Cyberattacks are increasingly threatening networked systems, often with the emergence of new types of unknown (zero-day) attacks and the rise of vulnerable devices. Such attacks can also target multiple components of a Supply Chain, which can be protected via Machine Learning (ML)-based Intrusion Detection Systems (IDSs). However, the need to learn large amounts of labelled data often limits the applicability of ML-based IDSs to cybersystems that only have access to private local data, while distributed systems such as Supply Chains have multiple components, each of which must preserve its private data while being targeted by the same attack To address this issue, this paper proposes a novel Decentralized and Online Federated Learning Intrusion Detection (DOF-ID) architecture based on the G-Network model with collaborative learning, that allows each IDS used by a specific component to learn from the experience gained in other components, in addition to its own local data, without violating the data privacy of other components. The performance evaluation results using public Kitsune and Bot-IoT datasets show that DOF-ID significantly improves the intrusion detection performance in all of the collaborating components, with acceptable computation time for online learning.

This paper proposes a novel Self-Supervised Intrusion Detection (SSID) framework, which enables a fully online Machine Learning (ML) based Intrusion Detection System (IDS) that requires no human intervention or prior off-line learning. The proposed framework analyzes and labels incoming traffic packets based only on the decisions of the IDS itself using an Auto-Associative Deep Random Neural Network, and on an online estimate of its statistically measured trustworthiness. The SSID framework enables IDS to adapt rapidly to time-varying characteristics of the network traffic, and eliminates the need for offline data collection. This approach avoids human errors in data labeling, and human labor and computational costs of model training and data collection. The approach is experimentally evaluated on public datasets and compared with well-known ML models, showing that this SSID framework is very useful and advantageous as an accurate and online learning ML-based IDS for IoT systems.

Botnet attacks are a major threat to networked systems because of their ability to turn the network nodes that they compromise into additional attackers, leading to the spread of high volume attacks over long periods. The detection of such Botnets is complicated by the fact that multiple network IP addresses will be simultaneously compromised, so that Collective Classification of compromised nodes, in addition to the already available traditional methods that focus on individual nodes, can be useful. Thus this work introduces a collective Botnet attack classification technique that operates on traffic from an n-node IP network with a novel Associated Random Neural Network (ARNN) that identifies the nodes which are compromised. The ARNN is a recurrent architecture that incorporates two mutually associated, interconnected and architecturally identical n-neuron random neural networks, that act simultneously as mutual critics to reach the decision regarding which of n nodes have been compromised. A novel gradient learning descent algorithm is presented for the ARNN, and is shown to operate effectively both with conventional off-line training from prior data, and with on-line incremental training without prior off-line learning. Real data from a 107 node packet network is used with over 700,000 packets to evaluate the ARNN, showing that it provides accurate predictions. Comparisons with other well-known state of the art methods using the same learning and testing datasets, show that the ARNN offers significantly better performance.

Despite being first proposed about 60 years ago [1], only in the past few years have artificial neural networks (ANNs) become the de facto standard machine learning model [2] achieving accurate state-of-the-art results for a wide range of problems ranging from image classification [3]-[5], object detection [6], [7], semantic segmentation [8], [9], face recognition [10], [11], and text recognition [12], [13], to speech recognition [14]-[16], natural language processing problems such as machine translation [17], [18], language modeling [19], and question answering [20]. This has resulted in a huge industry-wide adoption from leading technology companies such as Google, Facebook, Microsoft, IBM, Yahoo!, Twitter, Adobe, and a quickly growing number of startups. One of the prominent reasons for this recent revival is that in order for ANNs to achieve such performance they need very large labeled datasets and huge computational power at a scale that only recently came into the hands of individual researchers in the form of GPUs [21], which kick-started the deep learning revolution in 2012 [3]. Since then, the trend for demanding more computation and more power consumption for such applications has largely increased. Despite being initially bio-inspired architectures, ANNs have significant differences from actual biological neurons in how computations are performed by neurons, their structure (connection patterns and topologies of neurons), learning (how neurons adapt themselves to new observations), and communication (how inter-neuron data is encoded and passed). One of the main differences of ANNs compared to biological neurons, is how communication is done. While biological neurons use asynchronous trains of spikes in an event-based, data-driven manner that adapts locally to its external stimulation pattern to communicate and encode data (though the specific encoding mechanism used by neurons is not totally understood), ANNs communicate in dense, continuous valued activations, which means that all ANN neurons are working at the same time, thus using lots of computation and energy to operate. Spiking neural networks leverage the benefit from biological neurons to communicate asynchronously in trains of spikes. Thus, spiking neural networks incorporate the concept of time, and instead of all neurons firing at the same time as the case with ANNs, in spiking neural networks neurons fire only when thier intrinsic potential (i.e.