Yalan Guo,Yulei Wu,Yanchao Zhu,Bingqiang Yang,Chunjing Han

DOI: https://doi.org/10.1109/ijcnn52387.2021.9533294

2021-07-18

Abstract:Large-scale software systems are generally deployed on distributed machines. Logs are usually collected from those machines for comprehensive and accurate system fault analysis. However, there are potential challenges during log transmission from distributed machines to third-party data analytics services. First, uploading massive raw logs causes tremendous bandwidth consumption. Moreover, user privacy contained in logs is easy to get leaked during transmission. To address these issues, we introduce federated learning for anomaly detection using distributed log data. However, gradient updates of model parameters transmitted between the server (third-party data analytics services) and participants (distributed machines) in federated learning have been proved of possible recovery by attackers, so encryption of gradient updates is necessary for enhanced privacy protection. Considering that encryption time is proportional to the number of parameters, we propose a lightweight federated learning method for anomaly detection, named FLOGCNN, using distributed log data. The sever in FLOGCNN aggregates gradient updates according to the sample size of participants to generate an integrated model. For local training, participants apply an anomaly detection model based on one-dimensional convolution with much fewer parameters. Extensive experiments are conducted for FLOGCNN using open log datasets. Results demonstrate that FLOGCNN outperforms baseline methods on anomaly detection and reduces 97.08% parameters in comparison with one baseline method. Furthermore, we perform exploratory experiments on lightweight models and results manifest that logs with simple semantic information are suitable for lightweight anomaly detection models.

Zumin Wang,Jiyu Tian,Hui Fang,Liming Chen,Jing Qin

DOI: https://doi.org/10.1016/j.comnet.2021.108616

IF: 5.493

2022-01-01

Computer Networks

Abstract:Log anomaly detection on edge devices is the key to enhance edge security when deploying IoT systems. Despite the success of many newly proposed deep learning based log anomaly detection methods, handling large-scale logs on edge devices is still a bottleneck due to the limited computational power on these devices to fulfil the real-time processing requirement for accurate anomaly detection. In this work, we propose a novel lightweight log anomaly detection algorithm, named LightLog, to tackle this research gap. In specific, we achieve real-time processing speed on the task via two aspects: (i) creation of a low-dimensional semantic vector space based on word2vec and post-processing algorithms (PPA); and (ii) design of a lightweight temporal convolutional network (TCN) for the detection. These two components significantly reduce the number of parameters and computations of a standard TCN while improving the detection performance. Experimental results show that our LightLog outperforms several benchmarking methods, namely DeepLog, LogAnomaly and RobustLog, by achieving 97.0 F1 score on HDFS Dataset and 97.2 F1 score on BGL with smallest model size. This effective yet efficient method paves the way to the deployment of log anomaly detection on the edge. Our source code and datasets are freely available on https://github.com/Aquariuaa/LightLog .

William Marfo,Deepak K. Tosh,Shirley V. Moore

DOI: https://doi.org/10.48550/arXiv.2303.07452

2023-03-14

Abstract:Due to the veracity and heterogeneity in network traffic, detecting anomalous events is challenging. The computational load on global servers is a significant challenge in terms of efficiency, accuracy, and scalability. Our primary motivation is to introduce a robust and scalable framework that enables efficient network anomaly detection. We address the issue of scalability and efficiency for network anomaly detection by leveraging federated learning, in which multiple participants train a global model jointly. Unlike centralized training architectures, federated learning does not require participants to upload their training data to the server, preventing attackers from exploiting the training data. Moreover, most prior works have focused on traditional centralized machine learning, making federated machine learning under-explored in network anomaly detection. Therefore, we propose a deep neural network framework that could work on low to mid-end devices detecting network anomalies while checking if a request from a specific IP address is malicious or not. Compared to multiple traditional centralized machine learning models, the deep neural federated model reduces training time overhead. The proposed method performs better than baseline machine learning techniques on the UNSW-NB15 data set as measured by experiments conducted with an accuracy of 97.21% and a faster computation time.

Machine Learning,Distributed, Parallel, and Cluster Computing

Ishaani Priyadarshini

DOI: https://doi.org/10.3390/bdcc8030021

2024-02-22

Big Data and Cognitive Computing

Abstract:The swift proliferation of the Internet of Things (IoT) devices in smart city infrastructures has created an urgent demand for robust cybersecurity measures. These devices are susceptible to various cyberattacks that can jeopardize the security and functionality of urban systems. This research presents an innovative approach to identifying anomalies caused by IoT cyberattacks in smart cities. The proposed method harnesses federated and split learning and addresses the dual challenge of enhancing IoT network security while preserving data privacy. This study conducts extensive experiments using authentic datasets from smart cities. To compare the performance of classical machine learning algorithms and deep learning models for detecting anomalies, model effectiveness is assessed using precision, recall, F-1 score, accuracy, and training/deployment time. The findings demonstrate that federated learning and split learning have the potential to balance data privacy concerns with competitive performance, providing robust solutions for detecting IoT cyberattacks. This study contributes to the ongoing discussion about securing IoT deployments in urban settings. It lays the groundwork for scalable and privacy-conscious cybersecurity strategies. The results underscore the vital role of these techniques in fortifying smart cities and promoting the development of adaptable and resilient cybersecurity measures in the IoT era.

Wenbin Zhai,Feng Wang,Liang Liu,Youwei Ding,Wanying Lu

2023-08-23

Abstract:Existing FL-based approaches are based on the unrealistic assumption that the data on the client-side is fully annotated with ground truths. Furthermore, it is a great challenge how to improve the training efficiency while ensuring the detection accuracy in the highly heterogeneous and resource-constrained IoT networks. Meanwhile, the communication cost between clients and the server is also a problem that can not be ignored. Therefore, in this paper, we propose a Federated Semi-Supervised and Semi-Asynchronous (FedS3A) learning for anomaly detection in IoT networks. First, we consider a more realistic assumption that labeled data is only available at the server, and pseudo-labeling is utilized to implement federated semi-supervised learning, in which a dynamic weight of supervised learning is exploited to balance the supervised learning at the server and unsupervised learning at clients. Then, we propose a semi-asynchronous model update and staleness tolerant distribution scheme to achieve a trade-off between the round efficiency and detection accuracy. Meanwhile, the staleness of local models and the participation frequency of clients are considered to adjust their contributions to the global model. In addition, a group-based aggregation function is proposed to deal with the non-IID distribution of the data. Finally, the difference transmission based on the sparse matrix is adopted to reduce the communication cost. Extensive experimental results show that FedS3A can achieve greater than 98% accuracy even when the data is non-IID and is superior to the classic FL-based algorithms in terms of both detection performance and round efficiency, achieving a win-win situation. Meanwhile, FedS3A successfully reduces the communication cost by higher than 50%.

Distributed, Parallel, and Cluster Computing

Xiaofeng Wang,Yonghong Wang,Zahra Javaheri,Laila Almutairi,Navid Moghadamnejad,Osama S. Younes

DOI: https://doi.org/10.1016/j.compeleceng.2023.108651

2023-03-24

Abstract:Privacy has emerged as a top worry as a result of the development of zero-day hacks because IoT devices produce and transmit sensitive information through the regular internet. This study suggests a deep neural network (DNN) and federated learning (FL) for an IoT network as well as mutual information (MI) for an effective anomaly detection method. The suggested method is different from the conventional model by use of decentralized on-device data to spot IoT network incursions. The information is kept on localized IoT devices for model training and only modified weights are shared in the centralized FL server is an advantage of integrating FL with Deep learning (DL). It uses the IoT-Botnet 2020 dataset for evaluation. Results demonstrate the efficiency of the DNN-based network intrusion detection system (NIDS) in comparison to the deep learning models with improvement in the accuracy of the model and a reduction in the False Alarm rate (FAR).

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Haolong Xiang,Xuyun Zhang,Xiaolong Xu,Amin Beheshti,Lianyong Qi,Yujie Hong,Wanchun Dou

DOI: https://doi.org/10.1145/3702995

2024-01-01

Abstract:Traditional methods for ensuring security and privacy face challenges in safeguarding multimedia data within the IoT-edge continuum, as their significant computational demands render them unsuitable for IoT devices with limited resources. Next, we find that the federated learning techniques can naturally adapt to edge frameworks and provide effective data security and privacy protection. In this paper, we propose FLiForest, an innovative anomaly detection approach that integrates federated learning with the isolation forest algorithm, tailored for the IoT-edge continuum. Specifically, our method designs a three-stage process, including data collection and sampling, model training, and data testing, to train an isolation forest among clients and edge servers jointly. In the training of each layer, all clients upload parameters to the central server for aggregation. FLiForest facilitates decentralized model training across IoT devices, enhancing data privacy and reducing computational burden, without necessitating the exchange of multimedia data. Through extensive experiments on a variety of multimedia datasets, the efficacy of our method is benchmarked against the state-of-the-art anomaly detection methods, showcasing its superior detection accuracy and robustness in ensuring data privacy and security.

Yi Liu,Sahil Garg,Jiangtian Nie,Yang Zhang,Zehui Xiong,Jiawen Kang,M. Shamim Hossain

DOI: https://doi.org/10.1109/jiot.2020.3011726

IF: 10.6

2021-04-15

IEEE Internet of Things Journal

Abstract:Since edge device failures (i.e., anomalies) seriously affect the production of industrial products in Industrial IoT (IIoT), accurately and timely detecting anomalies are becoming increasingly important. Furthermore, data collected by the edge device contain massive user's private data, which is challenging current detection approaches as user privacy has attracted more and more public concerns. With this focus, this article proposes a new communication-efficient on-device federated learning (FL)-based deep anomaly detection framework for sensing time-series data in IIoT. Specifically, we first introduce an FL framework to enable decentralized edge devices to collaboratively train an anomaly detection model, which can improve its generalization ability. Second, we propose an attention mechanism-based convolutional neural network-long short-term memory (AMCNN-LSTM) model to accurately detect anomalies. The AMCNN-LSTM model uses attention mechanism-based convolutional neural network units to capture important fine-grained features, thereby preventing memory loss and gradient dispersion problems. Furthermore, this model retains the advantages of the long short-term memory unit in predicting time-series data. Third, to adapt the proposed framework to the timeliness of industrial anomaly detection, we propose a gradient compression mechanism based on Top- ${k}$ selection to improve communication efficiency. Extensive experimental studies on four real-world data sets demonstrate that our framework accurately and timely detects anomalies and also reduces the communication overhead by 50% compared to the FL framework that does not use the gradient compression scheme.

computer science, information systems,telecommunications,engineering, electrical & electronic

Seongwoo Kim,He Cai,Cunqing Hua,Pengwenlong Gu,Wenchao Xu,Jeonghyeok Park

DOI: https://doi.org/10.1109/ICCC49849.2020.9238913

2020-01-01

Abstract:In this paper, we propose a federated learning(FL)-based collaborative anomaly detection system. This system consists of multiple edge nodes and a server node. The edge nodes are in charge of not only monitoring and collecting data, but also to train an anomaly detection neural network classification model based on the local data. On the other hand, the server aggregates the parameters from the edges and generates a new model for the next round. This system structure achieves light weight transmission between the server and the edge nodes, and user privacy can be well protected since raw data are not communicated directly. We implement the proposed scheme in the practical system and present experimental results that demonstrate results competitive with those of state-of-the-art models.

Marco Arazzi,Serena Nicolazzo,Antonino Nocera

DOI: https://doi.org/10.1007/s10796-023-10443-0

2023-11-15

Information Systems Frontiers

Abstract:Anomaly detection for the Internet of Things (IoT) is a very important topic in the context of cyber-security. Indeed, as the pervasiveness of this technology is increasing, so is the number of threats and attacks targeting smart objects and their interactions. Behavioral fingerprinting has gained attention from researchers in this domain as it represents a novel strategy to model object interactions and assess their correctness and honesty. Still, there exist challenges in terms of the performance of such AI-based solutions. The main reasons can be alleged to scalability, privacy, and limitations on adopted Machine Learning algorithms. Indeed, in classical distributed fingerprinting approaches, an object models the behavior of a target contact by exploiting only the information coming from the direct interaction with it, which represents a very limited view of the target because it does not consider services and messages exchanged with other neighbors. On the other hand, building a global model of a target node behavior leveraging the information coming from the interactions with its neighbors, may lead to critical privacy concerns. To face this issue, the strategy proposed in this paper exploits Federated Learning to compute a global behavioral fingerprinting model for a target object, by analyzing its interactions with different peers in the network. Our solution allows the training of such models in a distributed way by relying also on a secure delegation strategy to involve less capable nodes in IoT. Moreover, through homomorphic encryption and Blockchain technology, our approach guarantees the privacy of both the target object and the different workers, as well as the robustness of the strategy in the presence of attacks. All these features lead to a secure fully privacy-preserving solution whose robustness, correctness, and performance are evaluated in this paper using a detailed security analysis and an extensive experimental campaign. Finally, the performance of our model is very satisfactory, as it consistently discriminates between normal and anomalous behaviors across all evaluated test sets, achieving an average accuracy value of 0.85.

computer science, information systems, theory & methods

Xiaojun Jin,Chao Ma,Song Luo,Pengyi Zeng,Yifei Wei

DOI: https://doi.org/10.23919/jcn.2024.000016

2024-05-10

Journal of Communications and Networks

Abstract:Anomaly detection in the industrial internet of things (IIoT) devices is significant due to its fundamental role in protecting modern critical infrastructure. In the IIoT, anomaly detection can be carried out by training machine learning models. Data sharing between factories can expand the data from which the model is trained, thus improving the performance of the model. However, due to the sensitivity and privacy of IIoT data, it is also difficult to build a high-performance anomaly detection model between factories. To address this problem, we design an anomaly detection method for IIoT devices combined blockchain of main-side structure and federated learning. We store the global model on the main-chain while the side-chain records the hash value of the global models and local models, which updated by participating nodes, controlling nodes access to the global model through the main-side blockchain and the smart contracts. Only the nodes participating in the current federated learning training can get the latest global model, so as to encourage the nodes to take part in the training of the global model. We designed a proof of accuracy consensus algorithm, and select the nodes to participate in training according to the accuracy of the local model on the test dataset to resist the poisoning attack of the models. We also use the local differential privacy (LDP) algorithm to protect user data privacy from model inference attacks by adding noise to the local model. Finally, we propose a new algorithm named Fed_Acc to keep the accuracy of the global model stable when the users add a lot of noise to their local models.

computer science, information systems,telecommunications

Peng Jia,Shaofeng Cai,Beng Chin Ooi,Pinghui Wang,Yiyuan Xiong

DOI: https://doi.org/10.1145/3588918

2023-01-01

Abstract:Log messages provide a valuable source of runtime information for ensuring the safety and consistency of systems. Recently, many machine learning and deep learning methods have been proposed to automatically detect anomalous log messages, obviating the need for manual detection by experts. However, we find that in practice, the effectiveness of existing learning-based methods is severely affected by incomplete information and distribution shift. Specifically, each log message can actually be parsed into a fixed number of key information fields, while existing methods analyze log messages using only the log event information and ignore other useful information fields that can be critical to anomaly detection. Further, the distribution of real-world log messages changes continuously due to the dynamic nature of the runtime environment and thus, a detection model conventionally trained based on the unrealistic i.i.d. assumption may not provide the expected and consistent performance. In this paper, we present a robust and transferable anomaly detection framework RT-Log to address the above problems. To perform a comprehensive analysis of log messages, we introduce an adaptive relation modeling technique, which captures feature interactions among log information fields selectively and dynamically for effective and interpretable log representations. To establish its robustness and transferability, we propose a general environment generalization technique for learning the environment invariant representations that can generalize across different runtime environments. We evaluate the anomaly detection performance of RT-Log on large real-world datasets. Extensive experimental results demonstrate that RT-Log consistently outperforms state-of-the-art methods by a significant margin under different settings.

Shihua Sun,Pragya Sharma,Kenechukwu Nwodo,Angelos Stavrou,Haining Wang

2024-08-14

Abstract:The rapid proliferation of Internet of Things (IoT) devices across multiple sectors has escalated serious network security concerns. This has prompted ongoing research in Machine Learning (ML)-based Intrusion Detection Systems (IDSs) for cyber-attack classification. Traditional ML models require data transmission from IoT devices to a centralized server for traffic analysis, raising severe privacy concerns. To address this issue, researchers have studied Federated Learning (FL)-based IDSs that train models across IoT devices while keeping their data localized. However, the heterogeneity of data, stemming from distinct vulnerabilities of devices and complexity of attack vectors, poses a significant challenge to the effectiveness of FL models. While current research focuses on adapting various ML models within the FL framework, they fail to effectively address the issue of attack class imbalance among devices, which significantly degrades the classification accuracy of minority attacks. To overcome this challenge, we introduce FedMADE, a novel dynamic aggregation method, which clusters devices by their traffic patterns and aggregates local models based on their contributions towards overall performance. We evaluate FedMADE against other FL algorithms designed for non-IID data and observe up to 71.07% improvement in minority attack classification accuracy. We further show that FedMADE is robust to poisoning attacks and incurs only a 4.7% (5.03 seconds) latency overhead in each communication round compared to FedAvg, without increasing the computational load of IoT devices.

Cryptography and Security,Networking and Internet Architecture

Niyomukiza Thamar,Hossam Samy Elsaid Sharara

2023-08-23

Abstract:In a connection of many IoT devices that each collect data, normally training a machine learning model would involve transmitting the data to a central server which requires strict privacy rules. However, some owners are reluctant of availing their data out of the company due to data security concerns. Federated learning(FL) as a distributed machine learning approach performs training of a machine learning model on the device that gathered the data itself. In this scenario, data is not share over the network for training purpose. Fedavg as one of FL algorithms permits a model to be copied to participating devices during a training session. The devices could be chosen at random, and a device can be aborted. The resulting models are sent to the coordinating server and then average models from the devices that finished training. The process is repeated until a desired model accuracy is achieved. By doing this, FL approach solves the privacy problem for IoT/ IIoT devices that held sensitive data for the owners. In this paper, we leverage the benefits of FL and implemented Fedavg algorithm on a recent dataset that represent the modern IoT/ IIoT device networks. The results were almost the same as the centralized machine learning approach. We also evaluated some shortcomings of Fedavg such as unfairness that happens during the training when struggling devices do not participate for every stage of training. This inefficient training of local or global model could lead in a high number of false alarms in intrusion detection systems for IoT/IIoT gadgets developed using Fedavg. Hence, after evaluating the FedAv deep auto encoder with centralized deep auto encoder ML, we further proposed and designed a Fair Fedavg algorithm that will be evaluated in the future work.

Machine Learning,Artificial Intelligence,Cryptography and Security,Distributed, Parallel, and Cluster Computing

Tung-Anh Nguyen,Long Tan Le,Tuan Dung Nguyen,Wei Bao,Suranga Seneviratne,Choong Seon Hong,Nguyen H. Tran

DOI: https://doi.org/10.1109/TNET.2024.3423780

2024-07-10

Abstract:With the proliferation of the Internet of Things (IoT) and the rising interconnectedness of devices, network security faces significant challenges, especially from anomalous activities. While traditional machine learning-based intrusion detection systems (ML-IDS) effectively employ supervised learning methods, they possess limitations such as the requirement for labeled data and challenges with high dimensionality. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions but pose challenges in deployment onto resource-constrained IoT devices and in interpretability. To address these concerns, this paper proposes a novel federated unsupervised anomaly detection framework, FedPCA, that leverages Principal Component Analysis (PCA) and the Alternating Directions Method Multipliers (ADMM) to learn common representations of distributed non-i.i.d. datasets. Building on the FedPCA framework, we propose two algorithms, FEDPE in Euclidean space and FEDPG on Grassmann manifolds. Our approach enables real-time threat detection and mitigation at the device level, enhancing network resilience while ensuring privacy. Moreover, the proposed algorithms are accompanied by theoretical convergence rates even under a subsampling scheme, a novel result. Experimental results on the UNSW-NB15 and TON-IoT datasets show that our proposed methods offer performance in anomaly detection comparable to nonlinear baselines, while providing significant improvements in communication and memory efficiency, underscoring their potential for securing IoT networks.

Machine Learning,Artificial Intelligence,Cryptography and Security,Distributed, Parallel, and Cluster Computing

Wei Zhu,Dongjin Song,Yuncong Chen,Wei Cheng,Bo Zong,Takehiko Mizoguchi,Cristian Lumezanu,Haifeng Chen,Jiebo Luo

DOI: https://doi.org/10.48550/arXiv.2205.04041

IF: 5.414

2022-05-09

Machine Learning

Abstract:Despite the fact that many anomaly detection approaches have been developed for multivariate time series data, limited effort has been made on federated settings in which multivariate time series data are heterogeneously distributed among different edge devices while data sharing is prohibited. In this paper, we investigate the problem of federated unsupervised anomaly detection and present a Federated Exemplar-based Deep Neural Network (Fed-ExDNN) to conduct anomaly detection for multivariate time series data on different edge devices. Specifically, we first design an Exemplar-based Deep Neural network (ExDNN) to learn local time series representations based on their compatibility with an exemplar module which consists of hidden parameters learned to capture varieties of normal patterns on each edge device. Next, a constrained clustering mechanism (FedCC) is employed on the centralized server to align and aggregate the parameters of different local exemplar modules to obtain a unified global exemplar module. Finally, the global exemplar module is deployed together with a shared feature encoder to each edge device and anomaly detection is conducted by examining the compatibility of testing data to the exemplar module. Fed-ExDNN captures local normal time series patterns with ExDNN and aggregates these patterns by FedCC, and thus can handle the heterogeneous data distributed over different edge devices simultaneously. Thoroughly empirical studies on six public datasets show that ExDNN and Fed-ExDNN can outperform state-of-the-art anomaly detection algorithms and federated learning techniques.

Fanxing Liu,Cheng Zeng,Le Zhang,Yingjie Zhou,Qing Mu,Yanru Zhang,Ling Zhang,Ce Zhu

DOI: https://doi.org/10.48550/arXiv.2212.09518

IF: 5.414

2022-12-19

Machine Learning

Abstract:Time series anomaly detection strives to uncover potential abnormal behaviors and patterns from temporal data, and has fundamental significance in diverse application scenarios. Constructing an effective detection model usually requires adequate training data stored in a centralized manner, however, this requirement sometimes could not be satisfied in realistic scenarios. As a prevailing approach to address the above problem, federated learning has demonstrated its power to cooperate with the distributed data available while protecting the privacy of data providers. However, it is still unclear that how existing time series anomaly detection algorithms perform with decentralized data storage and privacy protection through federated learning. To study this, we conduct a federated time series anomaly detection benchmark, named FedTADBench, which involves five representative time series anomaly detection algorithms and four popular federated learning methods. We would like to answer the following questions: (1)How is the performance of time series anomaly detection algorithms when meeting federated learning? (2) Which federated learning method is the most appropriate one for time series anomaly detection? (3) How do federated time series anomaly detection approaches perform on different partitions of data in clients? Numbers of results as well as corresponding analysis are provided from extensive experiments with various settings. The source code of our benchmark is publicly available at https://github.com/fanxingliu2020/FedTADBench.

Zhaoli Liu,Tao Qin,Xiaohong Guan,Hezhi Jiang,Chenxu Wang

DOI: https://doi.org/10.1109/ACCESS.2018.2843336

IF: 3.9

2018-01-01

IEEE Access

Abstract:Logs are generated by systems to record the detailed runtime information about system operations, and log analysis plays an important role in anomaly detection at the host or network level. Most existing detection methods require a priori knowledge, which cannot be used to detect the new or unknown anomalies. Moreover, the growing volume of logs poses new challenges to anomaly detection. In this paper, we propose an integrated method using K-prototype clustering and k-NN classification algorithms, which uses a novel clustering-filtering-refinement framework to perform anomaly detection from massive logs. First, we analyze the characteristics of system logs and extract 10 features based on the session information to characterize user behaviors effectively. Second, based on these extracted features, the K-prototype clustering algorithm is applied to partition the data set into different clusters. Then, the obvious normal events which usually present as highly coherent clusters are filtered out, and the others are regarded as anomaly candidates for further analysis. Finally, we design two new distance-based features to measure the local and global anomaly degrees for these anomaly candidates. Based on these two new features, we apply the k-NN classifier to generate accurate detection results. To verify the integrated method, we constructed a log collection and anomaly detection platform in the campus network center of Xi'an Jiaotong University. The experimental results based on the data sets collected from the platform show our method has high detection accuracy and low computational complexity.

Oscar Torres Sanchez,Guilherme Borges,Duarte Raposo,André Rodrigues,Fernando Boavida,Jorge Sá Silva

2024-10-15

Abstract:The development of intelligent Industrial Internet of Things (IIoT) systems promises to revolutionize operational and maintenance practices, driving improvements in operational efficiency. Anomaly detection within IIoT architectures plays a crucial role in preventive maintenance and spotting irregularities in industrial components. However, due to limited message and processing capacity, traditional Machine Learning (ML) faces challenges in deploying anomaly detection models in resource-constrained environments like LoRaWAN. On the other hand, Federated Learning (FL) solves this problem by enabling distributed model training, addressing privacy concerns, and minimizing data transmission. This study explores using FL for anomaly detection in industrial and civil construction machinery architectures that use IIoT prototypes with LoRaWAN communication. The process leverages an optimized autoencoder neural network structure and compares federated models with centralized ones. Despite uneven data distribution among machine clients, FL demonstrates effectiveness, with a mean F1 score (of 94.77), accuracy (of 92.30), TNR (of 90.65), and TPR (92.93), comparable to centralized models, considering airtime of trainning messages of 52.8 min. Local model evaluations on each machine highlight adaptability. At the same time, the performed analysis identifies message requirements, minimum training hours, and optimal round/epoch configurations for FL in LoRaWAN, guiding future implementations in constrained industrial environments.

Machine Learning,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Weina Niu,Xuhan Liao,Shiping Huang,Yudong Li,Xiaosong Zhang,Beibei Li

DOI: https://doi.org/10.1016/j.asoc.2024.111314

IF: 8.7

2024-01-01

Applied Soft Computing

Abstract:Log-based anomaly detections have shown huge commercial potential in system maintenance. However, existing methods encounter two practical challenges. Firstly, they struggle to maintain consistent performance when dealing with evolving logs over time. Secondly, they face difficulties in effectively detecting frequency anomalies, such as abnormal system resource usage and abnormal system operating frequencies. In this paper, we propose a robust log-based anomaly detection framework using Wide & Deep learning called WDLog. Particularly, we enhance the processing of template semantic information by building upon the Drain algorithm, then we introduce invariant features and statistical features and propose a multi-feature anomaly detection method based on the Wide & Deep framework. The experimental results on HDFS and BGL datasets demonstrate the promising performance of WDLog compared to state-of-the-art methods in terms of anomaly detection effectiveness. Furthermore, WDLog exhibits robustness to evolving logs, achieving F1-scores of over 90% under different degrees of log variation.