Due to the veracity and heterogeneity in network traffic, detecting anomalous events is challenging. The computational load on global servers is a significant challenge in terms of efficiency, accuracy, and scalability. Our primary motivation is to introduce a robust and scalable framework that enables efficient network anomaly detection. We address the issue of scalability and efficiency for network anomaly detection by leveraging federated learning, in which multiple participants train a global model jointly. Unlike centralized training architectures, federated learning does not require participants to upload their training data to the server, preventing attackers from exploiting the training data. Moreover, most prior works have focused on traditional centralized machine learning, making federated machine learning under-explored in network anomaly detection. Therefore, we propose a deep neural network framework that could work on low to mid-end devices detecting network anomalies while checking if a request from a specific IP address is malicious or not. Compared to multiple traditional centralized machine learning models, the deep neural federated model reduces training time overhead. The proposed method performs better than baseline machine learning techniques on the UNSW-NB15 data set as measured by experiments conducted with an accuracy of 97.21% and a faster computation time.

翻译：由于网络流量的真实性和异构性，异常事件的检测面临挑战。全局服务器上的计算负载在效率、准确性和可扩展性方面构成重大难题。我们的主要动机是引入一个稳健且可扩展的框架，以实现高效的网络异常检测。我们通过利用联邦学习（Federated Learning）解决网络异常检测的可扩展性和效率问题，在该方法中，多个参与者共同训练一个全局模型。与集中式训练架构不同，联邦学习无需参与者将训练数据上传至服务器，从而防止攻击者利用训练数据。此外，先前的大多数研究聚焦于传统的集中式机器学习，使得联邦机器学习在网络异常检测领域尚未得到充分探索。因此，我们提出一个深度神经网络框架，该框架可在中低端设备上运行，用于检测网络异常，同时判断来自特定IP地址的请求是否为恶意。与多种传统集中式机器学习模型相比，该深度神经联邦模型降低了训练时间开销。在UNSW-NB15数据集上进行的实验测量表明，所提方法优于基线机器学习技术，准确率达到97.21%，且计算速度更快。