Federated deep Q-learning networks for service-based anomaly detection and classification in edge-to-cloud ecosystems
- Author
- Mays AL-Naday, Vlad Dobre, Martin Reed, Salman Toor, Bruno Volckaert (UGent) and Filip De Turck (UGent)
- Organization
- Abstract
- The diversity of services and infrastructure in metropolitan edge-to-cloud network(s) is rising to unprecedented levels. This is causing a rising threat of a wider range of cyber attacks coupled with a growing integration of a constrained range of infrastructure, particularly seen at the network edge. Deep reinforcement-based learning is an attractive approach to detecting attacks, as it allows less dependency on labeled data with better ability to classify different attacks. However, current approaches to learning are known to be computationally expensive (cost), and the learning experience can be negatively impacted by the presence of outliers and noise (quality). This work tackles both the cost and quality challenges with a novel service-based federated deep reinforcement learning solution, enabling anomaly detection and attack classification at a reduced data cost and with better quality. The federated settings in the proposed approach enable multiple edge units to create clusters that follow a bottom-up learning approach. The proposed solution adapts a deep Q-learning network (DQN) for service-tunable flow classification and introduces a novel federated DQN (FDQN) for federated learning. Through such targeted training and validation, variation in data patterns and noise is reduced. This leads to improved performance per service with lower training cost. Performance and cost of the solution, along with sensitivity to exploration parameters, are evaluated using examples of publicly available datasets (UNSW-NB15 and CIC-IDS2018). Evaluation results show the proposed solution to maintain detection accuracy in the range of & AP;75-85% with lower data supply while improving the classification rate by a factor of & AP;2.
- Keywords
- Cyber security, Federated deep reinforcement learning, Deep Q-learning, Anomaly detection, Cloud-to-edge continuum, Fog computing
Downloads
-
8383.pdf
- full text (Published version)
- |
- open access
- |
- |
- 2.24 MB
Citation
Please use this url to cite or link to this publication: http://hdl.handle.net/1854/LU-01HAPB200TX3495T5E3YR0BVTW
- MLA
- AL-Naday, Mays, et al. “Federated Deep Q-Learning Networks for Service-Based Anomaly Detection and Classification in Edge-to-Cloud Ecosystems.” ANNALS OF TELECOMMUNICATIONS, vol. 79, 2024, pp. 165–78, doi:10.1007/s12243-023-00977-4.
- APA
- AL-Naday, M., Dobre, V., Reed, M., Toor, S., Volckaert, B., & De Turck, F. (2024). Federated deep Q-learning networks for service-based anomaly detection and classification in edge-to-cloud ecosystems. ANNALS OF TELECOMMUNICATIONS, 79, 165–178. https://doi.org/10.1007/s12243-023-00977-4
- Chicago author-date
- AL-Naday, Mays, Vlad Dobre, Martin Reed, Salman Toor, Bruno Volckaert, and Filip De Turck. 2024. “Federated Deep Q-Learning Networks for Service-Based Anomaly Detection and Classification in Edge-to-Cloud Ecosystems.” ANNALS OF TELECOMMUNICATIONS 79: 165–78. https://doi.org/10.1007/s12243-023-00977-4.
- Chicago author-date (all authors)
- AL-Naday, Mays, Vlad Dobre, Martin Reed, Salman Toor, Bruno Volckaert, and Filip De Turck. 2024. “Federated Deep Q-Learning Networks for Service-Based Anomaly Detection and Classification in Edge-to-Cloud Ecosystems.” ANNALS OF TELECOMMUNICATIONS 79: 165–178. doi:10.1007/s12243-023-00977-4.
- Vancouver
- 1.AL-Naday M, Dobre V, Reed M, Toor S, Volckaert B, De Turck F. Federated deep Q-learning networks for service-based anomaly detection and classification in edge-to-cloud ecosystems. ANNALS OF TELECOMMUNICATIONS. 2024;79:165–78.
- IEEE
- [1]M. AL-Naday, V. Dobre, M. Reed, S. Toor, B. Volckaert, and F. De Turck, “Federated deep Q-learning networks for service-based anomaly detection and classification in edge-to-cloud ecosystems,” ANNALS OF TELECOMMUNICATIONS, vol. 79, pp. 165–178, 2024.
@article{01HAPB200TX3495T5E3YR0BVTW, abstract = {{The diversity of services and infrastructure in metropolitan edge-to-cloud network(s) is rising to unprecedented levels. This is causing a rising threat of a wider range of cyber attacks coupled with a growing integration of a constrained range of infrastructure, particularly seen at the network edge. Deep reinforcement-based learning is an attractive approach to detecting attacks, as it allows less dependency on labeled data with better ability to classify different attacks. However, current approaches to learning are known to be computationally expensive (cost), and the learning experience can be negatively impacted by the presence of outliers and noise (quality). This work tackles both the cost and quality challenges with a novel service-based federated deep reinforcement learning solution, enabling anomaly detection and attack classification at a reduced data cost and with better quality. The federated settings in the proposed approach enable multiple edge units to create clusters that follow a bottom-up learning approach. The proposed solution adapts a deep Q-learning network (DQN) for service-tunable flow classification and introduces a novel federated DQN (FDQN) for federated learning. Through such targeted training and validation, variation in data patterns and noise is reduced. This leads to improved performance per service with lower training cost. Performance and cost of the solution, along with sensitivity to exploration parameters, are evaluated using examples of publicly available datasets (UNSW-NB15 and CIC-IDS2018). Evaluation results show the proposed solution to maintain detection accuracy in the range of & AP;75-85% with lower data supply while improving the classification rate by a factor of & AP;2.}}, author = {{AL-Naday, Mays and Dobre, Vlad and Reed, Martin and Toor, Salman and Volckaert, Bruno and De Turck, Filip}}, issn = {{0003-4347}}, journal = {{ANNALS OF TELECOMMUNICATIONS}}, keywords = {{Cyber security,Federated deep reinforcement learning,Deep Q-learning,Anomaly detection,Cloud-to-edge continuum,Fog computing}}, language = {{eng}}, pages = {{165--178}}, title = {{Federated deep Q-learning networks for service-based anomaly detection and classification in edge-to-cloud ecosystems}}, url = {{http://doi.org/10.1007/s12243-023-00977-4}}, volume = {{79}}, year = {{2024}}, }
- Altmetric
- View in Altmetric
- Web of Science
- Times cited: