Valerian Rey,Pedro Miguel Sánchez Sánchez,Alberto Huertas Celdrán,Gérôme Bovet

DOI: https://doi.org/10.1016/j.comnet.2021.108693

IF: 5.493

2022-02-01

Computer Networks

Abstract:Billions of IoT devices lacking proper security mechanisms have been manufactured and deployed for the last years, and more will come with the development of Beyond 5G technologies. Their vulnerability to malware has motivated the need for efficient techniques to detect infected IoT devices inside networks. With data privacy and integrity becoming a major concern in recent years, increasing with the arrival of 5G and Beyond networks, new technologies such as federated learning and blockchain emerged. They allow training machine learning models with decentralized data while preserving its privacy by design. This work investigates the possibilities enabled by federated learning concerning IoT malware detection and studies security issues inherent to this new learning paradigm. In this context, a framework that uses federated learning to detect malware affecting IoT devices is presented. N-BaIoT, a dataset modeling network traffic of several real IoT devices while affected by malware, has been used to evaluate the proposed framework. Both supervised and unsupervised federated models (multi-layer perceptron and autoencoder) able to detect malware affecting seen and unseen IoT devices of N-BaIoT have been trained and evaluated. Furthermore, their performance has been compared to two traditional approaches. The first one lets each participant locally train a model using only its own data, while the second consists of making the participants share their data with a central entity in charge of training a global model. This comparison has shown that the use of more diverse and large data, as done in the federated and centralized methods, has a considerable positive impact on the model performance. Besides, the federated models, while preserving the participant’s privacy, show similar results as the centralized ones. As an additional contribution and to measure the robustness of the federated approach, an adversarial setup with several malicious participants poisoning the federated model has been considered. The baseline model aggregation averaging step used in most federated learning algorithms appears highly vulnerable to different attacks, even with a single adversary. The performance of other model aggregation functions acting as countermeasures is thus evaluated under the same attack scenarios. These functions provide a significant improvement against malicious participants, but more efforts are still needed to make federated approaches robust.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Farhan Ullah,Leonardo mostarda,Diletta Cacciagrano,Chien-Ming Chen,Saru Kumari

DOI: https://doi.org/10.1109/mce.2024.3431792

2024-01-01

IEEE Consumer Electronics Magazine

Abstract:Consumer electronics, particularly Android, has become the leading mobile ecosystem due to its accessibility and adaptability. However, the constant connectivity of Android apps makes them a target for malicious network attacks, leading to the potential theft of sensitive data and disruptions across various sectors, including the economy and healthcare. Developing a reliable, distributed malware detection system using training data from multiple sources is challenging. This is mostly due to privacy issues and a lack of consistent data. This paper proposes a semantic-driven Federated Learning (FL) approach using transformer-based transfer learning to defend against distributed malicious attacks. The semantic features of malicious scripts are examined using the Bidirectional Encoder Representations from the Transformers (BERT) model. Following that, Deep Neural Network (DNN) uses these semantic features for local training, resulting in local model updates for each client. After merging the local model updates from each client, the global server generates global weights and sends them to distant clients. The proposed approach is evaluated on two standard datasets, including CIC-AndMal2017 and CICMalDroid2020, and it obtains high detection accuracy of 99.38% and 99.14%, respectively. These findings encourage cybersecurity organizations to collaborate and develop a powerful distributed security system using private data.

Wenbo Fang,Junjiang He,Wenshan Li,Xiaolong Lan,Yang Chen,Tao Li,Jiwu Huang,Linlin Zhang

DOI: https://doi.org/10.1109/tifs.2023.3287395

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Android malware and its variants are a major challenge for mobile platforms. However, there are two main problems in the existing detection methods: $a$ ) The detection method lacks the evolution ability for Android malware, which leads to the low detection rate of the detection model for malware and its variants. $b$ ) Traditional detection methods require centralized data for model training, however, the aggregation of training samples is limited due to the infectivity of malware and growing data privacy concerns, centralized detection methods are difficult to be applied in actual detection scenarios. In this paper, we propose FEDriod, a comprehensive Android malware detection method based on federated learning architecture that protects against growing Android malware or emerging Android malware variants. Specifically, we employ genetic evolution strategy to simulate the evolution of Android malware and develop potential malware variants from typical Android malware. Then, we customize the Android malware detection model based on residual neural network to achieve high detection accuracy. Finally, to achieve the protection sensitive data, we develope a federated learning framework to allows multiple Android malware detection agencies to jointly build a comprehensive Android malware detection model. We comprehensively evaluate the performance of FEDriod on the CIC, Drebin, and Contagio authoritative datasets. Experimental results show that our local model outperforms all baseline classifiers. In the federal scenario, our proposed method is superior to the state-of-the-art detection methods, especially in the cross-dataset evaluation, the F1 of FEDriod is 98.53%. More important, we performed genetic evolution experiments on the Drebin dataset, and the results showed that our proposed method has the ability to detect Android malware variants.

computer science, theory & methods,engineering, electrical & electronic

Ghazaleh Shirvani,Saeid Ghasemshirazi,Mohammad Ali Alipour

2024-03-17

Abstract:The rapid proliferation of the Internet of Things (IoT) has ushered in transformative connectivity between physical devices and the digital realm. Nonetheless, the escalating threat of Distributed Denial of Service (DDoS) attacks jeopardizes the integrity and reliability of IoT networks. Conventional DDoS mitigation approaches are ill-equipped to handle the intricacies of IoT ecosystems, potentially compromising data privacy. This paper introduces an innovative strategy to bolster the security of IoT networks against DDoS attacks by harnessing the power of Federated Learning that allows multiple IoT devices or edge nodes to collaboratively build a global model while preserving data privacy and minimizing communication overhead. The research aims to investigate Federated Learning's effectiveness in detecting and mitigating DDoS attacks in IoT. Our proposed framework leverages IoT devices' collective intelligence for real-time attack detection without compromising sensitive data. This study proposes innovative deep autoencoder approaches for data dimensionality reduction, retraining, and partial selection to enhance the performance and stability of the proposed model. Additionally, two renowned aggregation algorithms, FedAvg and FedAvgM, are employed in this research. Various metrics, including true positive rate, false positive rate, and F1-score, are employed to evaluate the model. The dataset utilized in this research, N-BaIoT, exhibits non-IID data distribution, where data categories are distributed quite differently. The negative impact of these distribution disparities is managed by employing retraining and partial selection techniques, enhancing the final model's stability. Furthermore, evaluation results demonstrate that the FedAvgM aggregation algorithm outperforms FedAvg, indicating that in non-IID datasets, FedAvgM provides better stability and performance.

Cryptography and Security,Artificial Intelligence,Machine Learning

Farhan Ullah,Gautam Srivastava

DOI: https://doi.org/10.1109/mce.2024.3418129

2024-01-01

IEEE Consumer Electronics Magazine

Abstract:Consumer electronics are substantially compromised by malware, which can traverse numerous operating systems and file formats. Considerable effort has been devoted to developing malware detection systems that employ Machine Learning (ML) and Deep Learning (DL). However, these models are susceptible to adversarial attacks, where maliciously crafted inputs can bypass detection mechanisms. In this paper, we present Fed-Adversarial, a novel technique for malware detection against adversarial attacks that employ intermittent clients-based Federated Learning (FL). This method can improve adversarial attack detection while preserving data privacy for each client. The raw malware images are first normalized and converted to color to extract features efficiently. Additionally, a wide range of adversarial examples is generated using normalized images to maximize evasion opportunities and reduce perturbations. Following this, adversarial examples are employed by Deep Convolutional Neural Networks (CNNs) during local training, resulting in Local Model Updates (LMUs). After combining these LMUs, the global server produces Global Model Updates (GMU), delivered to distant clients. The proposed approach is evaluated on standard datasets, including dumpware10 , malimg , and MaleVis , and it obtains high detection accuracy of 99.18%, 98.12%, and 98.38%, respectively.

Xinjun Pei,Xiaoheng Deng,Shengwei Tian,Lan Zhang,Kaiping Xue

DOI: https://doi.org/10.1109/tdsc.2022.3173664

2022-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:As the demand for Internet of Things (IoT) technologies continues to grow, IoT devices have been viable targets for malware infections. Although deep learning-based malware detection has achieved great success, the detection models are usually trained based on the collected user records, thereby leading to significant privacy risks. One promising solution is to leverage federated learning (FL) to enable distributed on-device training without centralizing the private user records. However, it is non-trivial for IoT users to label these records, where the quality and the trustworthiness of data labeling are hard to guarantee. To address the above issues, this paper develops a semi-supervised federated IoT malware detection framework based on knowledge transfer technologies, named by FedMalDE. Specifically, FedMalDE explores the underlying correlation between labeled and unlabeled records to infer labels towards unlabeled samples by the knowledge transfer mechanism. Moreover, a specially designed subgraph aggregated capsule network (SACN) is used to efficiently capture varied malicious behaviors. The extensive experiments conducted on real-world data demonstrate the effectiveness of FedMalDE in detecting IoT malware and its sufficient privacy and robustness guarantee.

Himanshi Babbar,Shalli Rani,Wadii Boulila

DOI: https://doi.org/10.1038/s41598-024-61298-7

IF: 4.6

2024-05-14

Scientific Reports

Abstract:Distributed denial-of-service (DDoS) attacks persistently proliferate, impacting individuals and Internet Service Providers (ISPs). Deep learning (DL) models are paving the way to address these challenges and the dynamic nature of potential threats. Traditional detection systems, relying on signature-based techniques, are susceptible to next-generation malware. Integrating DL approaches in cloud-edge/federated servers enhances the resilience of these systems. In the Internet of Things (IoT) and autonomous networks, DL, particularly federated learning, has gained prominence for attack detection. Unlike conventional models (centralized and localized DL), federated learning does not require access to users' private data for attack detection. This approach is gaining much interest in academia and industry due to its deployment on local and global cloud-edge models. Recent advancements in DL enable training a quality cloud-edge model across various users (collaborators) without exchanging personal information. Federated learning, emphasizing privacy preservation at the cloud-edge terminal, holds significant potential for facilitating privacy-aware learning among collaborators. This paper addresses: (1) The deployment of an optimized deep neural network for network traffic classification. (2) The coordination of federated server model parameters with training across devices in IoT domains. A federated flowchart is proposed for training and aggregating local model updates. (3) The generation of a global model at the cloud-edge terminal after multiple rounds between domains and servers. (4) Experimental validation on the BoT-IoT dataset demonstrates that the federated learning model can reliably detect attacks with efficient classification, privacy, and confidentiality. Additionally, it requires minimal memory space for storing training data, resulting in minimal network delay. Consequently, the proposed framework outperforms both centralized and localized DL models, achieving superior performance.

multidisciplinary sciences

Shihua Sun,Pragya Sharma,Kenechukwu Nwodo,Angelos Stavrou,Haining Wang

2024-08-14

Abstract:The rapid proliferation of Internet of Things (IoT) devices across multiple sectors has escalated serious network security concerns. This has prompted ongoing research in Machine Learning (ML)-based Intrusion Detection Systems (IDSs) for cyber-attack classification. Traditional ML models require data transmission from IoT devices to a centralized server for traffic analysis, raising severe privacy concerns. To address this issue, researchers have studied Federated Learning (FL)-based IDSs that train models across IoT devices while keeping their data localized. However, the heterogeneity of data, stemming from distinct vulnerabilities of devices and complexity of attack vectors, poses a significant challenge to the effectiveness of FL models. While current research focuses on adapting various ML models within the FL framework, they fail to effectively address the issue of attack class imbalance among devices, which significantly degrades the classification accuracy of minority attacks. To overcome this challenge, we introduce FedMADE, a novel dynamic aggregation method, which clusters devices by their traffic patterns and aggregates local models based on their contributions towards overall performance. We evaluate FedMADE against other FL algorithms designed for non-IID data and observe up to 71.07% improvement in minority attack classification accuracy. We further show that FedMADE is robust to poisoning attacks and incurs only a 4.7% (5.03 seconds) latency overhead in each communication round compared to FedAvg, without increasing the computational load of IoT devices.

Cryptography and Security,Networking and Internet Architecture

Abdulwahab Ali Almazroi,Nasir Ayub

DOI: https://doi.org/10.3390/systems11110547

2023-11-11

Systems

Abstract:The Internet of Things (IoT) constitutes the foundation of a deeply interconnected society in which objects communicate through the Internet. This innovation, coupled with 5G and artificial intelligence (AI), finds application in diverse sectors like smart cities and advanced manufacturing. With increasing IoT adoption comes heightened vulnerabilities, prompting research into identifying IoT malware. While existing models excel at spotting known malicious code, detecting new and modified malware presents challenges. This paper presents a novel six-step framework. It begins with eight malware attack datasets as input, followed by insights from Exploratory Data Analysis (EDA). Feature engineering includes scaling, One-Hot Encoding, target variable analysis, feature importance using MDI and XGBoost, and clustering with K-Means and PCA. Our GhostNet ensemble, combined with the Gated Recurrent Unit Ensembler (GNGRUE), is trained on these datasets and fine-tuned using the Jaya Algorithm (JA) to identify and categorize malware. The tuned GNGRUE-JA is tested on malware datasets. A comprehensive comparison with existing models encompasses performance, evaluation criteria, time complexity, and statistical analysis. Our proposed model demonstrates superior performance through extensive simulations, outperforming existing methods by around 15% across metrics like AUC, accuracy, recall, and hamming loss, with a 10% reduction in time complexity. These results emphasize the significance of our study’s outcomes, particularly in achieving cost-effective solutions for detecting eight malware strains.

Umer Zukaib,Xiaohui Cui,Chengliang Zheng,Dong Liang,Salah Ud Din

DOI: https://doi.org/10.1016/j.jpdc.2024.104934

IF: 4.542

2024-06-08

Journal of Parallel and Distributed Computing

Abstract:The Internet of Medical Things (IoMT) is a transformative fusion of medical sensors, equipment, and the Internet of Things, positioned to transform healthcare. However, security and privacy concerns hinder widespread IoMT adoption, intensified by the scarcity of high-quality datasets for developing effective security solutions. Addressing these challenges, we propose a novel framework for cyberattack detection in dynamic IoMT networks. This framework integrates Federated Learning with Meta-learning, employing a multi-phase architecture for identifying known attacks, and incorporates advanced clustering and biased classifiers to address zero-day attacks. The framework's deployment is adaptable to dynamic and diverse environments, utilizing an Infrastructure-as-a-Service (IaaS) model on the cloud and a Software-as-a-Service (SaaS) model on the fog end. To reflect real-world scenarios, we introduce a specialized IoMT dataset. Our experimental results indicate high accuracy and low misclassification rates, demonstrating the framework's capability in detecting cyber threats in complex IoMT environments. This approach shows significant promise in bolstering cybersecurity in advanced healthcare technologies.

computer science, theory & methods

Yi Shen,Yuhan Zhang,Yuwei Li,Wanmeng Ding,Miao Hu,Yang Li,Cheng Huang,Jie Wang

DOI: https://doi.org/10.1007/978-3-031-56580-9_15

2024-01-01

Abstract:Nowadays, a large number of IoT devices are manufactured and used in daily life. However, the lack of uniform protocols and standards for IoT devices brings many security risks. Malicious attacks on IoT devices such as Mirai are on the rise, leading to more IoT devices joining botnets and launching DDoS attacks. Therefore, it is necessary to detect malicious traffic of IoT devices. To solve this problem, we propose FLIMT, a federated learning based malicious traffic detection framework for IoT devices. We motivated by the fact that it is not practical to centralize and detect the traffic data sent by IoT devices. Besides, considering the data security and confidentiality standards, it is improper to aggregate data from individual IoT devices into a central computing cluster. FLIMT consists of several GRU-based local detection clients and a central server, where local clients rely on local data for model training and testing, and the central server for model aggregation. The experimental results show that FlIMT achieves high detection accuracy on real data collected from IoT devices, and significantly lessens communication rounds.

Danish Javeed,Tianhan Gao,Muhammad Shahid Saeed,Muhammad Taimoor Khan

DOI: https://doi.org/10.1109/JIOT.2023.3288563

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The recent innovations in the network communication domain have entirely revolutionized the conventional industrial sector by introducing a new era of automatic communication. The Industrial Internet of Things (IIoT) is acknowledged as an exclusive space where Internet of Things (IoT) seems to divulge expressive manifestations. However, the expanded connectivity, more openness, and the widespread use of low-power communication devices of IIoT makes them vulnerable to malicious attacks, and criminal activities. Moreover, the heterogeneous and prevalent nature of the IIoT devices makes it very difficult to come up with a centralized threat detection mechanism, thus, its security remains a major concern. Motivated by this, we propose a fog-empowered augmented intelligence (IA)-based defensive mechanism to ensure secure communication in IoT-enabled smart industries. The designed framework incorporates the aggregated potentials of two highly acclaimed deep learning (DL) classifiers: 1) gated recurrent unit (GRU) and 2) bidirectional long short-term memory (BiLSTM), where the DL-based scheme detects anomalies in such industrial networks and the FOG-based scenario promotes the routing flexibility and interoperability of the heterogeneous devices of the IoT-enabled smart industrial network. The validity of the proposed mechanism is analytically investigated by conducting a comparison with the benchmark threat detection techniques. The proposed solution is also generically examined parallel to some state-of-the-art approaches. The Cu-GRU-BiLSTM framework achieved up to 99.91% accuracy with a low-false alarm rate and outperforms the baseline and recent threat detection approaches. The simulation and comparison results validate the effectiveness of the proposed mechanism and advocate it as a phenomenal choice to ensure efficacious and secure communication in IoT-based smart industries.

MUHAMMAD MUMTAZ ALI,WANG ZHENFEI,HOU WEIYAN,ZEESHAN SHAUKAT,AYESHA SHABBIR,AQSA RASHEED,FAIQA MAQSOOD,QASIM ZIA,HAMEED UR REHMAN

DOI: https://doi.org/10.21203/rs.3.rs-2145279/v1

2022-01-01

Abstract:Abstract Internet of Things (IoT) devices are used to sense, gather, transmit and control data. IoT improves user experiences by connecting and sharing information across smart devices. Malware attacks easily target IoT-connected consoles to get control or damage privacy. Effective IoT device protection might rescue millions of internet users from malware. Malware detection methods are computationally expensive and complex. Many different machine learning models were used to deduct malware or viruses. As innovation advances, threat intelligence and malware researchers struggle. Traditional security measures like firewalls and Intrusion Detection Systems (IDS) must be changed to work with the current IoT models. Also, the Internet of Things and Cloud/Fog Computing go well together. They are often used interchangeably when talking about technical services and work together to make IoT services more complete. This study suggests deep learning-based approaches for detecting IoT malware in order to prevent harm to IoT devices. The proposed algorithms AlexNet, ResNet-18, and Convolution Neural Network (CNN) are applied to the well-known public dataset "Mal_Img". The experimental findings show that the accuracy of the suggested method is superior to that of earlier state-of-the-art and deep learning methods. The highest attained accuracies for proposed methods proposed algorithms AlexNet, ResNet-18, and Convolution Neural Network are 97.74%, 88.74%, and 98.02%. Our framework has currently been demonstrated to be a useful research tool for the BitDefender AntiMalware Research Labs' computer security specialists. In the future, more advanced malware (polymorphic and metamorphic) can be detected using the same models.

Shahriar Usman Khan,Fariha Eusufzai,Saifur Rahman Sabuj,Mahmoud Elsharief,Md Mamunur Rashid,Md. Azharuddin Redwan

DOI: https://doi.org/10.3390/network3010008

2023-01-30

Network

Abstract:The Internet of Things (IoT) is a network of electrical devices that are connected to the Internet wirelessly. This group of devices generates a large amount of data with information about users, which makes the whole system sensitive and prone to malicious attacks eventually. The rapidly growing IoT-connected devices under a centralized ML system could threaten data privacy. The popular centralized machine learning (ML)-assisted approaches are difficult to apply due to their requirement of enormous amounts of data in a central entity. Owing to the growing distribution of data over numerous networks of connected devices, decentralized ML solutions are needed. In this paper, we propose a Federated Learning (FL) method for detecting unwanted intrusions to guarantee the protection of IoT networks. This method ensures privacy and security by federated training of local IoT device data. Local IoT clients share only parameter updates with a central global server, which aggregates them and distributes an improved detection algorithm. After each round of FL training, each of the IoT clients receives an updated model from the global server and trains their local dataset, where IoT devices can keep their own privacy intact while optimizing the overall model. To evaluate the efficiency of the proposed method, we conducted exhaustive experiments on a new dataset named Edge-IIoTset. The performance evaluation demonstrates the reliability and effectiveness of the proposed intrusion detection model by achieving an accuracy (92.49%) close to that offered by the conventional centralized ML models’ accuracy (93.92%) using the FL method.

Beibei Li,Yuhao Wu,Jiarui Song,Rongxing Lu,Tao Li,Liang Zhao

DOI: https://doi.org/10.1109/tii.2020.3023430

IF: 12.3

2021-08-01

IEEE Transactions on Industrial Informatics

Abstract:The rapid convergence of legacy industrial infrastructures with intelligent networking and computing technologies (e.g., 5G, software-defined networking, and artificial intelligence), have dramatically increased the attack surface of industrial cyber–physical systems (CPSs). However, withstanding cyber threats to such large-scale, complex, and heterogeneous industrial CPSs has been extremely challenging, due to the insufficiency of high-quality attack examples. In this article, we propose a novel federated deep learning scheme, named DeepFed, to detect cyber threats against industrial CPSs. Specifically, we first design a new deep learning-based intrusion detection model for industrial CPSs, by making use of a convolutional neural network and a gated recurrent unit. Second, we develop a federated learning framework, allowing multiple industrial CPSs to collectively build a comprehensive intrusion detection model in a privacy-preserving way. Further, a Paillier cryptosystem-based secure communication protocol is crafted to preserve the security and privacy of model parameters through the training process. Extensive experiments on a real industrial CPS dataset demonstrate the high effectiveness of the proposed DeepFed scheme in detecting various types of cyber threats to industrial CPSs and the superiorities over state-of-the-art schemes.

automation & control systems,computer science, interdisciplinary applications,engineering, industrial

Jianhua Li,Lingjuan Lyu,Ximeng Liu,Xuyun Zhang,Xixiang Lyu

DOI: https://doi.org/10.1109/TII.2021.3088938

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:Due to resource constraints and working surroundings, many IIoT nodes are easily hacked and turn into zombies from which to launch attacks. It is challenging to detect such networked zombies rooted behind the Internet for any individual defender. In this article, we combine federated learning (FL) and fog/edge computing to combat malicious codes. Our protocol trains a global optimized model based on distributed datasets of collaborators while removing the data and communication constraints. The FL-based detection protocol maximizes the values of distributed data samples, resulting in an accurate model timely. On top of the protocol, we place mitigation intelligence in a distributed and collaborative manner. Our approach improves accuracy, eliminates mitigation time, and enlarges attackers' expense within a defense alliance. Comprehensive evaluations confirm that the cost incurred is 2.7 times larger, the mitigation response time is 72% lower, and the accuracy is 47% higher on average. Besides, the protocol evaluation shows the detection accuracy is approximately 98% in the FL, which is almost the same as centralized training.

Hamad Naeem,Farhan Ullah,Muhammad Rashid Naeem,Shehzad Khalid,Danish Vasan,Sohail Jabbar,Saqib Saeed

DOI: https://doi.org/10.1016/j.adhoc.2020.102154

IF: 4.816

2020-01-01

Ad Hoc Networks

Abstract:Now the Industrial Internet of Things (IIoT) devices can be deployed to monitor the flow of data, the source of collection and supervision on a large scale of complex networks. It implements large networks for sending and receiving data connected by smart devices. Malware threats, which are primarily targeted at conventional computers linked to the Internet, can also be targeted at IoT machines. Therefore, a smart protection approach is needed to protect millions of IIoT users against malicious attacks. On the other hand, existing state-of - the-art malware identification methods are not better in terms of computational complexity. In this paper, we design architecture to detect malware attacks on the Industrial Internet of Things (MD-IIOT). For an in-depth analysis of malware, a methodology is proposed based on color image visualization and deep convolution neural network. The findings of the proposed method are compared to former approaches to malware detection. The experimental results indicate that the proposed method's predictive time and detection accuracy are higher than that of previous machine learning and deep learning methods. (C) 2020 Elsevier B.V. All rights reserved.

Abdulwahab Ali Almazroi,Nasir Ayub

DOI: https://doi.org/10.1038/s41598-024-57864-8

IF: 4.6

2024-04-04

Scientific Reports

Abstract:The rapid expansion of AI-enabled Internet of Things (IoT) devices presents significant security challenges, impacting both privacy and organizational resources. The dynamic increase in big data generated by IoT devices poses a persistent problem, particularly in making decisions based on the continuously growing data. To address this challenge in a dynamic environment, this study introduces a specialized BERT-based Feed Forward Neural Network Framework (BEFNet) designed for IoT scenarios. In this evaluation, a novel framework with distinct modules is employed for a thorough analysis of 8 datasets, each representing a different type of malware. BEFSONet is optimized using the Spotted Hyena Optimizer (SO), highlighting its adaptability to diverse shapes of malware data. Thorough exploratory analyses and comparative evaluations underscore BEFSONet's exceptional performance metrics, achieving 97.99% accuracy, 97.96 Matthews Correlation Coefficient, 97% F1-Score, 98.37% Area under the ROC Curve(AUC-ROC), and 95.89 Cohen's Kappa. This research positions BEFSONet as a robust defense mechanism in the era of IoT security, offering an effective solution to evolving challenges in dynamic decision-making environments.

multidisciplinary sciences

Zhixuan Ma,Haichang Gao,Shangwen Li,Ping Wang

DOI: https://doi.org/10.1109/tii.2024.3410319

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:Federated learning (FL) systems enable collaborative model training among industrial Internet of Things (IIoT) devices but face significant security challenges, particularly in backdoor attacks, due to the nonindependent and identically distributed (non-IID) nature of data. To address this challenge, we propose a stability-enhanced dynamic backdoor defense approach in FL for IIoT, which maintains primary task accuracy while strengthening defenses in non-IID environments. Leveraging the similarity between data distribution and model updates, we segment non-IID scenarios into multiple quasi-IID environments. Our approach includes a dynamic client matching module, a malicious filtering module, and robust personalized aggregation to reduce the success rate of backdoor attacks while augmenting the resilience and precision of the aggregated model. The effectiveness of our strategy has been validated through analyses on the Modified National Institute of Standards and Technology database (MNIST), Canadian Institute for Advanced Research, 10 classes (CIFAR-10), Internet of Things (IoT)-23, and Washington University in St. Louis (WUSTL)-IIOT datasets in both IID and non-IID scenarios. Notably, on the IoT-23 and WUSTL-IIOT, the success rate of backdoor attacks was significantly reduced to 3.46%.

Mohamed Amine Ferrag,Othmane Friha,Leandros Maglaras,Helge Janicke,Lei Shu

DOI: https://doi.org/10.1109/access.2021.3118642

IF: 3.9

2021-01-01

IEEE Access

Abstract:In this article, we present a comprehensive study with an experimental analysis of federated deep learning approaches for cyber security in the Internet of Things (IoT) applications. Specifically, we first provide a review of the federated learning-based security and privacy systems for several types of IoT applications, including, Industrial IoT, Edge Computing, Internet of Drones, Internet of Healthcare Things, Internet of Vehicles, etc. Second, the use of federated learning with blockchain and malware/intrusion detection systems for IoT applications is discussed. Then, we review the vulnerabilities in federated learning-based security and privacy systems. Finally, we provide an experimental analysis of federated deep learning with three deep learning approaches, namely, Recurrent Neural Network (RNN), Convolutional Neural Network (CNN), and Deep Neural Network (DNN). For each deep learning model, we study the performance of centralized and federated learning under three new real IoT traffic datasets, namely, the Bot-IoT dataset, the MQTTset dataset, and the TON_IoT dataset. The goal of this article is to provide important information on federated deep learning approaches with emerging technologies for cyber security. In addition, it demonstrates that federated deep learning approaches outperform the classic/centralized versions of machine learning (non-federated learning) in assuring the privacy of IoT device data and provide the higher accuracy in detecting attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic