Article Preview
TopIntroduction
In recent years, the large-scale popularization and rapid development of the internet have brought great convenience to the development of enterprises and personal lives, followed by a series of network security issues and challenges (Hamad et al., 2020; Wang, et al., 2021; Fan et al., 2020). Bad actors often exploit network vulnerabilities, Trojan viruses, and other means to steal confidential information and valuable personal information. Network attacks can have wide coverage and endanger many areas of public production and security, causing huge burdens and losses. Research shows that sudden network attacks reveal that the existing basic network security protection technologies cannot flexibly adapt to resist complex network attacks. Therefore, there is an urgent need to propose network security technologies to address network security threats (Wang et al., 2020; Park et al., 2020; Wang et al., 2022).
At present, the complexity of network threats is increasing, and the means of attack are becoming increasingly diverse, making the security protection of network systems particularly important. Firewalls, spam filters, and antivirus software are all tools used to protect network security. But currently the most widely used and powerful network security technology is NID systems. It is the most crucial link in the attack defense chain and can be used as the first or second defense mechanism for threats or attacks (Liu et al., 2020; Qin et al., 2020; Sharafaldin et al., 2021). The ultimate goal of the NID system is to quickly and accurately detect different types of attacks that may occur in the network, such as denial of service, port scanning, malware, distributed denial of service, or ransomware, by investigating network traffic (Meidan et al., 2022; Lin et al., 2021; Sattler et al., 2022).
The goal of NID is to detect abnormal behavior that damages the host as much as possible without interfering with the normal use of the network. The key to implementing NID is to find an effective detection algorithm to analyze network traffic (Yang et al., 2022; Cheng et al., 2020; Cheng et al., 2021).
Traditional machine learning (ML) technology has been proven to effectively identify important patterns in Internet of things (IoT) traffic, thus effectively targeting attacks. At present, the public is becoming increasingly sensitive to data privacy, and there is a risk of privacy leakage during data transmission (Zhu, et al., 2023; Cui, et al., 2023; de Caldas et al., 2023). Therefore, the data collected and transmitted from the device will be subject to legal regulatory limitations, which may lead to deviations in NID's task results. The delay generated by training based on global data and returning the results to edge nodes is relatively large, which is unacceptable for some delay sensitive applications (Ling & Hao 2022; Ling & Hao., 2022; Tembhurne, et al., 2022).
In 2016, Google proposed a distributed ML framework called FedL that can protect privacy, which is used to protect user privacy and information security during data exchange. FedL provides a collaborative and secure learning protocol that enables efficient learning among multiple participants while ensuring legal compliance (Srivastava, et al., 2022; Rahman, et al., 2020). Under this framework, each edge device can contribute to global model training while retaining the training data locally. In the FedL environment, edge devices typically collect sensing data from IoT nodes, typically time series data, and capture the behavior and operational status of IoT nodes through computational analysis (Mourad, et al., 2020; Abbas, et al., 2021).
This article solves the issues of sensitive information protection and incomplete data in training data by applying transformer and FedL to NID and improves the accuracy of NID. Compared with traditional methods, the proposed method provides the following innovations: