A Privacy-Preserving Federated Intrusion Detection System Leveraging Secure Multi-Party Computation Across Collaborative Cloud Tenants
摘要
The opening of multi-tenant cloud environments has introduced a complex security environment, making it extremely difficult for organizations to collaborate in responding to advanced cyber threats. Although federated learning (FL) emerges as a potential paradigm for training collaborative intrusion detection models without compromising the network’s raw data, it introduces a new adverse vulnerability in the central aggregation server. Although it is not raw data, the updating of models can be attacked in terms of inference to disclose sensitive information concerning the operational patterns of a tenant. To fill this existing critical gap, a new privacy-preserving hybrid framework is proposed that combines the decentralized training of FL with the cryptographic assurances of Secure Multi-Party Computation (SMPC). It was found that the system employs an SMPC protocol, whose concept of secret sharing is approximated to facilitate secure aggregation, whereby the central server can calculate the average of the global model without accessing the individual model updates of participating tenants. This method can guarantee end-to-end confidentiality of the data of the tenants, hiding the information accessed by the other participants and also by the orchestrator. The paper describes the architecture of the system proposed and formalizes the secure aggregation protocol in addition to providing a complete empirical evaluation. The findings of the simulated multi-tenant setup show that the framework can reach near-similar levels of detection compared to non-private federated learning, but with the measurable and acceptable computational and communication overhead, thus presenting a safe and effective method of privacy-aware collaborative security.