Solving Data Contamination in DDoS Detection: A Method Based on Hierarchical Federated Learning

Distributed Denial-of-Service (DDoS) attacks can cause significant damage to network applications. A crucial step in combating these attacks lies in promptly and accurately detecting DDoS attack traffic. However, existing solutions struggle with data imbalance and contamination, leading to suboptimal DDoS detection. Furthermore, current methods typically require access to raw data for training, posing a significant privacy risk. To tackle these challenges, we propose HFL-AD, a hierarchical federated learning framework specifically designed for detecting DDoS attack traffic by resolving the data contamination issue. In our approach, a federation of lower-layer clients train local anomaly detection models using diverse raw data. A selected few clients, possessing a small supplementary dataset, serve as upper-layer clients, responsible for excluding model updates uploaded by lower-layer clients that have been trained on contaminated datasets. Experimental results demonstrate that HFL-AD outperforms state-of-the-art (SOTA) solutions in DDoS detection, particularly when some training datasets are contaminated.