Mémoire
| Résumé : | Intrusion Detection Systems (IDS) play a vital role in safeguarding modern network infrastructures from increasingly sophisticated cyber threats. Traditional IDS approaches, which rely on centralized data collection and model training, face significant challenges in terms of data privacy, scalability, and adaptability. Federated Learning (FL) offers a promising alternative by enabling the collaborative training of machine learning models across multiple clients without the need to centralize sensitive data. Instead of sharing raw data, each client trains a local model on its own data and only shares model updates with a central server, which aggregates these updates to form a global model. This approach enhances data privacy and security while leveraging the diverse data distributed across various network entities.This thesis explores the application of Federated Learning to IDS, with a particular focus on the FLAD (Adaptive Federated Learning for DDoS Attack Detection) algorithm. Unlike the original study that primarily focused on DDoS attacks, this research tests FLAD on the CIC-IDS 2017 dataset, which encompasses a wide range of attack types, including brute force, SQL injection, and more. The goal is to assess the algorithm’s performance in detecting diverse types of intrusions across different network environments. In addition to the empirical evaluation of FLAD, the thesis delves into the broader implications of Federated Learning for IDS, discussing its advantages, challenges, security issues, and potential applications. The research provides a detailed comparison of various federated learning algorithms, such as FedAvg and FLDDoS, in terms of their accuracy, efficiency, and ability to handle non-IID (non-Identically and Independently Distributed) data, which is common in real-world network scenarios. The experimental results demonstrate that FLAD outperforms traditional federated learning approaches in terms of detection accuracy and convergence speed, particularly in environments with heterogeneous data distributions. Furthermore, this study highlights the practical considerations and security risks associated with deploying FL in IDS, offering strategies to mitigate these challenges. The findings contribute to the growing body of knowledge on federated learning for cybersecurity applications, providing valuable insights into the design, implementation, and deployment of decentralized IDS. The results suggest that with careful adaptation, Federated Learning can significantly enhance the effectiveness of intrusion detection systems across diverse and distributed network environments while maintaining stringent data privacy standards. |
