過去對於伺服器日誌的異常偵測研究，通常只使用本地資料並在本地進行訓練。但由於資料的特性與用戶或企業的隱私息息相關，自行收集的資料 集的尺寸通常較小或是資料分佈嚴重偏斜，使得很容易導致模型訓練失 敗。有鑑於此，此項研究提供一個新穎的聯邦架構，以聯邦學習來輔助時 間序列模型上的異常偵測任務。本研究的目的是利用多個資料集所帶來的 用戶資訊來增強訓練效果，同時也保護用戶資料的隱私。在這項研究中， 此架構在不移動資料的情況下，通過合併來自不同用戶端的資料來訓練模 型。接著為了防止單個用戶完全存取所有資料，此架構將模型和資料皆拆 分成兩個部分，將輸入和輸出分開在不同的用戶端。同時為了抵禦梯度逆 推攻擊，在聚合的階段，模型參數會受到擾動，使得每次返還的參數並非 原始的資料長相。研究結果表明，本研究提出的聯邦架構在噪音係數小於 0.03 的干擾下，仍能高於本地單獨訓練百分之一的成果，並且我們也展示 了不同擾動程度下的模型表現，以找出準確率與保護效果之間的權衡。

We proposed an anomaly detection method that can integrate data information from several edge log collectors in a secure manner. In particular, we take advantage of combining the well-known federated learning and split learning to form the framework for the anomaly task. In this case, we have one level higher security consideration than any of the individual designation. The federated learning provides the privacy preserving when no need to transfer data across different edge devices, and the split learning allows the learning to be done when the feature data and label data can be stored in different places, such as between client and server, for more secure computation as well. The proposed detection method can own the benefit from both. The further novelty of the proposed method comes from that we focus on time series data which is quite commonly seen for anomaly detection tasks given log data with time stamps. Overall, the results show that the proposed data can achieve competitive result compared to the modeling from adopting only federated learning or split learning. That means we built a model with similar effectiveness but in more secure environment. Moreover, in order to resist the gradient inversion attack, the parameters eventually are perturbed during the aggregation process, so that the parameters returned each time does not belong to the original data, thanks to the help from differential privacy.

[1] P. Kairouz, H. B. McMahan, B. Avent, A. Bellet, M. Bennis, A. N. Bhagoji, K. Bonawitz, Z. Charles, G. Cormode, R. Cummings, et al., “Advances and open problems in federated learning,” Foundations and Trends® in Machine Learning, vol. 14, no. 1–2, pp. 1–210, 2021.
[2] J. Wang, Z. Charles, Z. Xu, G. Joshi, H. B. McMahan, M. Al-Shedivat, G. Andrew, S. Avestimehr, K. Daly, D. Data, et al., “A field guide to federated optimization,” arXiv preprint arXiv:2107.06917, 2021.
[3] J. Geiping, H. Bauermeister, H. Dröge, and M. Moeller, “Inverting gradients-how easy is it to break privacy in federated learning?,” Advances in Neural Information Processing Systems, vol. 33, pp. 16937–16947, 2020.
[4] C. Thapa, P. C. Mahawaga Arachchige, S. Camtepe, and L. Sun, “Splitfed: When federated learning meets split learning,” Proceedings of the AAAI Conference on Artificial Intelligence, vol. 36, no. 8, pp. 8485–8493, 2022.
[5] A. Abedi and S. S. Khan, “Fedsl: Federated split learning on distributed sequential data in recurrent neural networks,” arXiv preprint arXiv:2011.03180, 2020.
[6] B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” in Artificial intelligence and statistics, pp. 1273–1282, PMLR, 2017.
[7] M. Zinkevich, M. Weimer, L. Li, and A. Smola, “Parallelized stochastic gradient descent,” in Advances in Neural Information Processing Systems (J. Lafferty, C. Williams, J. Shawe-Taylor, R. Zemel, and A. Culotta, eds.), vol. 23, Curran Associates, Inc., 2010.
[8] Y. Zhao, M. Li, L. Lai, N. Suda, D. Civin, and V. Chandra, “Federated learning with non-iid data,”arXiv preprint arXiv:1806.00582, 2018.
[9] L. Tian, S. A. Kumar, Z. Manzil, S. Maziar, T. Ameet, and S. Virginia, “Federated optimization in heterogeneous networks,” Proceedings of Machine Learning and Systems, vol. 2, pp. 429–450, 2020.
[10] S. P. Karimireddy, S. Kale, M. Mohri, S. Reddi, S. Stich, and A. T. Suresh, “Scaffold: Stochastic controlled averaging for federated learning,” in International Conference on Machine Learning, pp. 5132–5143, PMLR, 2020.
[11] X. Li, M. Jiang, X. Zhang, M. Kamp, and Q. Dou, “FedBN: Federated learning on Non-IID features via local batch normalization,” in International Conference on Learning Representations, 2021.
[12] S. J. Reddi, Z. Charles, M. Zaheer, Z. Garrett, K. Rush, J. Konečný, S. Kumar, and H. B. McMahan,“Adaptive federated optimization,” in International Conference on Learning Representations, 2021.
[13] T.-M. H. Hsu, H. Qi, and M. Brown, “Measuring the effects of non-identical data distribution for federated visual classification,” arXiv preprint arXiv:1909.06335, 2019.
[14] P. Vepakomma, O. Gupta, T. Swedish, and R. Raskar, “Split learning for health: Distributed deep learning without sharing raw patient data,” arXiv preprint arXiv:1812.00564, 2018.
[15] O. Gupta and R. Raskar, “Distributed learning of deep neural network over multiple agents,” Journal of Network and Computer Applications, vol. 116, pp. 1–8, 2018.
[16] C. Dwork, A. Roth, et al., “The algorithmic foundations of differential privacy,” Foundations and Trends in Theoretical Computer Science, vol. 9, no. 3–4, pp. 211–407, 2014.
[17] X. Chen, S. Z. Wu, and M. Hong, “Understanding gradient clipping in private sgd: A geometric perspective,” Advances in Neural Information Processing Systems, vol. 33, pp. 13773–13782, 2020.
[18] R. Pathak and M. J. Wainwright, “Fedsplit: An algorithmic framework for fast federated optimization,”Advances in Neural Information Processing Systems, vol. 33, pp. 7057–7066, 2020.
[19] M. Abadi, A. Chu, I. Goodfellow, H. B. McMahan, I. Mironov, K. Talwar, and L. Zhang, “Deep learning with differential privacy,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, p. 308–318, Association for Computing Machinery, 2016.
[20] W. Xu, L. Huang, A. Fox, D. Patterson, and M. Jordan, “Largescale system problem detection by mining console logs,” Proceedings of SOSP’09, 2009. [21] M. Du, F. Li, G. Zheng, and V. Srikumar, “Deeplog: Anomaly detection and diagnosis from system logs through deep learning,” in Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, pp. 1285–1298, 2017.
[22] W. Meng, Y. Liu, Y. Zhu, S. Zhang, D. Pei, Y. Liu, Y. Chen, R. Zhang, S. Tao, P. Sun, et al.,“Loganomaly: Unsupervised detection of sequential and quantitative anomalies in unstructured logs.,”in IJCAI, vol. 19, pp. 4739–4745, 2019.
[23] Z. Ji, Z. C. Lipton, and C. Elkan, “Differential privacy and machine learning: a survey and review,”arXiv preprint arXiv:1412.7584, 2014.
[24] J. Dong, A. Roth, and W. J. Su, “Gaussian differential privacy,” arXiv preprint arXiv:1905.02383, 2019.
[25] H. Yutao, C. Lingyang, Z. Zirui, W. Lanjun, L. Jiangchuan, P. Jian, and Z. Yong, “Personalized crosssilo federated learning on non-iid data,”Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, no. 9, pp. 7865–7873, 2021.
[26] G. Hongchang, X. An, and H. Heng, “On the convergence of communication-efficient local sgd for federated learning,” Proceedings of the AAAI Conference on Artificial Intelligence, vol. 35, no. 9, pp. 7510–7518, 2021.
[27] C. Yang, S. Xiaoyan, and J. Yaochu, “Communication-efficient federated deep learning with layerwise asynchronous model update and temporally weighted aggregation,” IEEE Transactions on Neural Networks and Learning Systems, vol. 31, no. 10, pp. 4229–4238, 2020.
[28] J. Konečný, H. B. McMahan, F. X. Yu, P. Richtarik, A. T. Suresh, and D. Bacon, “Federated learning: Strategies for improving communication efficiency,” in NIPS Workshop on Private Multi-Party Machine Learning, 2016.
[29] Y. Qiang, L. Yang, C. Tianjian, and T. Yongxin, “Federated machine learning: Concept and applications,” ACM Trans. Intell. Syst. Technol., vol. 10, jan 2019.
[30] L. Liu, H. Jiang, P. He, W. Chen, X. Liu, J. Gao, and J. Han, “On the variance of the adaptive learning rate and beyond,” in International Conference on Learning Representations, 2020.
[31] W. Kang, L. Jun, D. Ming, M. Chuan, Y. H. H., F. Farhad, J. Shi, Q. T. Q. S., and P. H. Vincent, “Federated learning with differential privacy: Algorithms and performance analysis,” IEEE Transactions on Information Forensics and Security, vol. 15, pp. 3454–3469, 2020.
[32] T. Li, S. Hu, A. Beirami, and V. Smith, “Federated multi-task learning for competing constraints,” CoRR, vol. abs/2012.04221, 2020.
[33] Q. Li, Y. Diao, Q. Chen, and B. He, “Federated learning on non-iid data silos: An experimental study,” CoRR, vol. abs/2102.02079, 2021.
[34] V. Mothukuri, R. M. Parizi, S. Pouriyeh, Y. Huang, A. Dehghantanha, and G. Srivastava, “A survey on security and privacy of federated learning,” Future Generation Computer Systems, vol. 115, pp. 619– 640, 2021.
[35] A. D. A. Emre, Z. Yue, Z. Ruizhao, M. Ramon, M. Matthew, W. Paul, and S. Venkatesh, “Debiasing model updates for improving personalized federated training,” in Proceedings of the 38th International Conference on Machine Learning, vol. 139 of Proceedings of Machine Learning Research, pp. 21–31, Jul 2021.
[36] H. Yuan, M. Zaheer, and S. J. Reddi, “Federated composite optimization,” CoRR, vol. abs/2011.08474, 2020.
[37] I. Rei, T. Mineto, and M. Hiroki, “An on-device federated learning approach for cooperative model update between edge devices,” IEEE Access, vol. 9, pp. 92986–92998, 2021.
[38] Y. Felix, R. A. Singh, M. Aditya, and K. Sanjiv, “Federated learning with only positive labels,” in International Conference on Machine Learning, pp. 10946–10956, 2020.
[39] M. Viraaji, K. Prachi, P. R. M., P. Seyedamin, D. Ali, and S. Gautam, “Federated learning-based anomaly detection for iot security attacks,” IEEE Internet of Things Journal, p. 1, 2021.
[40] M. Luo, F. Chen, D. Hu, Y. Zhang, J. Liang, and J. Feng, “No fear of heterogeneity: Classifier calibration for federated learning with non-IID data,” in Advances in Neural Information Processing Systems, 2021.
[41] L. Yi, G. Sahil, N. Jiangtian, Z. Yang, X. Zehui, K. Jiawen, and H. M. Shamim, “Deep anomaly detection for time-series data in industrial iot: A communication-efficient on-device federated learning approach, ” IEEE Internet of Things Journal, vol. 8, no. 8, pp. 6348–6358, 2021.
[42] S. R. Abdel and H. A. Ben, “A federated learning approach to anomaly detection in smart buildings,” ACM Trans. Internet Things, vol. 2, aug 2021.