DGA-based Intrusion Detection System using Federated Learning Method on Edge Devices

Cybersecurity is one of the most important tasks to secure a network. In traditional approaches, Network Intrusion Detection Systems (NIDS) are usually located on the Cloud, which always handle large amounts of data or are integrated into fire-walls that detect malicious network traffic by extracting specific network features. Both solutions have their own disadvantages. In this paper, we proposed a method for detecting network intrusion at edge devices while not compromising privacy. The proposed system focuses on detecting malicious domain names generated to evade Intrusion Detection Systems (IDSs). We implemented a machine learning algorithm on edge devices and applied the Federated Learning as an approach for distributed intrusion detection. Additionally, we considered the heterogeneity of Cloud-Edge systems and experimented with different non-IID distributions of data among heterogeneous clients. The findings of this study indicate that the proposed system is capable of effectively detecting harmful behaviors, even without sharing local data with the central server. The performance of the proposed system is comparable to that of centralized and traditional techniques.