FIGURE 1 - uploaded by Sawsan Abdulrahman
Content may be subject to copyright.
High level architecture: Federated Learning for IoT intrusion detection.
Source publication
With the ever increasing number of cyber-attacks, Internet of Things (IoT) devices are being exposed to serious malware, attacks, and malicious activities alongside their development. While past research has been focused on centralized intrusion detection assuming the existence of a central entity to store and perform analysis on data from all part...
Context in source publication
Context 1
... with this wave of innovations, we aim in this work to investigate the applicability and efficiency of federated learning for IoT intrusion detection. Figure 1 depicts the architecture of the proposed FL scheme for IoT intrusion detection, where a large number of devices are connected to the network and positioned in different sites. While these devices are connected to gateways, their network data is monitored by a profiler for further analysis in the AI-based intrusion detector running on IoT devices. ...
Citations
... A novel cyber defense framework is also presented to improve attack detection accuracy, incorporating a noncooperative game approach and the Federated Generative Adversarial Network (FedGAN) method. To secure networks against malicious devices, Rahman et al. [11] introduced a hierarchical federated defense framework to detect IoT attacks. It provides a hierarchical framework for end-to-end security between the base station and IoT devices. ...
Consumer electronics are substantially compromised by malware, which can traverse numerous operating systems and file formats. Considerable effort has been devoted to developing malware detection systems that employ Machine Learning (ML) and Deep Learning (DL). However, these models are susceptible to adversarial attacks, where maliciously crafted inputs can bypass detection mechanisms. In this paper, we present Fed-Adversarial, a novel technique for malware detection against adversarial attacks that employ intermittent clients-based Federated Learning (FL). This method can improve adversarial attack detection while preserving data privacy for each client. The raw malware images are first normalized and converted to color to extract features efficiently. Additionally, a wide range of adversarial examples is generated using normalized images to maximize evasion opportunities and reduce perturbations. Following this, adversarial examples are employed by Deep Convolutional Neural Networks (CNNs) during local training, resulting in Local Model Updates (LMUs). After combining these LMUs, the global server produces Global Model Updates (GMU), delivered to distant clients. The proposed approach is evaluated on standard datasets, including
dumpware10
,
malimg
, and
MaleVis
, and it obtains high detection accuracy of 99.18%, 98.12%, and 98.38%, respectively.
... Rahman et al. [19] describe a federated learning approach for intrusion detection in an Internet of Things (IoT) environment. This federated learning has the potential to identify intrusions in the IoT environment and control unwanted threats. ...
The act of implementing specific measures to ensure the security of cryptographic keys within an organization is referred to as key management. Securing communication in a decentralized IoT network presents many challenges due to the abundance of devices and the dynamic nature of the network. For this purpose, A Decentralized lightweight group key management (DLGKM) system is proposed in this paper, that leverages fuzzy logic and Crossover boosted Particle Swarm Optimization (CPSO) named FLCPSO-KM to enhance decisions and settle disputes in IoT environments. DLGKM system uses fuzzy logic and CPSO in decision-making and dispute resolution, this allows for qualitative and quantitative optimization, leading to reliable outcomes. The system provides a lightweight and effective solution for secure communication in a decentralized IoT network. It employs a Crossover-boosted particle swarm optimization (PSO) algorithm for secure key revocation from unauthorized devices, ensuring the security of the network and resources. Overall, the proposed DLGKM system provides an effective and efficient solution for secure communication in a decentralized IoT network. The advantages of utilizing fuzzy logic and CPSO in the system include enhanced decision-making and the ability to solve key revocation issues, thus minimizing communication and computational overheads. The proposed approach was compared to existing approaches such as Blockchain-Based Distributed Key Management Architecture (BDKMA), Cognitive Key Management Technique (CKMT), Healthcare Key Management Approach (HCKM), and Hash-Based Key Management Mechanism (AHKM) based on metrics such as security, encryption and decryption time, computational time, throughput, and fitness value. The proposed approach achieved greater efficiency with 98.7% security, encryption, and decryption time of 0.2 s and 0.3 s, throughput of 250 bits per second, and fitness values ranging from 0 to 1 respectively.
... Hence, such models are trained directly on distributed devices while keeping the sensitive patient's data securely stored on those devices [16], [17]. This privacy-preserving characteristic of FL not only prioritises patient privacy but also ensures compliance with regulatory requirements governing healthcare data [18], [19]. Although FL has several benefits in IoMT, its implementation poses several significant challenges that must be tackled effectively [20], [21]. ...
The Internet of Medical Things (IoMT) has emerged as a paradigm shift in healthcare, integrating the Internet of Things (IoT) with medical devices, sensors, and healthcare systems. From peripheral devices that monitor vital signs to remote patient monitoring systems and smart hospitals, IoMT provides a vast array of applications that empower healthcare professionals. However, the integration of IoMT presents numerous obstacles, such as data security, privacy concerns, interoperability, scalability, and ethical considerations. For the successful integration and deployment of IoMT, addressing these obstacles is essential. Federated Learning (FL) permits collaborative model training while maintaining data privacy in distributed environments like IoMT. By incorporating Explainable Artificial Intelligence (XAI) techniques, the resulting models become more interpretable and transparent, enabling healthcare professionals to comprehend the underlying decision-making processes. This integration not only improves the credibility of Artificial Intelligence models but also facilitates the detection of biases, errors, and peculiar patterns in the data. The combination of FL and XAI contributes to the development of more privacy-preserving, trustworthy, and explainable AI systems, which are essential for the development of dependable and ethically sound IoMT applications. Hence, the aim of this paper is to conduct a literature review on the amalgamation of FL and XAI for IoMT.
... Though IDS model employed for securing IoT devices often face significant challenges due to centralizing the model on single cloud server that includes lengthy detection of threats and single point of failure [10]. Additionally, centralizing the processing of IDS model on a single server raises privacy concerns [11]. This makes it challenging to deploy AIDS model directly on these devices. ...
In the rapidly expanding Internet of Things (IoT) landscape, the security of IoT devices is a major concern. The challenge lies in the lack of intrusion detection systems (IDS) models for these devices. This is due to resource limitations, resulting in, single point of failure, delayed threat detection and privacy issues when centralizing IDS processing. To address this, a LiteDLVC model is proposed in this paper, employing a multi-layer perceptron (MLP) in a federated learning (FL) approach to minimize the vulnerabilities in IoT system. This model manages smaller datasets from individual devices, reducing processing time and optimizing computing resources. Importantly, in the event of an attack, the LiteDLVC model targets only the compromised device, protecting the FL aggregator and other IoT devices. The model's evaluation using the BoT-IoT dataset on TensorFlow Federated (TFF) demonstrates higher accuracy and better performance with full features subset of 99.99% accuracy on test set and achieved average of 1.11sec in detecting bot attacks through federated detection. While on 10-best subset achieved 99.99 on test with 1.14sec as average detection time. Notably, this highlights that LiteDLVC model can potential secure IoT device from device level very efficiently. To improve the global model convergence, we are currently exploring the use genetic algorithm. This could lead to better performance on diverse IoT data distributions, and increased overall efficiency in FL scenes with non-IID data.
... This paradigm has been suggested to be deployed in several fields, including IoT applications [2][3][4], industry applications [5], network applications [6] and so on. While FL offers significant advantages in distributed environments, it concurrently faces substantial security challenges [7,8], particularly from malicious clients. Among these, the poisoning attack is a critical threat. ...
In this study, we introduce a novel collaborative federated learning (FL) framework, aiming at enhancing robustness in distributed learning environments, particularly pertinent to IoT and industrial automation scenarios. At the core of our contribution is the development of an innovative grouping algorithm for edge clients. This algorithm employs a distinctive ID distribution function, enabling efficient and secure grouping of both normal and potentially malicious clients. Our proposed grouping scheme accurately determines the numerical difference between normal and malicious groups under various network scenarios. Our method addresses the challenge of model poisoning attacks, ensuring the accuracy of outcomes in a collaborative federated learning framework. Our numerical experiments demonstrate that our grouping scheme effectively limits the number of malicious groups. Additionally, our collaborative FL framework has shown resilience against various levels of poisoning attack abilities and maintained high prediction accuracy across a range of scenarios, showcasing its robustness against poisoning attacks.
... The same case happened in the mixed scenario when using the fedAvg method, while using fed+ has led the model to converge to closer results as the balanced scenario. S. Rahman et al. [6] conducted experiments using Raspberry Pi devices to evaluate federated learning with different situations and compared it to a centralized model and a self-learning model. The first use case involves data being spread out based on different attack types. ...
... The available data is used by decision-makers to learn how passengers feel about car services and then choose the most suitable vehicles to meet their needs (AbdulRahman et al., 2020; Khabbaz et al., 2021;Rahman et al., 2020). ...
This article outlines an integrated strategy that combines fuzzy multi‐objective programming and a multi‐criteria decision‐making framework to achieve a number of transportation system management‐related objectives. To rank fleet cars using various criteria enhancement, the Fuzzy technique for order of preference by resemblance to optimum solution are initially integrated. We then offer a novel Multi‐Objective Possibilistic Linear Programming (MOPLP) model, based on the rankings of the vehicles, to determine the number of vehicles chosen for the work while taking into consideration the constraints placed on them. The search for optimal solutions to MOPs has benefited from the decades‐long development of classical optimisation techniques. As a result of its potential for use in the real world, multi‐objective optimisation (MOO) under uncertainty has gained traction in recent years. Recently, fuzzy set theory has been used to solve challenges in multi‐objective linear programming. In this paper, we present a method for solving MOPs that makes use of both linear and non‐linear membership functions to maximize user happiness. A hypothetical case study of transportation issue is taken here. This innovative approach improves management for the betterment of transportation networks in smart cities. The method is a more robust and versatile approach to the complex difficulties of contemporary urban transportation because it incorporates the TOPSIS method for vehicle ranking and then using Distance Operator and variable Membership Functions in fuzzy goal programming operation on the selected vehicles. The results provide valuable insights into the strengths and limitations of each technique, facilitating informed decision‐making in real‐world optimization scenarios.
... The next phase in the machine learning process is "preprocessing," which refers to the method of transforming the raw data into something that can be used to create and train machine learning models. Also, it aids in improving the data's quality to encourage the extraction of valuable insights from the data [74][75][76][77]. The next step is feature selection, which involves picking the subset of features that are most relevant and appropriate to be used in developing a model either automatically or manually. ...
Distributed Denial of Service (DDoS) attacks continue to pose a significant threat to network infrastructures, exploiting vulnerabilities within existing security protocols and disrupting the seamless availability of online services. The intricate interconnections of nodes within computer networks contribute to the dynamic structure of this environment, complicating efforts to establish a secure and productive user experience. Effectively mitigating DDoS attacks in this complex networked setting remains a challenge. While current strategies primarily rely on anomaly detection and signature-based techniques, utilizing statistical analysis and predefined patterns to identify and thwart attacks, none have consistently demonstrated efficacy or reliability. Consequently, there is a compelling need for advancements in security mechanisms to address DDoS threats more effectively. This research introduces an innovative and highly efficient approach that incorporates various classification algorithms, including Random Forest, Decision Tree, Gradient Boosting, Linear SVM, Logistics, K-nearest neighbors (KNN), and AdaBoost, for DDoS attack detection. The performance of these machine learning classifiers is evaluated using key metrics such as accuracy, recall, F1-score, and precision. Remarkably, experimental results reveal outstanding accuracy rates, with Random Forest achieving the highest accuracy in detecting attacks. Additionally, a genetic algorithm is employed to select optimal features from the dataset, further enhancing the performance of the classifiers. This results in a notable 25% increase in accuracy, surpassing AdaBoost and Logistics, with K-nearest neighbors emerging as the top performer in terms of accuracy.
... The above methods can use well-labelled training data across many organizations. However, when researchers examined and compared the performance of LDDoS attack detection methods deployed by centralized mode and FL mode 17 . The accuracy and outperforming of models in FL mode could only close to, but lower than ones in centralized mode. ...
Low-rate distributed denial of service attacks, as known as LDDoS attacks, pose the notorious security risks in cloud computing network. They overload the cloud servers and degrade network service quality with the stealthy strategy. Furthermore, this kind of small ratio and pulse-like abnormal traffic leads to a serious data scale problem. As a result, the existing models for detecting minority and adversary LDDoS attacks are insufficient in both detection accuracy and time consumption. This paper proposes a novel multi-scale Convolutional Neural Networks (CNN) and bidirectional Long-short Term Memory (bi-LSTM) arbitration dense network model (called MSCBL-ADN) for learning and detecting LDDoS attack behaviors under the condition of limited dataset and time consumption. The MSCBL-ADN incorporates CNN for preliminary spatial feature extraction and embedding-based bi-LSTM for time relationship extraction. And then, it employs arbitration network to re-weigh feature importance for higher accuracy. At last, it uses 2-block dense connection network to perform final classification. The experimental results conducted on popular ISCX-2016-SlowDos dataset have demonstrated that the proposed MSCBL-ADN model has a significant improvement with high detection accuracy and superior time performance over the state-of-the-art models.
... The development of comprehensive management frameworks and protocols is necessary to ensure the reliability, availability, and performance of FL systems within dynamic IoT environments. To address the challenges associated with scalability and management in FL for IoT, future research should prioritize the development of scalable and efficient algorithms capable of handling largescale deployments and increasing data volumes (Imteaj et al. 2022;Savazzi et al. 2020;Rahman et al. 2020). Additionally, robust management frameworks need to be designed to facilitate seamless client management, model synchronization, and system monitoring, thus contributing to the successful deployment and operation of FL in IoT environments Rey et al. 2022;Khan et al. 2020;Cui et al. 2021). ...
The proliferation of the Internet of Things (IoT) and the advancements in machine learning (ML) have facilitated ubiquitous sensing and computing capabilities, enabling the interconnection of a wide array of devices to the Internet. Traditionally, data collection and data processing have been centralized, which may not be feasible due to issues such as long propagation delays, communication overload, and increasing data privacy concerns. To tackle these challenges, federated learning (FL) has emerged as a privacy-preserving distributed ML approach, allowing numerous devices to engage in model training without transferring their local data to a central server. This work presents a comprehensive review of FL as an approach to performing ML on distributed IoT data, with a specific emphasis on protecting data privacy and reducing communication costs associated with data transfer. The review encompasses various aspects, including the background of FL, the architecture of FL for IoT, the different types of FL for IoT, FL frameworks tailored for IoT, and diverse FL for IoT applications. Additionally, this paper outlines future research challenges and directions pertaining to FL for IoT. By embracing the potential of FL while addressing its challenges, IoT can benefit from reduced delays, improved communication efficiency, enhanced privacy preservation, and a more sustainable FL-IoT system.
