EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Mitigating semantic label divergence in federated learning: Obfuscated encoding and alert filtering for security monitoring

Yoonho Lee, Joonghyuk Im, Jisu Kim and Myungkeun Yoon

PLOS ONE, 2025, vol. 20, issue 12, 1-19

Abstract: Federated learning (FL) is emerging as a key approach for collaborative machine learning (ML) in distributed information systems where direct data sharing is infeasible due to policy constraints. In security operations center (SOC) settings, we study FL for the classification of network intrusion detection system (IDS) alerts—structured event records emitted by sensors (e.g., Snort/Suricata)—where consistent interpretation of event data is critical for reliable ML-based decision support. However, differences in labeling criteria across organizations often lead to semantic inconsistencies, undermining the accuracy and generalizability of FL models. This paper presents two key contributions that mitigate this issue without requiring raw data exchange. First, we propose Keyed Feature Hashing (KFH), a key-dependent obfuscated encoding scheme that enables consistent vectorization of heterogeneous IDS alerts across entities while reducing the risk of model inversion. Second, we introduce a filtering mechanism that leverages KFH representations to identify and exclude alerts likely to be misclassified due to inter-entity label discrepancies. Experiments using a large-scale real-world dataset collected from 14 organizations demonstrate that our method improves classification F1-score by up to 13.36% while maintaining over 99% alert coverage. These contributions enhance the trustworthiness of FL-based decision models in distributed, label-divergent environments.

Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0338488 (text/html)
https://journals.plos.org/plosone/article/file?id= ... 38488&type=printable (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:plo:pone00:0338488

DOI: 10.1371/journal.pone.0338488

Access Statistics for this article

More articles in PLOS ONE from Public Library of Science
Bibliographic data for series maintained by plosone ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2026-01-11
Handle: RePEc:plo:pone00:0338488