Malware Detection utilizing Reinforcement and Federated Learning
Author
Sørensen, Martin Møller
Term
4. semester
Education
Publication year
2024
Abstract
This thesis investigates the use of reinforcement learning for malware and intrusion detection, combining enhancements from the Rainbow variant of Deep Q-Networks (a set of techniques extending the classical DQN) with federated learning to preserve data privacy. A conventional DQN serves as the baseline. Using the NSL-KDD dataset, the work builds an RL environment and agent, implemented in Python, and compares centralized training with a decentralized (federated) setup. It also examines zero-day-like scenarios within the federated framework. The aim is to assess whether advanced RL techniques can strengthen detection systems without requiring data centralization. The thesis reports baseline, component-wise, and comparative results, and discusses, where appropriate, the potential benefits and limitations of combining Rainbow-style RL with federated learning.
Dette speciale undersøger, hvordan forstærkningslæring kan anvendes til malware- og indtrængningsdetektion, og kombinerer forbedringer fra Rainbow-varianten af Deep Q-Network (en samling teknikker, der udvider den klassiske DQN) med federeret læring for at bevare datas privatliv. En konventionel DQN fungerer som baseline. Med NSL-KDD-datasættet konstrueres et RL-miljø og en agent, implementeret i Python, og der sammenlignes mellem centraliseret træning og en decentraliseret (federeret) opsætning. Derudover undersøges zero-day-lignende scenarier i den federerede ramme. Formålet er at vurdere, om avancerede RL-teknikker kan styrke detektionssystemer uden at kræve datacentralisering. Specialet rapporterer baseline-, komponentvise og komparative resultater og drøfter, hvor det er relevant, mulige fordele og begrænsninger ved at kombinere Rainbow-inspireret RL med federeret læring.
[This apstract has been generated with the help of AI directly from the project full text]