, the training data across individual SDN domains is likely to be highly Non-Independent and Identically Distributed (Non-IID), which significantly impairs the performance of Artificial Intelligence (AI) based Intrusion Detection Systems (IDSs). Therefore, this study proposes a novel framework called Federated One Class Classification (FOCC), which contains parallel inference with threat-specific independent autoencoders as local model at each domain and empowered with Variational Auto Encoders (VAEs). Firstly, the relation between weight divergence and multi-classification in Non-IID data is derived using mathematical analysis. Secondly, the threat specific data is generated by VAEs at each domain with latent space aggregation, which achieved the reduced validation loss in Federated Learning by synthetically balancing threat-specific data. Finally, the proposed FOCC framework depicts substantial improvement in threat specific multiclassification on InSDN dataset as compared to the existing state-of-the-art solutions for performance parameters; including accuracy, precision, recall and F1 score. Moreover, the integration of parallel processing in the proposed FOCC framework significantly minimizes computational delays.