Federated Learning for IoT Intrusion Detection
The number of Internet of Things (IoT) devices has increased considerably in the past few years, resulting in a large growth of cyber attacks on IoT infrastructure. As part of a defense in depth approach to cybersecurity, intrusion detection systems (IDSs) have acquired a key role in attempting to d...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2023-07-01
|
Series: | AI |
Subjects: | |
Online Access: | https://www.mdpi.com/2673-2688/4/3/28 |
_version_ | 1797581621504770048 |
---|---|
author | Riccardo Lazzarini Huaglory Tianfield Vassilis Charissis |
author_facet | Riccardo Lazzarini Huaglory Tianfield Vassilis Charissis |
author_sort | Riccardo Lazzarini |
collection | DOAJ |
description | The number of Internet of Things (IoT) devices has increased considerably in the past few years, resulting in a large growth of cyber attacks on IoT infrastructure. As part of a defense in depth approach to cybersecurity, intrusion detection systems (IDSs) have acquired a key role in attempting to detect malicious activities efficiently. Most modern approaches to IDS in IoT are based on machine learning (ML) techniques. The majority of these are centralized, which implies the sharing of data from source devices to a central server for classification. This presents potentially crucial issues related to privacy of user data as well as challenges in data transfers due to their volumes. In this article, we evaluate the use of federated learning (FL) as a method to implement intrusion detection in IoT environments. FL is an alternative, distributed method to centralized ML models, which has seen a surge of interest in IoT intrusion detection recently. In our implementation, we evaluate FL using a shallow artificial neural network (ANN) as the shared model and federated averaging (FedAvg) as the aggregation algorithm. The experiments are completed on the ToN_IoT and CICIDS2017 datasets in binary and multiclass classification. Classification is performed by the distributed devices using their own data. No sharing of data occurs among participants, maintaining data privacy. When compared against a centralized approach, results have shown that a collaborative FL IDS can be an efficient alternative, in terms of accuracy, precision, recall and F1-score, making it a viable option as an IoT IDS. Additionally, with these results as baseline, we have evaluated alternative aggregation algorithms, namely FedAvgM, FedAdam and FedAdagrad, in the same setting by using the Flower FL framework. The results from the evaluation show that, in our scenario, FedAvg and FedAvgM tend to perform better compared to the two adaptive algorithms, FedAdam and FedAdagrad. |
first_indexed | 2024-03-10T23:07:03Z |
format | Article |
id | doaj.art-066aa1c6bab748d4909745626288a66c |
institution | Directory Open Access Journal |
issn | 2673-2688 |
language | English |
last_indexed | 2024-03-10T23:07:03Z |
publishDate | 2023-07-01 |
publisher | MDPI AG |
record_format | Article |
series | AI |
spelling | doaj.art-066aa1c6bab748d4909745626288a66c2023-11-19T09:12:23ZengMDPI AGAI2673-26882023-07-014350953010.3390/ai4030028Federated Learning for IoT Intrusion DetectionRiccardo Lazzarini0Huaglory Tianfield1Vassilis Charissis2School of Computing, Engineering and Built Environment, Glasgow Caledonian University (GCU), Glasgow G4 0BA, UKSchool of Computing, Engineering and Built Environment, Glasgow Caledonian University (GCU), Glasgow G4 0BA, UKSchool of Arts and Creative Industries, Edinburgh Napier University, Edinburgh EH10 5DT, UKThe number of Internet of Things (IoT) devices has increased considerably in the past few years, resulting in a large growth of cyber attacks on IoT infrastructure. As part of a defense in depth approach to cybersecurity, intrusion detection systems (IDSs) have acquired a key role in attempting to detect malicious activities efficiently. Most modern approaches to IDS in IoT are based on machine learning (ML) techniques. The majority of these are centralized, which implies the sharing of data from source devices to a central server for classification. This presents potentially crucial issues related to privacy of user data as well as challenges in data transfers due to their volumes. In this article, we evaluate the use of federated learning (FL) as a method to implement intrusion detection in IoT environments. FL is an alternative, distributed method to centralized ML models, which has seen a surge of interest in IoT intrusion detection recently. In our implementation, we evaluate FL using a shallow artificial neural network (ANN) as the shared model and federated averaging (FedAvg) as the aggregation algorithm. The experiments are completed on the ToN_IoT and CICIDS2017 datasets in binary and multiclass classification. Classification is performed by the distributed devices using their own data. No sharing of data occurs among participants, maintaining data privacy. When compared against a centralized approach, results have shown that a collaborative FL IDS can be an efficient alternative, in terms of accuracy, precision, recall and F1-score, making it a viable option as an IoT IDS. Additionally, with these results as baseline, we have evaluated alternative aggregation algorithms, namely FedAvgM, FedAdam and FedAdagrad, in the same setting by using the Flower FL framework. The results from the evaluation show that, in our scenario, FedAvg and FedAvgM tend to perform better compared to the two adaptive algorithms, FedAdam and FedAdagrad.https://www.mdpi.com/2673-2688/4/3/28Internet of Thingsintrusion detection systemsfederated learningdeep learning |
spellingShingle | Riccardo Lazzarini Huaglory Tianfield Vassilis Charissis Federated Learning for IoT Intrusion Detection AI Internet of Things intrusion detection systems federated learning deep learning |
title | Federated Learning for IoT Intrusion Detection |
title_full | Federated Learning for IoT Intrusion Detection |
title_fullStr | Federated Learning for IoT Intrusion Detection |
title_full_unstemmed | Federated Learning for IoT Intrusion Detection |
title_short | Federated Learning for IoT Intrusion Detection |
title_sort | federated learning for iot intrusion detection |
topic | Internet of Things intrusion detection systems federated learning deep learning |
url | https://www.mdpi.com/2673-2688/4/3/28 |
work_keys_str_mv | AT riccardolazzarini federatedlearningforiotintrusiondetection AT huaglorytianfield federatedlearningforiotintrusiondetection AT vassilischarissis federatedlearningforiotintrusiondetection |