Yunhui Wang,Weichu Zheng,Zifei Liu,Jinyan Wang,Hongjian Shi,Mingyu Gu,Yicheng Di

DOI: https://doi.org/10.3390/electronics12194049

IF: 2.9

2023-09-27

Electronics

Abstract:The rapid development of cloud–fog–edge computing and mobile devices has led to massive amounts of data being generated. Also, artificial intelligence technology, like machine learning and deep learning, is widely used to mine the value of the data. Specifically, detecting attacks on the cloud–fog–edge computing system using mobile devices is essential. External attacks on network press organizations led to anomaly flow in network traffic. The network intrusion detection system (NIDS) has been an effective method for detecting anomaly flow. However, the NIDS is hard to deploy in distributed networks because network flow data are kept private. Existing methods cannot obtain an accurate NIDS under such a federated scenario. To construct an NIDS while preserving data privacy, we propose a combined model that integrates binary classifiers into a whole network based on simple classifier networks to specify the type of attack on anomalous data and offer instruction to other security system components. We also introduce federated learning (FL) methods into our system and design a new aggregation algorithm named vertical blocking aggregation (FedVB) according to our model structure. Our experiments demonstrate that our system can be more effective than simple multi-classifiers in terms of accuracy and significantly reduce communication and computation overhead when applying FedVB.

engineering, electrical & electronic,computer science, information systems,physics, applied

Jiyuan Shen,Wenzhuo Yang,Zhaowei Chu,Jiani Fan,Dusit Niyato,Kwok-Yan Lam

2024-01-22

Abstract:With the rapid development of low-cost consumer electronics and cloud computing, Internet-of-Things (IoT) devices are widely adopted for supporting next-generation distributed systems such as smart cities and industrial control systems. IoT devices are often susceptible to cyber attacks due to their open deployment environment and limited computing capabilities for stringent security controls. Hence, Intrusion Detection Systems (IDS) have emerged as one of the effective ways of securing IoT networks by monitoring and detecting abnormal activities. However, existing IDS approaches rely on centralized servers to generate behaviour profiles and detect anomalies, causing high response time and large operational costs due to communication overhead. Besides, sharing of behaviour data in an open and distributed IoT network environment may violate on-device privacy requirements. Additionally, various IoT devices tend to capture heterogeneous data, which complicates the training of behaviour models. In this paper, we introduce Federated Learning (FL) to collaboratively train a decentralized shared model of IDS, without exposing training data to others. Furthermore, we propose an effective method called Federated Learning Ensemble Knowledge Distillation (FLEKD) to mitigate the heterogeneity problems across various clients. FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results on the public dataset CICIDS2019 demonstrate that the proposed approach outperforms local training and traditional FL in terms of both speed and performance and significantly improves the system's ability to detect unknown attacks. Finally, we evaluate our proposed framework's performance in three potential real-world scenarios and show FLEKD has a clear advantage in experimental results.

Cryptography and Security

Jia Huang,Zhen Chen,Sheng-Zheng Liu,Hao Zhang,Hai-Xia Long

DOI: https://doi.org/10.3390/s24124002

IF: 3.9

2024-06-20

Sensors

Abstract:The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Nanda, Ashok Kumar,Sankar, S.,Cheerla, Sreevardhan

DOI: https://doi.org/10.1007/s11277-023-10852-z

IF: 2.017

2024-02-05

Wireless Personal Communications

Abstract:Important information needs to be sent over the Internet safely. Real-time data is mixed with harmful information, lowering the quality of communication and the system's overall performance. A network intruder detection system is software that examines all incoming and outgoing network packets to detect malicious events. Federated learning (FL) is a way to put artificial intelligence at the cutting edge. It is a way to solve problems that is not centralized and lets people learn from significant amounts of data. Deep learning (DL) methods have often been used to find harmful data in host intrusion detection systems (HIDS) that look for unusual behavior. The FL architecture allows multiple users to train a global model while respecting the privacy of each user's data, making DL-based methods more useful. But there has yet to be a complete analysis of how well FL-based HIDSs protect against known privacy threats with the already in-place defenses. To solve this problem, we offer two privacy assessment measures for FL-based HIDSs, including a privacy score that rates how close the original and restored traffic attributes are. The CICIDS2017 dataset, which includes several attacks from the present day, was used to make the real-time model. In addition, an adaptive threshold-correlation algorithm (ATCA) is presented to enhance detection accuracy by dynamically adjusting threshold values according to traffic patterns and intrusion behaviors. The FL-HIDS framework was created and tested using a realistic network dataset. Experiment results show that the suggested technique outperforms existing intrusion detection systems regarding detection precision and scalability. The federated learning strategy effectively leverages the collective intelligence of network devices, enabling continuous learning and adaptation to emergent attack strategies. Furthermore, the adaptive threshold technique considerably reduces the rate of false positive and false negative detection, boosting the intrusion detection system's overall effectiveness. The proposed architecture solves previous centralized solutions' shortcomings by providing a scalable, privacy-preserving method for defending network environments against expanding invasion threats.

telecommunications

Ningxin He,Zehui Zhang,Xiaotian Wang,Tiegang Gao

DOI: https://doi.org/10.1155/2023/2956990

IF: 8.993

2023-01-01

International Journal of Intelligent Systems

Abstract:Intrusion detection systems play a very important role in industrial Internet network security. However, in the large-scale, complex, and heterogeneous industrial Internet of Things (IoT), it is becoming more and more difficult to defend network intrusion threats due to the insufficiency of high-quality attack samples. To solve the problem, an efficient federated network intrusion method called EFedID is proposed for industrial IoT, which can allow different industrial agents to collaboratively train a comprehensive detection model. Specifically, the adaptive gradient sparsification method is introduced to alleviate the communication and computation overheads. To protect the data privacy of the agents, a CKKS cryptosystem-based secure communication protocol is designed to encrypt the model parameters through the federated training process. Our proposed system demonstrates exceptional detection performance on the NSL-KDD, KDD CUP 99, and CICIDS 2017 datasets. Notably, on the NSL-KDD dataset, the model compression rate reaches 9 times while the model accuracy reaches 84.31%. On the KDD CUP 99 dataset, the model compression rate reaches 8.9 times while the model accuracy reaches 97.3%. Lastly, on the CICIDS 2017 dataset, the model compression rate reached 6.173 times while the model accuracy reached 95.51%. The experimental results demonstrate that the proposed method is very suitable for effectively developing a high-accuracy detection model while protecting the data information of industrial agents. Furthermore, the method can be extended to other recent deep learning networks for intrusion detection.

Tian Dong,Song Li,Han Qiu,Jialiang Lu

DOI: https://doi.org/10.48550/arXiv.2201.03134

2022-01-10

Cryptography and Security

Abstract:Learning-based Network Intrusion Detection Systems (NIDSs) are widely deployed for defending various cyberattacks. Existing learning-based NIDS mainly uses Neural Network (NN) as a classifier that relies on the quality and quantity of cyberattack data. Such NN-based approaches are also hard to interpret for improving efficiency and scalability. In this paper, we design a new local-global computation paradigm, FEDFOREST, a novel learning-based NIDS by combining the interpretable Gradient Boosting Decision Tree (GBDT) and Federated Learning (FL) framework. Specifically, FEDFOREST is composed of multiple clients that extract local cyberattack data features for the server to train models and detect intrusions. A privacy-enhanced technology is also proposed in FEDFOREST to further defeat the privacy of the FL systems. Extensive experiments on 4 cyberattack datasets of different tasks demonstrate that FEDFOREST is effective, efficient, interpretable, and extendable. FEDFOREST ranks first in the collaborative learning and cybersecurity competition 2021 for Chinese college students.

Othmane Belarbi,Theodoros Spyridopoulos,Eirini Anthi,Ioannis Mavromatis,Pietro Carnelli,Aftab Khan

2023-08-05

Abstract:The vast increase of Internet of Things (IoT) technologies and the ever-evolving attack vectors have increased cyber-security risks dramatically. A common approach to implementing AI-based Intrusion Detection systems (IDSs) in distributed IoT systems is in a centralised manner. However, this approach may violate data privacy and prohibit IDS scalability. Therefore, intrusion detection solutions in IoT ecosystems need to move towards a decentralised direction. Federated Learning (FL) has attracted significant interest in recent years due to its ability to perform collaborative learning while preserving data confidentiality and locality. Nevertheless, most FL-based IDS for IoT systems are designed under unrealistic data distribution conditions. To that end, we design an experiment representative of the real world and evaluate the performance of an FL-based IDS. For our experiments, we rely on TON-IoT, a realistic IoT network traffic dataset, associating each IP address with a single FL client. Additionally, we explore pre-training and investigate various aggregation methods to mitigate the impact of data heterogeneity. Lastly, we benchmark our approach against a centralised solution. The comparison shows that the heterogeneous nature of the data has a considerable negative impact on the model's performance when trained in a distributed manner. However, in the case of a pre-trained initial global FL model, we demonstrate a performance improvement of over 20% (F1-score) compared to a randomly initiated global model.

Cryptography and Security,Machine Learning

Syeda Aunanya Mahmud,Nazmul Islam,Zahidul Islam,Ziaur Rahman,Sk. Tanzir Mehedi

DOI: https://doi.org/10.3390/math12203194

IF: 2.4

2024-10-13

Mathematics

Abstract:The Internet of Things (IoT) has revolutionized various industries, but the increased dependence on all kinds of IoT devices and the sensitive nature of the data accumulated by them pose a formidable threat to privacy and security. While traditional IDSs have been effective in securing critical infrastructures, the centralized nature of these systems raises serious data privacy concerns as sensitive information is sent to a central server for analysis. This research paper introduces a Federated Learning (FL) approach designed for detecting intrusions in diverse IoT networks to address the issue of data privacy by ensuring that sensitive information is kept in the individual IoT devices during model training. Our framework utilizes the Federated Averaging (FedAvg) algorithm, which aggregates model weights from distributed devices to refine the global model iteratively. The proposed model manages to achieve above 90% accuracies across various metrics, including precision, recall, and F1 score, while maintaining low computational demands. The results show that the proposed system successfully identifies various types of cyberattacks, including Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), data injection, ransomware, and several others, showcasing its robustness. This research makes a great advancement to the IDSs by providing an efficient and reliable solution that is more scalable and privacy friendly than any of the existing models.

mathematics

Shahriar Usman Khan,Fariha Eusufzai,Saifur Rahman Sabuj,Mahmoud Elsharief,Md Mamunur Rashid,Md. Azharuddin Redwan

DOI: https://doi.org/10.3390/network3010008

2023-01-30

Network

Abstract:The Internet of Things (IoT) is a network of electrical devices that are connected to the Internet wirelessly. This group of devices generates a large amount of data with information about users, which makes the whole system sensitive and prone to malicious attacks eventually. The rapidly growing IoT-connected devices under a centralized ML system could threaten data privacy. The popular centralized machine learning (ML)-assisted approaches are difficult to apply due to their requirement of enormous amounts of data in a central entity. Owing to the growing distribution of data over numerous networks of connected devices, decentralized ML solutions are needed. In this paper, we propose a Federated Learning (FL) method for detecting unwanted intrusions to guarantee the protection of IoT networks. This method ensures privacy and security by federated training of local IoT device data. Local IoT clients share only parameter updates with a central global server, which aggregates them and distributes an improved detection algorithm. After each round of FL training, each of the IoT clients receives an updated model from the global server and trains their local dataset, where IoT devices can keep their own privacy intact while optimizing the overall model. To evaluate the efficiency of the proposed method, we conducted exhaustive experiments on a new dataset named Edge-IIoTset. The performance evaluation demonstrates the reliability and effectiveness of the proposed intrusion detection model by achieving an accuracy (92.49%) close to that offered by the conventional centralized ML models’ accuracy (93.92%) using the FL method.

Ahmad Almadhor,Ali Altalbe,Imen Bouazzi,Abdullah Al Hejaili,Natalia Kryvinska

DOI: https://doi.org/10.1038/s41598-024-76016-6

IF: 4.6

2024-10-18

Scientific Reports

Abstract:Due to the rising use of the Internet of Things (IoT), the connectivity of networks increases the risk of Distributed Denial of Service (DDoS) attacks. Decentralized systems commonly used in centralized security systems fail to adequately prevent potential cyber threats in IoT because of the issues of privacy and scaling. The method proposed in this study seeks to remedy these facts by employing Explainable Artificial Intelligence (XAI) together with Federated Deep Neural Networks (FDNNs) to detect and prevent DDoS attacks. Our approach is thus to use federated learning models that are to be trained on distributed and dissimilar sources of data without compromising on the privacy aspect. FDNNs were trained over three rounds with information from three client gadgets incorporating pre-processed datasets of various types of DDoS attacks. Additionally, for feature selection, we integrated XGBoost with SHapley Additive exPlanations (SHAP) to improve model interpretability. The proposed solution can be considered to be quite robust, privacy-preserving, and highly scalable for the detection of DDoS attacks on the IoT network. The results shown on the server side indicate that this approach accurately detects 99.78% of DDoS attacks with a precision rate as high as 99.80%, recall rate (detection rate) going up to 99.74% and F1 score reaching 99.76%. They emphasize that FL-based IDSs are strong enough to cope with cybersecurity challenges in IoT, thus offering hope for securing modern network infrastructures against ever-growing cyber threats.

multidisciplinary sciences

Ruijie Zhao,Guan Gui,Zhi Xue,Jie Yin,Tomoaki Ohtsuki,Bamidele Adebisi,Haris Gacanin

DOI: https://doi.org/10.1109/jiot.2021.3119055

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The purpose of a network intrusion detection (NID) is to detect intrusions in the network, which plays a critical role in ensuring the security of the Internet of Things (IoT). Recently, deep learning (DL) has achieved a great success in the field of intrusion detection. However, the limited computing capabilities and storage of IoT devices hinder the actual deployment of DL-based high-complexity models. In this article, we propose a novel NID method for IoT based on the lightweight deep neural network (LNN). In the data preprocessing stage, to avoid high-dimensional raw traffic features leading to high model complexity, we use the principal component analysis (PCA) algorithm to achieve feature dimensionality reduction. Besides, our classifier uses the expansion and compression structure, the inverse residual structure, and the channel shuffle operation to achieve effective feature extraction with low computational cost. For the multiclassification task, we adopt the NID loss that acts as a better loss function to replace the standard cross-entropy loss for dealing with the problem of uneven distribution of samples. The results of experiments on two real-world NID data sets demonstrate that our method has excellent classification performance with low model complexity and small model size, and it is suitable for classifying the IoT traffic of normal and attack scenarios.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mansi Sahi,Nitin Auluck,Akramul Azim,Md Al Maruf

DOI: https://doi.org/10.1002/spe.3338

2024-05-02

Software Practice and Experience

Abstract:The Internet of Things (IoT) has gained widespread importance in recent time. However, the related issues of security and privacy persist in such IoT networks. Owing to device limitations in terms of computational power and storage, standard protection approaches cannot be deployed. In this article, we propose a lightweight distributed intrusion detection system (IDS) framework, called FCAFE‐BNET (Fog based Context Aware Feature Extraction using BranchyNET). The proposed FCAFE‐BNET approach considers versatile network conditions, such as varying bandwidths and data loads, while allocating inference tasks to cloud/edge resources. FCAFE‐BNET is able to adjust to dynamic network conditions. This can be advantageous for applications with particular quality of service requirements, such as video streaming or real‐time communication, ensuring a steady and reliable performance. Early exit deep neural networks (DNNs) have been employed for faster inference generation at the edge. Often, the weights that the model learns in the initial layer may be sufficiently qualified to perform the required classification tasks. Instead of using subsequent layers of DNNs for generating the inference, we have employed the early‐exit mechanism in the DNNs. Such DNNs help to predict a wide range of testing samples through these early‐exit branches, upon crossing a threshold. This method maintains the confidence values corresponding to the inference. Employing this approach, we achieved a faster inference, with significantly high accuracy. Comparative studies exploit manual feature extraction techniques, that can potentially overlook certain valuable patterns, thus degrading classification performance. The proposed framework converts textual/tabular data into 2‐D images, allowing the DNN model to autonomously learns its own features. This conversion scheme facilitated the identification of various intrusion types, ranging from 5 to 14 different categories. FCAFE‐BNET works for both network‐based and host‐based IDS: NIDS and HIDS. Our experiments demonstrate that, in comparison with recent approaches, FCAFE‐BNET achieves a 39.12%–50.23% reduction in the total inference time on benchmark real‐world datasets, such as: NSL‐KDD, UNSW‐NB 15, ToN_IoT, and ADFA_LD.

computer science, software engineering

Xiaofeng Wang,Yonghong Wang,Zahra Javaheri,Laila Almutairi,Navid Moghadamnejad,Osama S. Younes

DOI: https://doi.org/10.1016/j.compeleceng.2023.108651

2023-03-24

Abstract:Privacy has emerged as a top worry as a result of the development of zero-day hacks because IoT devices produce and transmit sensitive information through the regular internet. This study suggests a deep neural network (DNN) and federated learning (FL) for an IoT network as well as mutual information (MI) for an effective anomaly detection method. The suggested method is different from the conventional model by use of decentralized on-device data to spot IoT network incursions. The information is kept on localized IoT devices for model training and only modified weights are shared in the centralized FL server is an advantage of integrating FL with Deep learning (DL). It uses the IoT-Botnet 2020 dataset for evaluation. Results demonstrate the efficiency of the DNN-based network intrusion detection system (NIDS) in comparison to the deep learning models with improvement in the accuracy of the model and a reduction in the False Alarm rate (FAR).

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Xiao Zhang,Youhuai Wang,Yong Cai,Yuxiong He,Xiaoming Chen,Shi Jin

DOI: https://doi.org/10.1109/icnisc57059.2022.00093

2022-01-01

Abstract:The Internet of Things has been integrated into every aspect of our modern life, intelligent IoT services and applications are booming, and massive amounts of data are generated every day, many of which contain private information. However, due to limited resources and limited computing power, IoT networks are vulnerable to various types of attacks. Therefore, it is crucial to protect the IoT network from adversarial attacks. In today's technology, applying deep learning to classify traffic is a very effective method. It also brings a problem. In a general cloud server architecture, training data needs to be transmitted to the cloud for processing and model training. The massive data transmission overhead will bring delays in transmission and response, as well as privacy leakage issues. Federated learning (FL) based on cloud-edge collaborative networks has received considerable attention, an emerging framework for training deep learning models from decentralized data. The system sends deep learning algorithms to all edges (data sources) at the same time, trains partial models at each edge, and aggregates these partial models into a learned overall model. User information is not uploaded to the cloud during the entire process. This paper adopts the federated learning framework to detect and classify network traffic attacks, and effectively protect user privacy data.

Ruijie Zhao,Yijun Wang,Zhi Xue,Tomoaki Ohtsuki,Bamidele Adebisi,Guan Gui

DOI: https://doi.org/10.1109/jiot.2022.3175918

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) has become an increasingly popular solution for intrusion detection to avoid data privacy leakage in Internet of Things (IoT) edge devices. Existing FL-based intrusion detection methods, however, suffer from three limitations: 1) model parameters transmitted in each round may be used to recover private data, which leads to security risks; 2) not independent and identically distributed (non-IID) private data seriously adversely affect the training of FL (especially distillation-based FL); and 3) high communication overhead caused by the large model size greatly hinders the actual deployment of the solution. To address these problems, this article develops an intrusion detection method based on a semisupervised FL scheme via knowledge distillation. First, our proposed method leverages unlabeled data via distillation method to enhance the classifier performance. Second, we build a model based on convolutional neural networks (CNNs) for extracting deep features of the traffic packets, and take this model as both the classifier network and discriminator network. Third, the discriminator is designed to improve the quality of each client's predicted labels, and to avoid the failure of distillation training caused by a large number of incorrect predictions under private non-IID data. Moreover, the combination of the hard-label strategy and voting mechanism further reduces communication overhead. The experiments on the real-world traffic data set with three non-IID scenarios show that our proposed method can achieve better detection performance as well as lower communication overhead than state-of-the-art methods.

Qi Zhou,Chun Shi

DOI: https://doi.org/10.4018/ijswis.335495

2024-01-07

International Journal on Semantic Web and Information Systems

Abstract:Under the premise of ensuring data privacy, traditional network intrusion detection (NID) methods cannot achieve high accuracy for different types of intrusions. A NID method combining transformer and federated learning (FedL) is proposed for this purpose. First, a multi-party collaborative learning framework was built based on FedL, which achieved data exchange and sharing. Then, by introducing the self-attention mechanism (AttM) to improve the traditional transformer, it could quickly converge. Finally, an NID model integrating transformer and FedL was constructed by combining DNN, GRU, and an encoder module composed of improved transformer, achieving accurate detection of network intrusion. The proposed NID method was compared with the other three methods. The results show that the proposed method has the highest NID accuracy and F1 score on the NSL-KDD and UNSW-NB15 dataset, with the highest accuracy reaching 99.65% and 89.25%, while the F1 score has the highest accuracy, reaching 99.45% and 88.13%, outperforming the other three comparative algorithms in terms of performance.

computer science, information systems, artificial intelligence

Jianhua Li,Lingjuan Lyu,Ximeng Liu,Xuyun Zhang,Xixiang Lyu

DOI: https://doi.org/10.1109/TII.2021.3088938

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Due to resource constraints and working surroundings, many IIoT nodes are easily hacked and turn into zombies from which to launch attacks. It is challenging to detect such networked zombies rooted behind the Internet for any individual defender. In this article, we combine federated learning (FL) and fog/edge computing to combat malicious codes. Our protocol trains a global optimized model based on distributed datasets of collaborators while removing the data and communication constraints. The FL-based detection protocol maximizes the values of distributed data samples, resulting in an accurate model timely. On top of the protocol, we place mitigation intelligence in a distributed and collaborative manner. Our approach improves accuracy, eliminates mitigation time, and enlarges attackers' expense within a defense alliance. Comprehensive evaluations confirm that the cost incurred is 2.7 times larger, the mitigation response time is 72% lower, and the accuracy is 47% higher on average. Besides, the protocol evaluation shows the detection accuracy is approximately 98% in the FL, which is almost the same as centralized training.

Yaser Alhasawi,Salem Alghamdi

DOI: https://doi.org/10.1109/access.2024.3378727

IF: 3.9

2024-03-27

IEEE Access

Abstract:In the ever-expanding domain of Internet of Things (IoT) networks, Distributed Denial of Service (DDoS) attacks represent a significant challenge, compromising the reliability of these systems. Traditional centralized detection methods struggle to cope effectively in the widespread and diverse environment of IoT, leading to the exploration of decentralized approaches. This study introduces a Federated Learning-based approach, named Federated Learning for Decentralized DDoS Attack Detection (FL-DAD), which utilizes Convolutional Neural Networks (CNN) to efficiently identify DDoS attacks at the source. Our approach prioritizes data privacy by processing data locally, thereby avoiding the need for central data collection, while enhancing detection efficiency. Evaluated using the comprehensive CICIDS2017 dataset and compared with conventional centralized detection methods, FL-DAD achieves superior performance, illustrating the potential of federated learning to enhance intrusion detection systems in large-scale IoT networks by balancing data security with analytical effectiveness.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ghazaleh Shirvani,Saeid Ghasemshirazi,Mohammad Ali Alipour

2024-03-17

Abstract:The rapid proliferation of the Internet of Things (IoT) has ushered in transformative connectivity between physical devices and the digital realm. Nonetheless, the escalating threat of Distributed Denial of Service (DDoS) attacks jeopardizes the integrity and reliability of IoT networks. Conventional DDoS mitigation approaches are ill-equipped to handle the intricacies of IoT ecosystems, potentially compromising data privacy. This paper introduces an innovative strategy to bolster the security of IoT networks against DDoS attacks by harnessing the power of Federated Learning that allows multiple IoT devices or edge nodes to collaboratively build a global model while preserving data privacy and minimizing communication overhead. The research aims to investigate Federated Learning's effectiveness in detecting and mitigating DDoS attacks in IoT. Our proposed framework leverages IoT devices' collective intelligence for real-time attack detection without compromising sensitive data. This study proposes innovative deep autoencoder approaches for data dimensionality reduction, retraining, and partial selection to enhance the performance and stability of the proposed model. Additionally, two renowned aggregation algorithms, FedAvg and FedAvgM, are employed in this research. Various metrics, including true positive rate, false positive rate, and F1-score, are employed to evaluate the model. The dataset utilized in this research, N-BaIoT, exhibits non-IID data distribution, where data categories are distributed quite differently. The negative impact of these distribution disparities is managed by employing retraining and partial selection techniques, enhancing the final model's stability. Furthermore, evaluation results demonstrate that the FedAvgM aggregation algorithm outperforms FedAvg, indicating that in non-IID datasets, FedAvgM provides better stability and performance.

Cryptography and Security,Artificial Intelligence,Machine Learning

Shahid Allah Bakhsh,Muhammad Almas Khan,Fawad Ahmed,Mohammed S. Alshehri,Hisham Ali,Jawad Ahmad

DOI: https://doi.org/10.1016/j.iot.2023.100936

IF: 5.711

2023-12-01

Internet of Things

Abstract:The rapid growth of the Internet of Things (IoT) has brought about a global concern for the security of interconnected devices and networks. This necessitates the use of efficient Intrusion Detection System (IDS) to mitigate cyber threats. Deep learning (DL) techniques provides a promising approach to effectively detect irregularities in network traffic, enhancing IoT network security and reducing cyber threats. In this paper, DL-based IDS is proposed using Feed Forward Neural Networks (FFNN), Long Short-Term Memory (LSTM), and Random Neural Networks (RandNN) to protect IoT networks from cyberattacks. Each DL model has its potential benefit as reported in this paper. For example, the FFNN can handle complex IoT network traffic patterns, while the LSTM is good in capturing long-term dependencies present in the network traffic. With its random connections and flexible dynamics, the RandNN model uses its data learning ability to adapt and learn from network data. These algorithms boost cybersecurity by enabling defense mechanisms against challenging cyber threats and ensuring the security of sensitive data as IoT networks expand. The proposed technique exhibits superior performance when compared with the current state-of-the-art DL-IDS using the CIC-IoT22 dataset. An accuracy of 99.93 % is achieved for the FFNN model, 99.85 % for the LSTM model, and 96.42 % for the RandNN model in detecting intrusion. Moreover, the models have the potential to enhance intrusion detection in IoT networks by generating swift responses to security problems in IoT networks.