A Semi-Supervised Federated Learning Scheme via Knowledge Distillation for Intrusion Detection

Federated learning (FL) has become an increasingly popular solution for intrusion detection to avoid data privacy leakage in Internet of Things (IoT) edge devices. However, most of the current FL-based intrusion detection methods still suffer from three limitations: (1) model parameters transmitted in each round may be used to recover private data which leads to security risks, (2) not independent and identically distributed (non-IID) private data seriously adversely affects the training of FL (especially distillation-based FL), and (3) high communication overhead caused by the large model size greatly hinders the actual deployment of the solution. To address these problems, this paper develops an intrusion detection method based on semi-supervised FL scheme via knowledge distillation. First, our proposed method leverages unlabeled data via distillation method to enhance the classifier performance. Second, we build a CNN-based model for extracting deep features of the traffic packets, and take this model as both the classifier network and discriminator network. Third, discriminator is designed to improve the quality of each client's predicted labels, to avoid the failure of distillation training caused by a large number of incorrect predictions under private non-IID data. Moreover, the combination of hard-label strategy and voting mechanism further reduces communication overhead. Experimental results on the real-world traffic dataset show that our proposed method can achieve better classification performance as well as lower communication overhead than state-of-the-art methods.