Improving Transferability of Network Intrusion Detection in a Federated Learning Setup
Shreya Ghosh, Abu Shafin Mohammad Mahdee Jameel, Aly El Gamal
TL;DR
The paper addresses the challenge of detecting unseen intrusions by improving transferability in network IDS deployed over federated learning. It introduces TabFIDS, which combines bootstrapping to balance data and temporal averaging to enrich input information, and evaluates it against centralized and federated baselines using the CIC-IDS 2017 dataset. Empirical results show TabFIDS achieves the largest number of transferable attack pairs (31) and the highest proportion of transfers with attack accuracy above 90%, outperforming both centralized and standard federated setups. The findings demonstrate that carefully designed pre-processing in a federated setting can significantly extend the operational range of IDS beyond seen attack classes, with practical implications for privacy-preserving, scalable network security.
Abstract
Network Intrusion Detection Systems (IDS) aim to detect the presence of an intruder by analyzing network packets arriving at an internet connected device. Data-driven deep learning systems, popular due to their superior performance compared to traditional IDS, depend on availability of high quality training data for diverse intrusion classes. A way to overcome this limitation is through transferable learning, where training for one intrusion class can lead to detection of unseen intrusion classes after deployment. In this paper, we provide a detailed study on the transferability of intrusion detection. We investigate practical federated learning configurations to enhance the transferability of intrusion detection. We propose two techniques to significantly improve the transferability of a federated intrusion detection system. The code for this work can be found at https://github.com/ghosh64/transferability.