Deep-Federated-Learning-Based Threat Detection Model for Extreme Satellite Communications
Sara Salim, Nour Moustafa, Mohamed Hassanian, David Ormod, Jill Slay
Abstract
Satellite communications (Satcoms), whether ground-to-space or intersatellite, have, to date, primarily combined the two cutting-edge fields of communication and space, in which cybersecurity and space activities are intricately connected. The susceptibility of Satcoms and other space assets to cyberattacks, as a means of targeting critical infrastructure, is sometimes overlooked. Neither space nor cybersecurity policies, particularly for Satcoms systems, are equipped for the challenges posed by the convergence of space and cyberspace. With the rising number of cyberattacks, including reconnaissance, Denial-of-Service (DoS), and zero-day attacks, on Satcoms systems by extreme nation-state attackers, further defenses must be established. These defenses should enable the discovery of zero-day attacks whilst reducing false positives associated with the detection of advanced persistent threats. In this article, to address these cyber concerns, a comprehensive deep federated learning (DFL)-based threat detection model for proactively recognizing intrusions in Satcoms networks using decentralized on-device data while preserving the privacy of this data is proposed. Our approach leverages a decentralized data-level preprocessing (DLP) mechanism, ensuring that original data remains concealed while providing well-processed, statistically transformed thought-out data for robust threat detection. The proposed model executes federated learning rounds on a novel deep auto-encoder (DAE) architecture, maintaining local data on secure warehouses, and sharing only the learned weights with the central FL server. Also, its ensemble mechanism aggregates the updates from multiple sources to optimize the accuracy of the global learning model. The experimental results demonstrate that the proposed model outperforms the classic/centralised learning (non-FL) versions in terms of protecting the privacy of local data and providing an optimal accuracy rate for attack detection. Furthermore, using differential privacy (DP)-based DLP as a privacy preservation mechanism, the proposed model exhibits high levels of accuracy and better levels of privacy over the training data.