Trusted encrypted traffic intrusion detection method based on federated learning and autoencoder

With the rapid development of the Internet, network security and data privacy are increasingly valued. Although classical Network Intrusion Detection System (NIDS) based on Deep Learning (DL) models can provide good detection accuracy, but collecting samples for centralized training brings the huge risk of data privacy leakage. Furthermore, the training of supervised deep learning models requires a large number of labeled samples, which is usually cumbersome. The "black-box" problem also makes the DL models of NIDS untrustworthy. In this paper, we propose a trusted Federated Learning (FL) Traffic IDS method called FL-TIDS to address the above-mentioned problems. In FL-TIDS, we design an unsupervised intrusion detection model based on autoencoders that alleviates the reliance on marked samples. At the same time, we use FL for model training to protect data privacy. In addition, we design an improved SHAP interpretable method based on chi-square test to perform interpretable analysis of the trained model. We conducted several experiments to evaluate the proposed FL-TIDS. We first determine experimentally the structure and the number of neurons of the unsupervised AE model. Secondly, we evaluated the proposed method using the UNSW-NB15 and CICIDS2017 datasets. The experimental results show that the unsupervised AE model has better performance than the other 7 intrusion detection models in terms of precision, recall and f1-score. Then, federated learning is used to train the intrusion detection model. The experimental results indicate that the model is more accurate than the local learning model. Finally, we use an improved SHAP explainability method based on Chi-square test to analyze the explainability. The analysis results show that the identification characteristics of the model are consistent with the attack characteristics, and the model is reliable.