Cyberattacks are increasingly threatening networked systems, often with the emergence of new types of unknown (zero-day) attacks and the rise of vulnerable devices. While Machine Learning (ML)-based Intrusion Detection Systems (IDSs) have been shown to be extremely promising in detecting these attacks, the need to learn large amounts of labelled data often limits the applicability of ML-based IDSs to cybersystems that only have access to private local data. To address this issue, this paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection (DOF-ID) architecture. DOF-ID is a collaborative learning system that allows each IDS used for a cybersystem to learn from experience gained in other cybersystems in addition to its own local data without violating the data privacy of other systems. As the performance evaluation results using public Kitsune and Bot-IoT datasets show, DOF-ID significantly improves the intrusion detection performance in all collaborating nodes simultaneously with acceptable computation time for online learning.

翻译：网络攻击日益威胁着联网系统，新型未知（零日）攻击的不断涌现以及脆弱设备的增多更加剧了这一趋势。尽管基于机器学习的入侵检测系统在检测这些攻击方面展现出巨大潜力，但学习大量标注数据的需求往往限制了其在仅能访问私有本地数据的网络系统中的应用。为解决这一问题，本文提出了一种新型去中心化在线联邦学习入侵检测架构。该架构是一种协作学习系统，允许每个网络系统使用的入侵检测系统在保护其他系统数据隐私的前提下，除自身本地数据外，还能从其他网络系统的经验中学习。基于公开的Kitsune和Bot-IoT数据集的性能评估结果表明，该架构能够显著提升所有协作节点的入侵检测性能，同时适用于在线学习的可接受计算时间。