Federated Learning-Based Collaborative Detection of Malicious Traffic in Software-Defined Container Networks

Malicious traffic detection is one of the basic tasks of software-defined networks (SDN). With the expansion of network scale and complexity, malicious traffic detection has become an obstacle to the integration of SDN into container networks. Most of the existing works generally study a variety of features, resulting in problems such as the high cost of feature design, low detection rate of abnormal samples, and additional detection overhead. This paper proposes a federated learning-based collaborative detection of malicious traffic, which combines all the involved containers' correlation information to identify malicious traffic. To solve the problem of high detection overhead, a detection candidates selection method with credence degree is proposed, which dynamically adjusts the set of containers that need to be detected to reduce the detection overhead. Experimental results show that the proposed method outperforms three baseline methods by improving the detection accuracy, precision rate, and recall rate while reducing the network bandwidth utilization rate under distributed denial of services (DDoS), low-rate denial of services (LDoS), port scanning (PS), and replay attacks (RA).