FedDef: Defense Against Gradient Leakage in Federated Learning-based Network Intrusion Detection Systems

Deep learning (DL) methods have been widely applied to anomaly-based network intrusion detection system (NIDS) detect malicious traffic. To expand the usage scenarios of DL-based methods, federated (FL) allows multiple users train a global model on basis respecting individual data privacy. However, it has not yet systematically evaluated how robust FL-based NIDSs are against existing privacy attacks under defenses. address this issue, we propose two evaluation metrics designed for NIDSs, including (1) score that evaluates similarity between original and recovered traffic features using reconstruction attacks, (2) evasion rate adversarial attack with We conduct experiments illustrate defenses provide little protection corresponding can even evade SOTA NIDS Kitsune. defend such build more NIDS, further FedDef, novel optimization-based input perturbation defense strategy theoretical guarantee. It achieves both high utility by minimizing gradient distance strong maximizing distance. experimentally evaluate four datasets show our outperforms all baselines in terms up 7 times higher score, while maintaining accuracy loss within 3% optimal parameter combination.