Threat Intelligence with Non-IID Data in Federated Learning enabled Intrusion Detection for SDN: An Experimental Study

In the realm of cybersecurity, the ever-evolving threat landscape necessitates innovative approaches to design Intrusion Detection Systems (IDS). Software-Defined Networking (SDN) integrated with Deep Learning (DL) has emerged as a transformative paradigm of threat intelligence in IDS. However, centralized data processing in DL based IDS causes privacy issues. Within this context, Federated Learning (FL) has gained significant attention for its potential to enhance intrusion detection while maintaining privacy. This study presents an experimental investigation into the efficacy of FL-enabled intrusion detection in SDN environments, specifically addressing the challenging aspect of threat specific features selection in Non-IID (Non-Independently and Identically Distributed) data. We used the InSDN intrusion dataset containing different attacks including Denial-of-Service (DoS), Distributed-DoS (DDoS), brute force, probe, web and botnet attacks. After data pre-processing, Principal Component Analysis (PCA) is applied to analyze the impact of Non-IID data on features importance. The detailed results of simulations show large variations in features importance for Non-IID data in terms of quantity and threat type distribution. Furthermore, we discuss the implications of our results for future research directions.