IEEE Access (Jan 2024)

Enhancing Intrusion Detection in IoT Networks Through Federated Learning

  • Raju Dhakal,
  • Waleed Raza,
  • Vijayanth Tummala,
  • Laxima Niure Kandel

DOI
https://doi.org/10.1109/ACCESS.2024.3495702
Journal volume & issue
Vol. 12
pp. 167168 – 167182

Abstract

Read online

Internet of Things (IoT) networks face significant cybersecurity risks primarily due to their extensive connectivity, node heterogeneity, lack of robust security measures, and the considerable amount of sensitive data they accumulate and transmit. Cyber intrusions in IoT networks can result in severe effects, including privacy violations, data breaches, and even physical harm. For traditional centralized learning (CL)-based intrusion detection (ID) and identification methods to work, the local IoT data has to be sent to a third-party central server for training. This uses a lot of bandwidth and poses privacy risks. To deal with this challenge, federated learning (FL) emerges as a promising solution for ID as it enables on-device learning without transmitting private IoT data to a central server. To the best of our knowledge, existing FL-based IDs are limited to binary classification. This paper addresses this limitation by implementing an FL-based ID with multi-class classification of intrusions on the N-BaIoT dataset. Enabling multi-class classification of intrusions allows for implementing more targeted and effective attack-specific countermeasures. We implement multi-class intrusion classification on both CL and FL-based methods (FedAvg and FedAvg+) and focus on key metrics such as accuracy and F1-score. Our results demonstrate that the FedAvg+ approach yields performance comparable to CL while offering the added advantage of enhanced privacy. Additionally, the FL-based method outperforms traditional CL, particularly in identifying intrusions from Mirai and Bashlite botnet attacks.

Keywords