The role of anomaly detection systems in Critical Infrastructures (CIs) is critical due to the complexity of CIs and their control systems, which are usually implemented by computer-based controllers that constantly produce logs of their activities. Moreover, many CIs, located in different locations or even belonging to different companies, may share similar application software for controlling the CIs themselves. The goal of this work is to use such logs to perform automatic anomaly detection in a federated learning (FL) paradigm, which ensures that no data is exchanged between sites to train the anomaly detection models, but each learning agent learns on its own data, leveraging the knowledge acquired by the other agents. Our proposed approach - AdaLightLog - which implements a modified FL paradigm with adaptive loss functions at local servers side and weighted averaging of local server models, so to differentiate the quality of the different local servers’ models in the global averaging, is tested against state-of-the-art methods and shows an improvement in performance in terms of accuracy, precision and recall with respect to the standard FL implementation (FedAvg). Furthermore, a comparison between different metrics for the adaptive loss functions and the dynamic weights is presented.
Dettaglio pubblicazione
2025, Critical Information Infrastructures Security 19th International Conference, CRITIS 2024, Rome, Italy, September 18–20, 2024, Revised Selected Papers, Pages 289-305 (volume: 15549 LNCS)
AdaLightLog: Enhancing Application Logs Anomaly Detection via Adaptive Federating Learning (04b Atto di convegno in volume)
Menegatti Danilo, De Santis Emanuele, Felli Stefano, Giuseppi Alessandro
ISBN: 9783031842597; 9783031842603
keywords