Network security is an increasingly important concern in today's connected world as the number and complexity of threats continue to grow. Federated learning (FL) is a machine learning method to distributedly train an model using clients' data while protecting their privacy. In this thesis, we present an FL solution for network security, specifically for detecting malware activity in HTTPS traffic. We developed both supervised and unsupervised methods for detecting malware in the clients' data. We evaluate our methods using the CTU-50-FEEL dataset, which contains realistic benign traffic of ten users spanning five days, as well as traffic of six distinct malware. Our experimental results show that our federated learning approach is able to detect a wider range of threats with higher accuracy than if the clients relied only on their own data to create their models. Overall, our work demonstrates the feasibility of using Federated Learning for detecting malware activity in clients with non-IID network traffic while preserving their privacy.

URL: https://dspace.cvut.cz/handle/10467/107647?locale-attribute=en