A Hybrid Machine Learning Intrusion Detection System Framework with Integrated Server and Client Models for Wireless Sensor Networks
Federated Learning (FL) has emerged as a novel distributed Machine Learning (ML) approach to tackle the challenges associated with data privacy and overload in ML-based intrusion detection systems (IDSs). Drawing inspiration from the FL architecture, this thesis introduces the Server-Client Machine Learning Intrusion Detection System (SC-MLIDS), a hybrid ML IDS framework tailored for Wireless Sensor Networks (WSNs). SC-MLIDS is crafted to leverage ML for achieving a two-layer intrusion detection mechanism in WSNs, free from constraints posed by specific attack types. The framework follows a server-client model compatible with the configuration of sensor nodes, sink nodes, and gateways in WSNs. In this setup, client models located at sink nodes undergo training using sensing data, while the server model at the gateway is trained using network traffic data. This two-layer training approach not only amplifies the efficiency of intrusion detection but also ensures comprehensive network coverage.
The principal innovation of SC-MLIDS is the development of two model aggregation prediction algorithms, implemented at the gateway level. The first algorithm assesses models based on their performance metrics and assigned weights. The second algorithm uses a majority voting technique, combining predictions from both client and server models to bolster accuracy. In the operational phase, sensor nodes transmit collected data to their respective sink node for initial validation by the client model. Once the data is validated and associated with network traffic information, it is forwarded to the gateway for further validation through the model aggregation prediction algorithms.
The results of our simulation experiments corroborate the effectiveness of the proposed SC-MLIDS framework. It generates precise aggregation predictions, leading to a substantial reduction in redundant data transmissions. Furthermore, the SC-MLIDS framework exhibits efficacy in detecting intrusions through a two-layer validation process.