Mohamed Amine Ferrag,Mthandazo Ndhlovu,Norbert Tihanyi,Lucas C. Cordeiro,Merouane Debbah,Thierry Lestable,Narinderjit Singh Thandi

DOI: https://doi.org/10.1109/access.2024.3363469

IF: 3.9

2024-02-20

IEEE Access

Abstract:The field of Natural Language Processing (NLP) is currently undergoing a revolutionary transformation driven by the power of pre-trained Large Language Models (LLMs) based on groundbreaking Transformer architectures. As the frequency and diversity of cybersecurity attacks continue to rise, the importance of incident detection has significantly increased. IoT devices are expanding rapidly, resulting in a growing need for efficient techniques to autonomously identify network-based attacks in IoT networks with both high precision and minimal computational requirements. This paper presents SecurityBERT, a novel architecture that leverages the Bidirectional Encoder Representations from Transformers (BERT) model for cyber threat detection in IoT networks. During the training of SecurityBERT, we incorporated a novel privacy-preserving encoding technique called Privacy-Preserving Fixed-Length Encoding (PPFLE). We effectively represented network traffic data in a structured format by combining PPFLE with the Byte-level Byte-Pair Encoder (BBPE) Tokenizer. Our research demonstrates that SecurityBERT outperforms traditional Machine Learning (ML) and Deep Learning (DL) methods, such as Convolutional Neural Networks (CNNs) or Recurrent Neural Networks (RNNs), in cyber threat detection. Employing the Edge-IIoTset cybersecurity dataset, our experimental analysis shows that SecurityBERT achieved an impressive 98.2% overall accuracy in identifying fourteen distinct attack types, surpassing previous records set by hybrid solutions such as GAN-Transformer-based architectures and CNN-LSTM models. With an inference time of less than 0.15 seconds on an average CPU and a compact model size of just 16.7MB, SecurityBERT is ideally suited for real-life traffic analysis and a suitable choice for deployment on resource-constrained IoT devices.

computer science, information systems,telecommunications,engineering, electrical & electronic

Taki Eddine Toufik Djaidja,Bouziane Brik,Abdelwahab Boualouache,Sidi Mohammed Senouci,Yacine Ghamri-Doudane

DOI: https://doi.org/10.1016/j.cose.2024.103707

IF: 5.105

2024-01-12

Computers & Security

Abstract:5G's service providers now leverage Deep Learning (DL) to automate their network slice management, provisioning, and security. To this end, each slice owner contributes data to feed a common dataset used to train centralized learning models. However, this method raises privacy considerations that prevent its usage. Therefore, Federated learning (FL), a collaborative approach that ensures data privacy, is being investigated while striving toward the same performance as centralized learning. As 5G and beyond services are so diverse, the local slice's data is not intended to reflect the entire data distribution. Thus, local data of slices are Non-Independently and non-Identically distributed (Non-IID), posing a challenge for FL-based models. In this paper, we investigate the use of FL to secure network slices and detect potential attacks. For that purpose, we first propose an architecture for deploying intrusion detection systems (IDSs) in 5G and beyond networks. Next, we thoroughly evaluate the latest state-of-art FL algorithms, including FedAvg, FedProx, FedPer, and SCAFFOLD, in the context of Independently and Identically Distributed (IID) and Non-IID data distributions. We compare these FL models to centralized and local DL models. We find that SCAFFOLD outperforms all the other FL algorithms and ensures a stable learning loss convergence, a promising finding that strengthens the case for leveraging FL in IDS development. Nevertheless, none of the FL models could achieve the centralized model's performance in Non-IID scenarios.

computer science, information systems

Xin Sun,Zhijun Tang,Mengxuan Du,Chaoping Deng,Wenbin Lin,Jinshan Chen,Qi Qi,Haifeng Zheng

DOI: https://doi.org/10.3390/electronics11162627

IF: 2.9

2022-01-01

Electronics

Abstract:As the core component of smart grids, advanced metering infrastructure (AMI) provides the communication and control functions to implement critical services, which makes its security crucial to power companies and customers. An intrusion detection system (IDS) can be applied to monitor abnormal information and trigger an alarm to protect AMI security. However, existing intrusion detection models exhibit a low performance and are commonly trained on cloud servers, which pose a major threat to user privacy and increase the detection delay. To solve these problems, we present a transformer-based intrusion detection model (Transformer-IDM) to improve the performance of intrusion detection. In addition, we integrate 5G technology into the AMI system and propose a hierarchical federated learning intrusion detection system (HFed-IDS) to collaboratively train Transformer-IDM to protect user privacy in the core networks. Finally, extensive experimental results using a real-world intrusion detection dataset demonstrate that the proposed approach is superior to other existing approaches in terms of detection accuracy and communication cost for an IDS.

Shahriar Usman Khan,Fariha Eusufzai,Saifur Rahman Sabuj,Mahmoud Elsharief,Md Mamunur Rashid,Md. Azharuddin Redwan

DOI: https://doi.org/10.3390/network3010008

2023-01-30

Network

Abstract:The Internet of Things (IoT) is a network of electrical devices that are connected to the Internet wirelessly. This group of devices generates a large amount of data with information about users, which makes the whole system sensitive and prone to malicious attacks eventually. The rapidly growing IoT-connected devices under a centralized ML system could threaten data privacy. The popular centralized machine learning (ML)-assisted approaches are difficult to apply due to their requirement of enormous amounts of data in a central entity. Owing to the growing distribution of data over numerous networks of connected devices, decentralized ML solutions are needed. In this paper, we propose a Federated Learning (FL) method for detecting unwanted intrusions to guarantee the protection of IoT networks. This method ensures privacy and security by federated training of local IoT device data. Local IoT clients share only parameter updates with a central global server, which aggregates them and distributes an improved detection algorithm. After each round of FL training, each of the IoT clients receives an updated model from the global server and trains their local dataset, where IoT devices can keep their own privacy intact while optimizing the overall model. To evaluate the efficiency of the proposed method, we conducted exhaustive experiments on a new dataset named Edge-IIoTset. The performance evaluation demonstrates the reliability and effectiveness of the proposed intrusion detection model by achieving an accuracy (92.49%) close to that offered by the conventional centralized ML models’ accuracy (93.92%) using the FL method.

Alaeddine Diaf,Abdelaziz Amara Korba,Nour Elislem Karabadji,Yacine Ghamri-Doudane

2024-08-26

Abstract:In recent years, numerous large-scale cyberattacks have exploited Internet of Things (IoT) devices, a phenomenon that is expected to escalate with the continuing proliferation of IoT technology. Despite considerable efforts in attack detection, intrusion detection systems remain mostly reactive, responding to specific patterns or observed anomalies. This work proposes a proactive approach to anticipate and mitigate malicious activities before they cause damage. This paper proposes a novel network intrusion prediction framework that combines Large Language Models (LLMs) with Long Short Term Memory (LSTM) networks. The framework incorporates two LLMs in a feedback loop: a fine-tuned Generative Pre-trained Transformer (GPT) model for predicting network traffic and a fine-tuned Bidirectional Encoder Representations from Transformers (BERT) for evaluating the predicted traffic. The LSTM classifier model then identifies malicious packets among these predictions. Our framework, evaluated on the CICIoT2023 IoT attack dataset, demonstrates a significant improvement in predictive capabilities, achieving an overall accuracy of 98%, offering a robust solution to IoT cybersecurity challenges.

Cryptography and Security,Artificial Intelligence

Valerian Rey,Pedro Miguel Sánchez Sánchez,Alberto Huertas Celdrán,Gérôme Bovet

DOI: https://doi.org/10.1016/j.comnet.2021.108693

IF: 5.493

2022-02-01

Computer Networks

Abstract:Billions of IoT devices lacking proper security mechanisms have been manufactured and deployed for the last years, and more will come with the development of Beyond 5G technologies. Their vulnerability to malware has motivated the need for efficient techniques to detect infected IoT devices inside networks. With data privacy and integrity becoming a major concern in recent years, increasing with the arrival of 5G and Beyond networks, new technologies such as federated learning and blockchain emerged. They allow training machine learning models with decentralized data while preserving its privacy by design. This work investigates the possibilities enabled by federated learning concerning IoT malware detection and studies security issues inherent to this new learning paradigm. In this context, a framework that uses federated learning to detect malware affecting IoT devices is presented. N-BaIoT, a dataset modeling network traffic of several real IoT devices while affected by malware, has been used to evaluate the proposed framework. Both supervised and unsupervised federated models (multi-layer perceptron and autoencoder) able to detect malware affecting seen and unseen IoT devices of N-BaIoT have been trained and evaluated. Furthermore, their performance has been compared to two traditional approaches. The first one lets each participant locally train a model using only its own data, while the second consists of making the participants share their data with a central entity in charge of training a global model. This comparison has shown that the use of more diverse and large data, as done in the federated and centralized methods, has a considerable positive impact on the model performance. Besides, the federated models, while preserving the participant’s privacy, show similar results as the centralized ones. As an additional contribution and to measure the robustness of the federated approach, an adversarial setup with several malicious participants poisoning the federated model has been considered. The baseline model aggregation averaging step used in most federated learning algorithms appears highly vulnerable to different attacks, even with a single adversary. The performance of other model aggregation functions acting as countermeasures is thus evaluated under the same attack scenarios. These functions provide a significant improvement against malicious participants, but more efforts are still needed to make federated approaches robust.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Othmane Belarbi,Theodoros Spyridopoulos,Eirini Anthi,Ioannis Mavromatis,Pietro Carnelli,Aftab Khan

2023-08-05

Abstract:The vast increase of Internet of Things (IoT) technologies and the ever-evolving attack vectors have increased cyber-security risks dramatically. A common approach to implementing AI-based Intrusion Detection systems (IDSs) in distributed IoT systems is in a centralised manner. However, this approach may violate data privacy and prohibit IDS scalability. Therefore, intrusion detection solutions in IoT ecosystems need to move towards a decentralised direction. Federated Learning (FL) has attracted significant interest in recent years due to its ability to perform collaborative learning while preserving data confidentiality and locality. Nevertheless, most FL-based IDS for IoT systems are designed under unrealistic data distribution conditions. To that end, we design an experiment representative of the real world and evaluate the performance of an FL-based IDS. For our experiments, we rely on TON-IoT, a realistic IoT network traffic dataset, associating each IP address with a single FL client. Additionally, we explore pre-training and investigate various aggregation methods to mitigate the impact of data heterogeneity. Lastly, we benchmark our approach against a centralised solution. The comparison shows that the heterogeneous nature of the data has a considerable negative impact on the model's performance when trained in a distributed manner. However, in the case of a pre-trained initial global FL model, we demonstrate a performance improvement of over 20% (F1-score) compared to a randomly initiated global model.

Cryptography and Security,Machine Learning

Van Tuan Nguyen,Razvan Beuran

2024-10-18

Abstract:This paper proposes a novel federated learning approach for improving IoT network intrusion detection. The rise of IoT has expanded the cyber attack surface, making traditional centralized machine learning methods insufficient due to concerns about data availability, computational resources, transfer costs, and especially privacy preservation. A semi-supervised federated learning model was developed to overcome these issues, combining the Shrink Autoencoder and Centroid one-class classifier (SAE-CEN). This approach enhances the performance of intrusion detection by effectively representing normal network data and accurately identifying anomalies in the decentralized strategy. Additionally, a mean square error-based aggregation algorithm (MSEAvg) was introduced to improve global model performance by prioritizing more accurate local models. The results obtained in our experimental setup, which uses various settings relying on the N-BaIoT dataset and Dirichlet distribution, demonstrate significant improvements in real-world heterogeneous IoT networks in detection accuracy from 93.98$\pm$2.90 to 97.30$\pm$0.49, reduced learning costs when requiring only 50\% of gateways participating in the training process, and robustness in large-scale networks.

Machine Learning,Artificial Intelligence

Jiyuan Shen,Wenzhuo Yang,Zhaowei Chu,Jiani Fan,Dusit Niyato,Kwok-Yan Lam

2024-01-22

Abstract:With the rapid development of low-cost consumer electronics and cloud computing, Internet-of-Things (IoT) devices are widely adopted for supporting next-generation distributed systems such as smart cities and industrial control systems. IoT devices are often susceptible to cyber attacks due to their open deployment environment and limited computing capabilities for stringent security controls. Hence, Intrusion Detection Systems (IDS) have emerged as one of the effective ways of securing IoT networks by monitoring and detecting abnormal activities. However, existing IDS approaches rely on centralized servers to generate behaviour profiles and detect anomalies, causing high response time and large operational costs due to communication overhead. Besides, sharing of behaviour data in an open and distributed IoT network environment may violate on-device privacy requirements. Additionally, various IoT devices tend to capture heterogeneous data, which complicates the training of behaviour models. In this paper, we introduce Federated Learning (FL) to collaboratively train a decentralized shared model of IDS, without exposing training data to others. Furthermore, we propose an effective method called Federated Learning Ensemble Knowledge Distillation (FLEKD) to mitigate the heterogeneity problems across various clients. FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results on the public dataset CICIDS2019 demonstrate that the proposed approach outperforms local training and traditional FL in terms of both speed and performance and significantly improves the system's ability to detect unknown attacks. Finally, we evaluate our proposed framework's performance in three potential real-world scenarios and show FLEKD has a clear advantage in experimental results.

Cryptography and Security

Yantian Luo,Xu Chen,Hancun Sun,Xiangling Li,Ning Ge,Wei Feng,Jianhua Lu

DOI: https://doi.org/10.1109/ojcoms.2024.3365976

2024-01-01

IEEE Open Journal of the Communications Society

Abstract:Malicious traffic has posed a significant threat to current 5G networks. In the upcoming 6G era, with the rapid development of the Internet of Things (IoT), defending against malicious traffic has become even more challenging due to the diverse nature and widespread distribution of IoT devices. This paper presents a new distributed framework for detecting malicious traffic on the access side of the IoT. This framework shifts the line of defense forward, and could alleviate the resource-bottleneck problem of traditional detectors that are usually deployed at the victim side. In particular, we devise a transformer-based neural network, which is tailored for distributed malicious traffic detection at multiple detection points. Additionally, we develop a personalized federated learning-based collaborative algorithm to enable horizontal collaboration among multiple detection points by sharing neural network parameters. Different from the traditional federated learning framework which trains a high-precision global model, our proposed framework fully considers the differences in the distribution of IoT traffic at the entrance, and uses local traffic data to train personalized models with better local detection performance on the basis of the global model. The experimental results demonstrate that our approach achieves an average detection accuracy of 99.2% and an F1-score of 99.2% for all detection points using the N-BaIoT dataset. In comparison to methods lacking collaboration, our approach exhibits significant improvements in terms of accuracy, precision, recall, and F1-score. Moreover, our detection performance is comparable to that of centralized learning frameworks, despite sharing only the model parameters.

Umesh Kumar Lilhore,Surjeet Dalal,Sarita Simaiya

DOI: https://doi.org/10.1016/j.cose.2023.103560

IF: 5.105

2024-01-01

Computers & Security

Abstract:The fast growth of Internet of Things (IoT) gadgets and 5G networks has increased linkage and accessibility. However, growing interconnectivity poses new threat levels in these environments, making intrusion detection critical. In this article, we introduce a novel security framework that centres on deep learning and is tailored to support the particular risks posed by IoT channels and 5G networks. Deep neural networks are used in our proposed framework to effectively analyze network activity patterns and recognize any possible breaches in real-time communication. Deep learning autonomously learns complicated features and patterns, facilitating the proposed model's adaptability to changing threat vectors and traffic features. This research proposed a Hybrid model using enhanced light-weight CNNs architecture (MobileNetV3-SVM) and Transfer learning (TL) for intrusion detection in 5G communication. The proposed model utilizes the advantages of a multi-layered structure, which enables it to acquire knowledge from raw network information hierarchically. It provides the ability to distinguish between authentic and malicious behaviour efficiently. We have implemented several cutting-edge strategies to maximize the effectiveness of intrusion detection in environments characterized by limited availability of resources, such as those associated with the IoT and high-speed 5G networks. The proposed hybrid model processes network packets in real-time using light-weight MobileNet, reducing the computational overhead and making it suitable for IoT and 5G edge devices. In the proposed model, a MobileNetV3-SVM auto-classifies the network's intrusion images, enhancing the overall accuracy. In addition, to address the issue of limited labelled data in dynamic and constantly changing systems, we use a transfer learning strategy to deal with this issue. The proposed hybrid model and existing CNN- architectures, i.e., VGG-16, VGG-19, Efficient-Net and Inception-Net, are tested on CICIDS-2017, 2018 and UNSW-NB15 IoT 5G security datasets. During the experimental assessment, we demonstrated the strength of the proposed model by simulating a wide range of network settings and intrusion scenarios. Experimental findings show considerable improvements by the proposed hybrid model in accuracy, precision, false positive rates, Matthew's Correlation Coefficient (MCC) and AUC-ROC over existing approaches.

computer science, information systems

Mohammed Albishari,Mingchu Li,Majid Ayoubi,Ala Alsanabani,Jiyu Tian

DOI: https://doi.org/10.1016/j.comnet.2024.110837

2024-01-01

Abstract:With the rapid spread of the Internet of Things (IoT), smart applications and services become increasingly crucial, making them an easily accessible source of personally identifiable information. Over the last few years, the use of machine learning in securing routing layers, particularly routing protocol for low-power and lossy networks (RPL), has become fundamental in ensuring successful routing and privacy preservation as a crucial consideration among edge nodes. In recent works, training of collected data on a central server has increased concerns regarding data privacy. Consequently, decentralized learning is currently a solution for privacy preservation. It has gained popularity in IoT networks in which the models are trained on hybrid data located in edge nodes and enable global decision-making without sharing global data, causing high communication costs during weight updates. We propose a federated learning of routing protocol (Fed-RPL)-based gated recurrent unit (GRU) model for decentralized training rounds and quantization method (Q-8bit) to decrease the number of weight updates that can significantly mitigate the communication overhead and maintain the local model with high accuracy. Meanwhile, the ensemble unit aggregates the updates and selects the best local model to enhance the global model accuracy. Our experiments show that Fed-RPL outperforms classical machine learning (ML) methods in privacy-preserving edge data, significantly reduces the communication cost in non-IID scenarios, and achieves higher detection accuracy than recent FL approaches.

Abhishek Sebastian,Pragna R,Sudhakaran G,Renjith P N,Leela Karthikeyan H

2023-11-23

Abstract:Federated learning is a technique of decentralized machine learning. that allows multiple parties to collaborate and learn a shared model without sharing their raw data. Our paper proposes a federated learning framework for intrusion detection in Internet of Vehicles (IOVs) using the CIC-IDS 2017 dataset. The proposed framework employs SMOTE for handling class imbalance, outlier detection for identifying and removing abnormal observations, and hyperparameter tuning to optimize the model's performance. The authors evaluated the proposed framework using various performance metrics and demonstrated its effectiveness in detecting intrusions with other datasets (KDD-Cup 99 and UNSW- NB-15) and conventional classifiers. Furthermore, the proposed framework can protect sensitive data while achieving high intrusion detection performance.

Cryptography and Security,Artificial Intelligence,Machine Learning

Xiuzhen Chen,Weicheng Qiu,Lixing Chen,Yinghua Ma,Jin Ma

DOI: https://doi.org/10.1016/j.cose.2024.103881

IF: 5.105

2024-01-01

Computers & Security

Abstract:VANET facilitates communication between vehicles and roadside units, thereby enhancing traffic safety and efficiency. However, it also introduces several attack vectors, compromising security and privacy. To enhance the practicality and precision of existing VANET intrusion detection systems, we propose a novel hybrid algorithm named VAN-IDS. This algorithm combines packet analysis and physical feature analysis. Temporal properties of packets are analyzed using Bi-LSTM, while physical attributes of vehicles are evaluated using LightGBM. Predictive outputs from both models are merged using the Dempster-Shafer theory. Data is collected from the F2MD simulation environment, and experiments are conducted to evaluate the efficacy of VAN-IDS. Results show that VAN-IDS achieves an accuracy exceeding 98.5% in detecting DoS and Sybil attacks, surpassing existing VANET IDSs and meeting real-time detection requirements. Federated learning is introduced, with VAN-FED-IDS designed to accelerate model training and updates, while protecting the privacy of the model and dataset. Roadside units (RSUs) serve as edge computing nodes for local model training, while cloud services aggregate models for collaborative training of detection algorithms. In these experiments, the open-source federated learning frameworks Flower and FedTree are used to assess communication overhead and training duration in both single-machine simulation and multi-machine deployment scenarios. This demonstrates the viability of federated learning, which can protect local data privacy, expedite model training and updates within the IDS, and maintain the original model’s detection accuracy.

Afnan A. Alharbi

DOI: https://doi.org/10.1007/s10207-023-00805-9

2024-01-10

International Journal of Information Security

Abstract:In the healthcare sector, cyberattack detection systems are crucial for ensuring the privacy of patient data and building trust in the increasingly connected world of medical devices and patient monitoring systems. In light of the increasing prevalence of Internet of Medical Things (IoMT) technologies, it is essential to establish an efficient intrusion detection system (IDS). IDSs are crucial for protecting patient data and ensuring medical device reliability. Federated learning (FL) has emerged as an effective technique for enhancing distributed cyberattack detection systems. By distributing the learning process across multiple IoMT gateways, FL-based IDS offers several benefits, such as improved detection accuracy, reduced network latency, and minimized data leakage. However, as client data may not exhibit a uniform independent and identically distributed (IID) pattern, the heterogeneity of data distribution poses a significant challenge in implementing FL-based IDS for IoMT applications. In this paper, we propose a collaborative learning framework for IDS in IoMT applications. Specifically, we introduce a Federated Transfer Learning (FTL) IDS that enables clients to obtain their personalized FL model while benefiting from the knowledge of other clients. Our methodology enables clients to obtain a personalized model that addresses the challenges posed by the heterogeneity of data distribution. The experimental results show that the proposed model achieves superior detection performance with 95–99% accuracy. Moreover, our model exhibits strong performance in identifying zero-day attacks.

computer science, information systems, theory & methods, software engineering

Mansi H. Bhavsar,Yohannes B. Bekele,Kaushik Roy,John C. Kelly,Daniel Limbrick

DOI: https://doi.org/10.1109/access.2024.3386631

IF: 3.9

2024-04-16

IEEE Access

Abstract:A federated learning-based intrusion detection system (FL-IDS) is introduced to enhance the security of vehicular networks in the context of IoT edge device implementations. The FL-IDS system protects data privacy by using local learning, in which devices share only model updates with an aggregation server. The server then generates an enhanced detection model. The FL-IDS system also incorporates a detection model (LR-IDS, PCC-CNN) based on machine learning (ML) and deep learning (DL) classifiers, namely logistic regression (LR) and convolution neural networks (CNN), to prevent attacks in transportation IoT environments. The proposed FL-IDS model uses embedded devices (such as Raspberry Pi for the client and Jetson Xavier for the server model). The real-time performance of the proposed IDS was evaluated using two different datasets, NSL-KDD and Car-Hacking. We deployed our IDS model on different architectures, testbed 1 (with 2 clients) and testbed 2 (with 4 clients). The model evaluation has been evaluated based on the accuracy, and loss parameters. The results show that the FL-IDS system outperforms traditional centralized learning with machine learning and deep learning approaches regarding accuracy (achieved overall 94% and 99%) and loss (achieved overall 0.28 and 0.009). These findings contribute to transportation IoT systems security by proposing a robust framework for enhancing the security and privacy of CAVs against cyber threats.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ghazaleh Shirvani,Saeid Ghasemshirazi,Mohammad Ali Alipour

2024-03-17

Abstract:The rapid proliferation of the Internet of Things (IoT) has ushered in transformative connectivity between physical devices and the digital realm. Nonetheless, the escalating threat of Distributed Denial of Service (DDoS) attacks jeopardizes the integrity and reliability of IoT networks. Conventional DDoS mitigation approaches are ill-equipped to handle the intricacies of IoT ecosystems, potentially compromising data privacy. This paper introduces an innovative strategy to bolster the security of IoT networks against DDoS attacks by harnessing the power of Federated Learning that allows multiple IoT devices or edge nodes to collaboratively build a global model while preserving data privacy and minimizing communication overhead. The research aims to investigate Federated Learning's effectiveness in detecting and mitigating DDoS attacks in IoT. Our proposed framework leverages IoT devices' collective intelligence for real-time attack detection without compromising sensitive data. This study proposes innovative deep autoencoder approaches for data dimensionality reduction, retraining, and partial selection to enhance the performance and stability of the proposed model. Additionally, two renowned aggregation algorithms, FedAvg and FedAvgM, are employed in this research. Various metrics, including true positive rate, false positive rate, and F1-score, are employed to evaluate the model. The dataset utilized in this research, N-BaIoT, exhibits non-IID data distribution, where data categories are distributed quite differently. The negative impact of these distribution disparities is managed by employing retraining and partial selection techniques, enhancing the final model's stability. Furthermore, evaluation results demonstrate that the FedAvgM aggregation algorithm outperforms FedAvg, indicating that in non-IID datasets, FedAvgM provides better stability and performance.

Cryptography and Security,Artificial Intelligence,Machine Learning

Jia Huang,Zhen Chen,Sheng-Zheng Liu,Hao Zhang,Hai-Xia Long

DOI: https://doi.org/10.3390/s24124002

IF: 3.9

2024-06-20

Sensors

Abstract:The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Shakil Ibne Ahsan,Phil Legg,S M Iftekharul Alam

2024-01-17

Abstract:The absence of robust security protocols renders the VANET (Vehicle ad-hoc Networks) network open to cyber threats by compromising passengers and road safety. Intrusion Detection Systems (IDS) are widely employed to detect network security threats. With vehicles' high mobility on the road and diverse environments, VANETs devise ever-changing network topologies, lack privacy and security, and have limited bandwidth efficiency. The absence of privacy precautions, End-to-End Encryption methods, and Local Data Processing systems in VANET also present many privacy and security difficulties. So, assessing whether a novel real-time processing IDS approach can be utilized for this emerging technology is crucial. The present study introduces a novel approach for intrusion detection using Federated Learning (FL) capabilities in conjunction with the BERT model for sequence classification (FL-BERT). The significance of data privacy is duly recognized. According to FL methodology, each client has its own local model and dataset. They train their models locally and then send the model's weights to the server. After aggregation, the server aggregates the weights from all clients to update a global model. After aggregation, the global model's weights are shared with the clients. This practice guarantees the secure storage of sensitive raw data on individual clients' devices, effectively protecting privacy. After conducting the federated learning procedure, we assessed our models' performance using a separate test dataset. The FL-BERT technique has yielded promising results, opening avenues for further investigation in this particular area of research. We reached the result of our approaches by comparing existing research works and found that FL-BERT is more effective for privacy and security concerns. Our results suggest that FL-BERT is a promising technique for enhancing attack detection.

Cryptography and Security

Othmane Friha,Mohamed Amine Ferrag,Lei Shu,Leandros Maglaras,Kim-Kwang Raymond Choo,Mehdi Nafaa

DOI: https://doi.org/10.1016/j.jpdc.2022.03.003

IF: 4.542

2022-01-01

Journal of Parallel and Distributed Computing

Abstract:In this paper, we propose a federated learning-based intrusion detection system, named FELIDS, for securing agricultural-IoT infrastructures. Specifically, the FELIDS system protects data privacy through local learning, where devices benefit from the knowledge of their peers by sharing only updates from their model with an aggregation server that produces an improved detection model. In order to prevent Agricultural IoTs attacks, the FELIDS system employs three deep learning classifiers, namely, deep neural networks, convolutional neural networks, and recurrent neural networks. We study the performance of the proposed IDS on three different sources, including, CSE-CIC-IDS2018, MQTTset, and InSDN. The results demonstrate that the FELIDS system outperforms the classic/centralized versions of machine learning (non-federated learning) in protecting the privacy of IoT devices data and achieves the highest accuracy in detecting attacks.