Recent Intrusion Detection System (IDS) research has increasingly moved towards the adoption of machine learning methods. However, most of these systems rely on supervised learning approaches, necessitating a fully labeled training set. In the realm of network intrusion detection, the requirement for extensive labeling can become impractically burdensome. Moreover, while IDS training could benefit from inter-company knowledge sharing, the sensitive nature of cybersecurity data often precludes such cooperation. To address these challenges, we propose an IDS architecture that utilizes unsupervised learning to reduce the need for labeling. We further facilitate collaborative learning through the implementation of a federated learning framework. To enhance privacy beyond what current federated clustering models offer, we introduce an innovative federated K-means++ initialization technique. Our findings indicate that transitioning from a centralized to a federated setup does not significantly diminish performance.

翻译：近年来，入侵检测系统（IDS）的研究日益倾向于采用机器学习方法。然而，这些系统大多依赖于监督学习方法，需要完全标记的训练集。在网络入侵检测领域，对大量标记数据的需求在实践中往往难以满足。此外，尽管IDS训练可以从跨机构知识共享中获益，但网络安全数据的敏感性通常阻碍了此类合作。为应对这些挑战，我们提出了一种利用无监督学习来减少标记需求的IDS架构。我们进一步通过实施联邦学习框架来促进协作学习。为了在现有联邦聚类模型的基础上增强隐私保护，我们引入了一种创新的联邦K-means++初始化技术。我们的研究结果表明，从集中式架构转向联邦式架构并不会显著降低系统性能。