Federated PCA on Grassmann Manifold for IoT Anomaly Detection

Tung-Anh Nguyen,Long Tan Le,Tuan Dung Nguyen,Wei Bao,Suranga Seneviratne,Choong Seon Hong,Nguyen H. Tran
DOI: https://doi.org/10.1109/TNET.2024.3423780
2024-07-10
Abstract:With the proliferation of the Internet of Things (IoT) and the rising interconnectedness of devices, network security faces significant challenges, especially from anomalous activities. While traditional machine learning-based intrusion detection systems (ML-IDS) effectively employ supervised learning methods, they possess limitations such as the requirement for labeled data and challenges with high dimensionality. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions but pose challenges in deployment onto resource-constrained IoT devices and in interpretability. To address these concerns, this paper proposes a novel federated unsupervised anomaly detection framework, FedPCA, that leverages Principal Component Analysis (PCA) and the Alternating Directions Method Multipliers (ADMM) to learn common representations of distributed non-i.i.d. datasets. Building on the FedPCA framework, we propose two algorithms, FEDPE in Euclidean space and FEDPG on Grassmann manifolds. Our approach enables real-time threat detection and mitigation at the device level, enhancing network resilience while ensuring privacy. Moreover, the proposed algorithms are accompanied by theoretical convergence rates even under a subsampling scheme, a novel result. Experimental results on the UNSW-NB15 and TON-IoT datasets show that our proposed methods offer performance in anomaly detection comparable to nonlinear baselines, while providing significant improvements in communication and memory efficiency, underscoring their potential for securing IoT networks.
Machine Learning,Artificial Intelligence,Cryptography and Security,Distributed, Parallel, and Cluster Computing
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is the challenges faced by anomaly detection in the Internet of Things (IoT) networks. Specifically, the author points out the limitations of current machine - learning - based intrusion detection systems (ML - IDS) in dealing with high - dimensional data, the lack of labeled data, and resource - constrained devices. To address these challenges, the paper proposes a new joint unsupervised anomaly detection framework - FedPCA, which utilizes principal component analysis (PCA) and the alternating direction method of multipliers (ADMM) to learn the common representation of distributed non - independent and identically distributed (non - i.i.d.) datasets. ### Problem Background With the popularization and increased interconnection of IoT devices, network security faces significant challenges, especially threats from abnormal activities. Although traditional supervised - learning - based ML - IDS are effective, they require a large amount of labeled data and have difficulties in dealing with high - dimensional data. Recent unsupervised ML - IDS methods such as AutoEncoders and generative adversarial networks (GAN) provide alternatives, but face challenges in computational resources and interpretability when deployed on resource - constrained IoT devices. ### Solution To solve these problems, the paper proposes a new framework named FedPCA, which has the following features: 1. **Joint Unsupervised Learning**: Through the method of joint learning, multiple IoT devices can collaborate to learn a shared model without having to centralize the data on a central server. 2. **Combination of PCA and ADMM**: Use PCA for dimension reduction and optimize through the ADMM algorithm to ensure consensus among different devices, thereby achieving effective processing of distributed data. 3. **Two Algorithms**: Propose two algorithms, FEDPE (in Euclidean space) and FEDPG (in Grassmann manifold), to adapt to different application scenarios. ### Main Contributions 1. **Privacy Protection and Communication Efficiency**: Through local update and federated learning mechanisms, the data transmission requirements are reduced, protecting user privacy. 2. **Theoretical Convergence Analysis**: Provide theoretical convergence guarantees for the algorithms, demonstrating their convergence characteristics under sub - sampling schemes. 3. **Experimental Verification**: The experimental results on the UNSW - NB15 and TON - IoT datasets show that the proposed FEDPE and FEDPG methods are not only comparable to non - linear baseline methods in anomaly detection performance, but also have significant improvements in communication and memory efficiency. Through these innovations, the FedPCA framework aims to enhance the security and robustness of IoT networks while ensuring privacy protection and efficient resource utilization.