Shahriar Usman Khan,Fariha Eusufzai,Saifur Rahman Sabuj,Mahmoud Elsharief,Md Mamunur Rashid,Md. Azharuddin Redwan

DOI: https://doi.org/10.3390/network3010008

2023-01-30

Network

Abstract:The Internet of Things (IoT) is a network of electrical devices that are connected to the Internet wirelessly. This group of devices generates a large amount of data with information about users, which makes the whole system sensitive and prone to malicious attacks eventually. The rapidly growing IoT-connected devices under a centralized ML system could threaten data privacy. The popular centralized machine learning (ML)-assisted approaches are difficult to apply due to their requirement of enormous amounts of data in a central entity. Owing to the growing distribution of data over numerous networks of connected devices, decentralized ML solutions are needed. In this paper, we propose a Federated Learning (FL) method for detecting unwanted intrusions to guarantee the protection of IoT networks. This method ensures privacy and security by federated training of local IoT device data. Local IoT clients share only parameter updates with a central global server, which aggregates them and distributes an improved detection algorithm. After each round of FL training, each of the IoT clients receives an updated model from the global server and trains their local dataset, where IoT devices can keep their own privacy intact while optimizing the overall model. To evaluate the efficiency of the proposed method, we conducted exhaustive experiments on a new dataset named Edge-IIoTset. The performance evaluation demonstrates the reliability and effectiveness of the proposed intrusion detection model by achieving an accuracy (92.49%) close to that offered by the conventional centralized ML models’ accuracy (93.92%) using the FL method.

Jia Huang,Zhen Chen,Sheng-Zheng Liu,Hao Zhang,Hai-Xia Long

DOI: https://doi.org/10.3390/s24124002

IF: 3.9

2024-06-20

Sensors

Abstract:The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Afnan A. Alharbi

DOI: https://doi.org/10.1007/s10207-023-00805-9

2024-01-10

International Journal of Information Security

Abstract:In the healthcare sector, cyberattack detection systems are crucial for ensuring the privacy of patient data and building trust in the increasingly connected world of medical devices and patient monitoring systems. In light of the increasing prevalence of Internet of Medical Things (IoMT) technologies, it is essential to establish an efficient intrusion detection system (IDS). IDSs are crucial for protecting patient data and ensuring medical device reliability. Federated learning (FL) has emerged as an effective technique for enhancing distributed cyberattack detection systems. By distributing the learning process across multiple IoMT gateways, FL-based IDS offers several benefits, such as improved detection accuracy, reduced network latency, and minimized data leakage. However, as client data may not exhibit a uniform independent and identically distributed (IID) pattern, the heterogeneity of data distribution poses a significant challenge in implementing FL-based IDS for IoMT applications. In this paper, we propose a collaborative learning framework for IDS in IoMT applications. Specifically, we introduce a Federated Transfer Learning (FTL) IDS that enables clients to obtain their personalized FL model while benefiting from the knowledge of other clients. Our methodology enables clients to obtain a personalized model that addresses the challenges posed by the heterogeneity of data distribution. The experimental results show that the proposed model achieves superior detection performance with 95–99% accuracy. Moreover, our model exhibits strong performance in identifying zero-day attacks.

computer science, information systems, theory & methods, software engineering

Othmane Belarbi,Theodoros Spyridopoulos,Eirini Anthi,Ioannis Mavromatis,Pietro Carnelli,Aftab Khan

2023-08-05

Abstract:The vast increase of Internet of Things (IoT) technologies and the ever-evolving attack vectors have increased cyber-security risks dramatically. A common approach to implementing AI-based Intrusion Detection systems (IDSs) in distributed IoT systems is in a centralised manner. However, this approach may violate data privacy and prohibit IDS scalability. Therefore, intrusion detection solutions in IoT ecosystems need to move towards a decentralised direction. Federated Learning (FL) has attracted significant interest in recent years due to its ability to perform collaborative learning while preserving data confidentiality and locality. Nevertheless, most FL-based IDS for IoT systems are designed under unrealistic data distribution conditions. To that end, we design an experiment representative of the real world and evaluate the performance of an FL-based IDS. For our experiments, we rely on TON-IoT, a realistic IoT network traffic dataset, associating each IP address with a single FL client. Additionally, we explore pre-training and investigate various aggregation methods to mitigate the impact of data heterogeneity. Lastly, we benchmark our approach against a centralised solution. The comparison shows that the heterogeneous nature of the data has a considerable negative impact on the model's performance when trained in a distributed manner. However, in the case of a pre-trained initial global FL model, we demonstrate a performance improvement of over 20% (F1-score) compared to a randomly initiated global model.

Cryptography and Security,Machine Learning

Lochana Telugu Rajesh,Tapadhir Das,Raj Mani Shukla,Shamik Sengupta

DOI: https://doi.org/10.48550/arXiv.2310.07354

IF: 14.4

2023-10-11

Artificial Intelligence

Abstract:The rapid growth in Internet of Things (IoT) technology has become an integral part of today's industries forming the Industrial IoT (IIoT) initiative, where industries are leveraging IoT to improve communication and connectivity via emerging solutions like data analytics and cloud computing. Unfortunately, the rapid use of IoT has made it an attractive target for cybercriminals. Therefore, protecting these systems is of utmost importance. In this paper, we propose a federated transfer learning (FTL) approach to perform IIoT network intrusion detection. As part of the research, we also propose a combinational neural network as the centerpiece for performing FTL. The proposed technique splits IoT data between the client and server devices to generate corresponding models, and the weights of the client models are combined to update the server model. Results showcase high performance for the FTL setup between iterations on both the IIoT clients and the server. Additionally, the proposed FTL setup achieves better overall performance than contemporary machine learning algorithms at performing network intrusion detection.

Dingde Jiang,Zhihao Wang,Ye Wang,Lizhuang Tan,Jian Wang,Peiying Zhang

DOI: https://doi.org/10.1109/jiot.2024.3406602

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Federated learning (FL) in Industrial IoT (IIoT) facilitates collaborative model training across distributed edge devices, ensuring data privacy and localized insights without centralized data aggregation. However, the networked parameter sharing mechanism in FL renders it vulnerable to exploitation by man-in-the-middle (MITM) attackers, potentially disrupting the model training process. To mitigate this threat, this article presents a novel blockchain-reinforced FL architecture aimed at enabling cooperative intrusion detection. Initially, FL is leveraged to aggregate all learned information from edge servers, thereby disseminating extracted attack characteristics to all participants through gradient sharing. Subsequently, a blockchain-based parameter verification scheme is introduced to safeguard against tampered local parameters affecting the global model. Clients record model parameters in smart contracts deployed on a private chain, and parameter servers verify parameter confidentiality before aggregation, ensuring only valid parameters are considered. Finally, extensive experiments are conducted using an edge IIoT cybersecurity data set comprising 61 features spanning ten protocol layers and five attacks targeting IIoT connectivity protocols. Simulation results demonstrate that the proposed scheme significantly enhances intrusion detection accuracy, achieving a threefold improvement when two-thirds of federated nodes are subjected to MITM attacks.

Sahaya Beni Prathiba,Yeshwanth Govindarajan,Vishal Pranav Amirtha Ganesan,Anirudh Ramachandran,Arikumar K. Selvaraj,Ali Kashif Bashir,Thippa Reddy Gadekallu

DOI: https://doi.org/10.1109/access.2024.3401039

IF: 3.9

2024-05-22

IEEE Access

Abstract:Ensuring robustness against adversarial attacks is imperative for Machine Learning (ML) systems within the critical infrastructures of the Industrial Internet of Things (IIoT). This paper addresses vulnerabilities in IIoT systems, particularly in distributed environments like Federated Learning (FL) by presenting a resilient framework - Secure Federated Learning (SFL) specifically designed to mitigate data and model poisoning, as well as Sybil attacks within these networks. Sybil attacks, involving the creation of multiple fake identities, and poisoning attacks significantly compromise the integrity and reliability of ML models in FL environments. Our SFL framework leverages a Digital Twin (DT) as a critical aggregation checkpoint to counteract data and model poisoning attacks in IIoT's distributed settings. The DT serves as a protective mechanism during the model update aggregation phase, substantially enhancing the system's resilience. To further secure IIoT infrastructures, SFL employs blockchain-based Non-Fungible Tokens (NFTs) to authenticate participant identities, effectively preventing Sybil attacks by ensuring traceability and accountability among distributed nodes. Experimental evaluation within IIoT scenarios demonstrates that SFL substantially enhances defensive capabilities, maintaining the integrity and robustness of model learning. Comparative results reveal that the SFL framework, when applied to IIoT federated environments, achieves a commendable 97% accuracy, outperforming conventional FL approaches. SFL also demonstrates a remarkable reduction in loss rate, recording just 0.07 compared to the 0.14 loss rate experienced by standard FL systems. These findings highlight the efficiency and applicability of the SFL framework in enhancing data security and traceability within the IIoT ecosystem.

computer science, information systems,telecommunications,engineering, electrical & electronic

Dinesh Chowdary Attota,Viraaji Mothukuri,Reza M. Parizi,Seyedamin Pouriyeh

DOI: https://doi.org/10.1109/access.2021.3107337

IF: 3.9

2021-01-01

IEEE Access

Abstract:The rise in popularity of Internet of Things (IoT) devices has attracted hackers to develop IoT-specific attacks. The microservice architecture of IoT devices relies on the Internet to provide their intended services. An unguarded IoT network makes inter-connected devices vulnerable to attacks. It will be a tedious and ineffective process to manually detect the attacks in the network, as the attackers frequently upgrade their attack strategies. Machine learning (ML)-assisted approaches have been proposed to build intrusion detection for cybersecurity automation in IoT networks. However, most such approaches focus on training an ML model using a single view of the dataset, which often fails to build insightful knowledge and understand each feature's impact on the ML model's decision-making ability. As such, the model training with a single view may result in an incomplete understanding of patterns in large feature-set datasets. Moreover, the current approaches are mainly designed in a centralized manner in which the raw data is transferred from the edge devices to the central server for training. This, in turn, may expose the data to all kinds of attacks without adhering to the privacy-preserving of data security. Multi-view learning has gained popularity for its ability to learn from different data views and deliver efficient performance with more distinguished predictions. This paper proposes a federated learning-based intrusion detection approach, called MV-FLID, that trains on multiple views of IoT network data in a decentralized format to detect, classify, and defend against attacks. The multi-view ensemble learning aspect helps in maximizing the learning efficiency of different classes of attacks. The Federated Learning (FL) aspect, wherein the device's data is not shared to the server, performs profile aggregation efficiently with the benefit of peer learning. Our evaluation results show that our propos-d approach has higher accuracy compared to the traditional non-FL centralized approach.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jiyuan Shen,Wenzhuo Yang,Zhaowei Chu,Jiani Fan,Dusit Niyato,Kwok-Yan Lam

2024-01-22

Abstract:With the rapid development of low-cost consumer electronics and cloud computing, Internet-of-Things (IoT) devices are widely adopted for supporting next-generation distributed systems such as smart cities and industrial control systems. IoT devices are often susceptible to cyber attacks due to their open deployment environment and limited computing capabilities for stringent security controls. Hence, Intrusion Detection Systems (IDS) have emerged as one of the effective ways of securing IoT networks by monitoring and detecting abnormal activities. However, existing IDS approaches rely on centralized servers to generate behaviour profiles and detect anomalies, causing high response time and large operational costs due to communication overhead. Besides, sharing of behaviour data in an open and distributed IoT network environment may violate on-device privacy requirements. Additionally, various IoT devices tend to capture heterogeneous data, which complicates the training of behaviour models. In this paper, we introduce Federated Learning (FL) to collaboratively train a decentralized shared model of IDS, without exposing training data to others. Furthermore, we propose an effective method called Federated Learning Ensemble Knowledge Distillation (FLEKD) to mitigate the heterogeneity problems across various clients. FLEKD enables a more flexible aggregation method than conventional model fusion techniques. Experiment results on the public dataset CICIDS2019 demonstrate that the proposed approach outperforms local training and traditional FL in terms of both speed and performance and significantly improves the system's ability to detect unknown attacks. Finally, we evaluate our proposed framework's performance in three potential real-world scenarios and show FLEKD has a clear advantage in experimental results.

Cryptography and Security

Jian Jin,Zhenzhen Jiao,Junsheng Mu,Wenzhe Lv,Yinan Tang,Tongtong Yuan

DOI: https://doi.org/10.1145/3615984.3616507

2023-01-01

Abstract:In Industry 4.0, with the increasing scale of data generated in IIoT, it is necessary for federated learning (FL) algorithms to process and analyze these data in real time, thereby quickly generating high-quality models for edge computing/intelligence. But there are still challenges on current FL frameworks in IIoT, such as difficult client management, prolonged communication delays, and compromised learning effectiveness induced by attacks. To address these challenges, we propose a new FL framework that integrates a digital identity module for user perception and authentication, a decentralized blockchain module for trustworthy FL, and an adaptive model sparsification algorithm for communication-assisted sensing FL. Our FL framework aims to conduct some sense tasks on image classification and sentiment analysis. The effectiveness of our proposed framework for IIoT is demonstrated through technical explanations and experimental results.

Syeda Aunanya Mahmud,Nazmul Islam,Zahidul Islam,Ziaur Rahman,Sk. Tanzir Mehedi

DOI: https://doi.org/10.3390/math12203194

IF: 2.4

2024-10-13

Mathematics

Abstract:The Internet of Things (IoT) has revolutionized various industries, but the increased dependence on all kinds of IoT devices and the sensitive nature of the data accumulated by them pose a formidable threat to privacy and security. While traditional IDSs have been effective in securing critical infrastructures, the centralized nature of these systems raises serious data privacy concerns as sensitive information is sent to a central server for analysis. This research paper introduces a Federated Learning (FL) approach designed for detecting intrusions in diverse IoT networks to address the issue of data privacy by ensuring that sensitive information is kept in the individual IoT devices during model training. Our framework utilizes the Federated Averaging (FedAvg) algorithm, which aggregates model weights from distributed devices to refine the global model iteratively. The proposed model manages to achieve above 90% accuracies across various metrics, including precision, recall, and F1 score, while maintaining low computational demands. The results show that the proposed system successfully identifies various types of cyberattacks, including Denial-of-Service (DoS), Distributed Denial-of-Service (DDoS), data injection, ransomware, and several others, showcasing its robustness. This research makes a great advancement to the IDSs by providing an efficient and reliable solution that is more scalable and privacy friendly than any of the existing models.

mathematics

Zhao Zhang,Yong Zhang,Hao Li,Shenbo Liu,Wei Chen,Zhigang Zhang,Lijun Tang

DOI: https://doi.org/10.1016/j.engappai.2024.108826

IF: 8

2024-01-01

Engineering Applications of Artificial Intelligence

Abstract:As a promising paradigm, Federated Learning (FL)-based distributed intrusion detection offers potent protection for the network security of Industrial Internet of Things (IIoT) systems. Nonetheless, the practical deployment of IIoT systems occurs in a highly-complex and dynamic distributed environment. The ever-growing and dynamically-evolving cyber attacks will render the FL-based intrusion detection model inefficient, since FL cannot gracefully learn from the dynamic traffic data streams to identify new attacks. To address this issue, we propose the evolutionary distributed intrusion detection system based on federated continual representation learning, designed to continually capture effective feature representations of emerging attacks from dynamic traffic data streams. Specifically, we develop the supervised contrastive loss and the global information-aware regularization loss to alleviate the catastrophic forgetting on the previously observed attacks and mitigate the data heterogeneity across clients. Besides, we propose the prototype variance-based memory update strategy to ensure the effective memory replay data. Extensive experimental results demonstrate our proposed method outperforms the state-of-the-art methods by 13.3%–31.5% in terms of average accuracy on a real energy intrusion detection dataset.

Nanda, Ashok Kumar,Sankar, S.,Cheerla, Sreevardhan

DOI: https://doi.org/10.1007/s11277-023-10852-z

IF: 2.017

2024-02-05

Wireless Personal Communications

Abstract:Important information needs to be sent over the Internet safely. Real-time data is mixed with harmful information, lowering the quality of communication and the system's overall performance. A network intruder detection system is software that examines all incoming and outgoing network packets to detect malicious events. Federated learning (FL) is a way to put artificial intelligence at the cutting edge. It is a way to solve problems that is not centralized and lets people learn from significant amounts of data. Deep learning (DL) methods have often been used to find harmful data in host intrusion detection systems (HIDS) that look for unusual behavior. The FL architecture allows multiple users to train a global model while respecting the privacy of each user's data, making DL-based methods more useful. But there has yet to be a complete analysis of how well FL-based HIDSs protect against known privacy threats with the already in-place defenses. To solve this problem, we offer two privacy assessment measures for FL-based HIDSs, including a privacy score that rates how close the original and restored traffic attributes are. The CICIDS2017 dataset, which includes several attacks from the present day, was used to make the real-time model. In addition, an adaptive threshold-correlation algorithm (ATCA) is presented to enhance detection accuracy by dynamically adjusting threshold values according to traffic patterns and intrusion behaviors. The FL-HIDS framework was created and tested using a realistic network dataset. Experiment results show that the suggested technique outperforms existing intrusion detection systems regarding detection precision and scalability. The federated learning strategy effectively leverages the collective intelligence of network devices, enabling continuous learning and adaptation to emergent attack strategies. Furthermore, the adaptive threshold technique considerably reduces the rate of false positive and false negative detection, boosting the intrusion detection system's overall effectiveness. The proposed architecture solves previous centralized solutions' shortcomings by providing a scalable, privacy-preserving method for defending network environments against expanding invasion threats.

telecommunications

Deepti Gupta,Shafika Showkat Moni,Ali Saman Tosun

2023-07-26

Abstract:In the present era of advanced technology, the Internet of Things (IoT) plays a crucial role in enabling smart connected environments. This includes various domains such as smart homes, smart healthcare, smart cities, smart vehicles, and many others.With ubiquitous smart connected devices and systems, a large amount of data associated with them is at a prime risk from malicious entities (e.g., users, devices, applications) in these systems. Innovative technologies, including cloud computing, Machine Learning (ML), and data analytics, support the development of anomaly detection models for the Vehicular Internet of Things (V-IoT), which encompasses collaborative automatic driving and enhanced transportation systems. However, traditional centralized anomaly detection models fail to provide better services for connected vehicles due to issues such as high latency, privacy leakage, performance overhead, and model drift. Recently, Federated Learning (FL) has gained significant recognition for its ability to address data privacy concerns in the IoT domain. Digital Twin (DT), proves beneficial in addressing uncertain crises and data security issues by creating a virtual replica that simulates various factors, including traffic trajectories, city policies, and vehicle utilization. However, the effectiveness of a V-IoT DT system heavily relies on the collection of long-term and high-quality data to make appropriate decisions. This paper introduces a Hierarchical Federated Learning (HFL) based anomaly detection model for V-IoT, aiming to enhance the accuracy of the model. Our proposed model integrates both DT and HFL approaches to create a comprehensive system for detecting malicious activities using an anomaly detection model. Additionally, real-world V-IoT use case scenarios are presented to demonstrate the application of the proposed model.

Cryptography and Security

Dinh C. Nguyen,Ming Ding,Pubudu N. Pathirana,Aruna Seneviratne,Jun Li,Dusit Niyato,H. Vincent Poor

DOI: https://doi.org/10.1109/mwc.001.2100102

IF: 12.777

2021-12-01

IEEE Wireless Communications

Abstract:The Industrial Internet of Things (IIoT) offers promising opportunities to revolutionize the operation of industrial systems and become a key enabler of future industries. Recently, artificial intelligence (AI) has been widely utilized for realizing intelligent IIoT applications where AI techniques require centralized data collection and processing. However, this is not always feasible in realistic scenarios due to the high scalability of modern IIoT networks and growing industrial data confidentiality. Federated Learning (FL), as an emerging collaborative AI approach, is particularly attractive for intelligent IIoT networks by coordinating multiple IIoT devices and machines to perform AI training at the network edge while helping protect user privacy and confidential business information. In this article, we provide a detailed overview and discussions of the emerging applications of FL in several key IIoT services and applications. A case study is also provided to demonstrate the feasibility of FL in IIoT. Finally, we highlight a range of interesting open research topics that need to be addressed for the full realization of FL-IIoT in future industries.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Mamoun Alazab,Swarna Priya RM,M Parimala,Praveen Kumar Reddy Maddikunta,Thippa Reddy Gadekallu,Quoc-Viet Pham,Parimala M

DOI: https://doi.org/10.1109/tii.2021.3119038

IF: 12.3

2022-05-01

IEEE Transactions on Industrial Informatics

Abstract:Federated learning (FL) is a recent development in artificial intelligence, which is typically based on the concept of decentralized data. As cyberattacks are frequently happening in the various applications deployed in real time, most industrialists are hesitating to move forward in adopting the technology of the Internet of Everything. This article aims to provide an extensive study on how FL could be utilized for providing better cybersecurity and prevent various cyberattacks in real time. We present an extensive survey of the various FL models currently developed by researchers for providing authentication, privacy, trust management, and attack detection. We also discuss few real-time use cases that have been deployed recently and how FL is adopted in them for preserving privacy of data and improving the performance of the system. Based on the study, we conclude this article with some prominent challenges and future directions on which the researchers can focus for adopting FL in real-time scenarios.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Vasiliki Kelli,Vasileios Argyriou,Thomas Lagkas,George Fragulis,Elisavet Grigoriou,Panagiotis Sarigiannidis

DOI: https://doi.org/10.3390/s21206743

IF: 3.9

2021-10-11

Sensors

Abstract:Internet of Things (IoT) is a concept adopted in nearly every aspect of human life, leading to an explosive utilization of intelligent devices. Notably, such solutions are especially integrated in the industrial sector, to allow the remote monitoring and control of critical infrastructure. Such global integration of IoT solutions has led to an expanded attack surface against IoT-enabled infrastructures. Artificial intelligence and machine learning have demonstrated their ability to resolve issues that would have been impossible or difficult to address otherwise; thus, such solutions are closely associated with securing IoT. Classical collaborative and distributed machine learning approaches are known to compromise sensitive information. In our paper, we demonstrate the creation of a network flow-based Intrusion Detection System (IDS) aiming to protecting critical infrastructures, stemming from the pairing of two machine learning techniques, namely, federated learning and active learning. The former is utilized for privately training models in federation, while the latter is a semi-supervised approach applied for global model adaptation to each of the participant’s traffic. Experimental results indicate that global models perform significantly better for each participant, when locally personalized with just a few active learning queries. Specifically, we demonstrate how the accuracy increase can reach 7.07% in only 10 queries.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Priyanka Verma,John G. Breslin,Donna O'Shea

DOI: https://doi.org/10.3390/s22228974

IF: 3.9

2022-11-19

Sensors

Abstract:The rapid development in manufacturing industries due to the introduction of IIoT devices has led to the emergence of Industry 4.0 which results in an industry with intelligence, increased efficiency and reduction in the cost of manufacturing. However, the introduction of IIoT devices opens up the door for a variety of cyber threats in smart industries. The detection of cyber threats against such extensive, complex, and heterogeneous smart manufacturing industries is very challenging due to the lack of sufficient attack traces. Therefore, in this work, a Federated Learning enabled Deep Intrusion Detection framework is proposed to detect cyber threats in smart manufacturing industries. The proposed FLDID framework allows multiple smart manufacturing industries to build a collaborative model to detect threats and overcome the limited attack example problem with individual industries. Moreover, to ensure the privacy of model gradients, Paillier-based encryption is used in communication between edge devices (representative of smart industries) and the server. The deep learning-based hybrid model, which consists of a Convolutional Neural Network, Long Short Term Memory, and Multi-Layer Perceptron is used in the intrusion detection model. An exhaustive set of experiments on the publically available dataset proves the effectiveness of the proposed framework for detecting cyber threats in smart industries over the state-of-the-art approaches.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Mohanad Sarhan,Siamak Layeghy,Nour Moustafa,Marius Portmann

DOI: https://doi.org/10.1007/s10922-022-09691-3

2022-10-08

Journal of Network and Systems Management

Abstract:The uses of machine learning (ML) technologies in the detection of network attacks have been proven to be effective when designed and evaluated using data samples originating from the same organisational network. However, it has been very challenging to design an ML-based detection system using heterogeneous network data samples originating from different sources and organisations. This is mainly due to privacy concerns and the lack of a universal format of datasets. In this paper, we propose a collaborative cyber threat intelligence sharing scheme to allow multiple organisations to join forces in the design, training, and evaluation of a robust ML-based network intrusion detection system. The threat intelligence sharing scheme utilises two critical aspects for its application; the availability of network data traffic in a common format to allow for the extraction of meaningful patterns across data sources and the adoption of a federated learning mechanism to avoid the necessity of sharing sensitive users' information between organisations. As a result, each organisation benefits from the intelligence of other organisations while maintaining the privacy of its data internally. In this paper, the framework has been designed and evaluated using two key datasets in a NetFlow format known as NF-UNSW-NB15-v2 and NF-BoT-IoT-v2. In addition, two other common scenarios are considered in the evaluation process; a centralised training method where local data samples are directly shared with other organisations and a localised training method where no threat intelligence is shared. The results demonstrate the efficiency and effectiveness of the proposed framework by designing a universal ML model effectively classifying various benign and intrusive traffic types originating from multiple organisations without the need for inter-organisational data exchange.

computer science, information systems,telecommunications

Ruijie Zhao,Yue Yin,Yong Shi,Zhi Xue

DOI: https://doi.org/10.1016/j.phycom.2020.101157

IF: 2.379

2020-01-01

Physical Communication

Abstract:Deep learning based intelligent intrusion detection (IID) methods have been received strongly attention for computer security protection in cybersecurity. All these learning models are trained at either a single user server or centralized server. For one thing, it is almost impossible to train a powerful deep learning model at a single user. For other, it will encounter intrusion risks at centre server and violate user privacy if collecting dataset from all of user servers. In order to solve these problems, this paper proposes an effective IID method based on federated learning (FL) aided long short-term memory (FL-LSTM) framework. First, the initial LSTM global model is deployed at all of user servers. Second, each user trains its single model and then uploads its model parameters to central server. Finally, the central server performs model parameters aggregation to form a new global model and distributes it to user servers. Use this step as a loop for communication to complete the training of the intrusion detection model. Simulation results show that our proposed method achieves a higher accuracy and better consistency than conventional methods.