WeiDetect: Weibull Distribution-Based Defense against Poisoning Attacks in Federated Learning for Network Intrusion Detection Systems
Sameera K. M., Vinod P., Anderson Rocha, Rafidha Rehiman K. A., Mauro Conti
TL;DR
This paper tackles poisoning attacks on federated learning-based network intrusion detection systems (NIDS) operating in privacy-critical IoT settings. It introduces WeiDetect, a two-phase server-side defense that first validates local updates on an auxiliary dataset and then applies an anomaly-detection step modeled by an exponential Weibull distribution to identify anomalous models. By selecting updates with the highest cumulative distribution function values for aggregation, WeiDetect demonstrates improvements in target-class recall (up to 70%) and global F1 scores (about 1% to 14%) on CIC-Darknet2020 and CSE-CIC-IDS2018 under non-IID data, outperforming state-of-the-art defenses. The approach offers a practical, communication-efficient defense suitable for privacy-preserving NIDS in large-scale IoT deployments, with favorable computational overhead and robustness to both data-poisoning and label-flipping attacks.
Abstract
In the era of data expansion, ensuring data privacy has become increasingly critical, posing significant challenges to traditional AI-based applications. In addition, the increasing adoption of IoT devices has introduced significant cybersecurity challenges, making traditional Network Intrusion Detection Systems (NIDS) less effective against evolving threats, and privacy concerns and regulatory restrictions limit their deployment. Federated Learning (FL) has emerged as a promising solution, allowing decentralized model training while maintaining data privacy to solve these issues. However, despite implementing privacy-preserving technologies, FL systems remain vulnerable to adversarial attacks. Furthermore, data distribution among clients is not heterogeneous in the FL scenario. We propose WeiDetect, a two-phase, server-side defense mechanism for FL-based NIDS that detects malicious participants to address these challenges. In the first phase, local models are evaluated using a validation dataset to generate validation scores. These scores are then analyzed using a Weibull distribution, identifying and removing malicious models. We conducted experiments to evaluate the effectiveness of our approach in diverse attack settings. Our evaluation included two popular datasets, CIC-Darknet2020 and CSE-CIC-IDS2018, tested under non-IID data distributions. Our findings highlight that WeiDetect outperforms state-of-the-art defense approaches, improving higher target class recall up to 70% and enhancing the global model's F1 score by 1% to 14%.