Federated Learning for IoT Intrusion Detection

The number of Internet of Things (IoT) devices has increased considerably in the past few years, resulting in a large growth of cyber attacks on IoT infrastructure. As part of a defense in depth approach to cybersecurity, intrusion detection systems (IDSs) have acquired a key role in attempting to d...

Full description

Bibliographic Details
Main Authors: Riccardo Lazzarini, Huaglory Tianfield, Vassilis Charissis
Format: Article
Language:English
Published: MDPI AG 2023-07-01
Series:AI
Subjects:
Online Access:https://www.mdpi.com/2673-2688/4/3/28
_version_ 1797581621504770048
author Riccardo Lazzarini
Huaglory Tianfield
Vassilis Charissis
author_facet Riccardo Lazzarini
Huaglory Tianfield
Vassilis Charissis
author_sort Riccardo Lazzarini
collection DOAJ
description The number of Internet of Things (IoT) devices has increased considerably in the past few years, resulting in a large growth of cyber attacks on IoT infrastructure. As part of a defense in depth approach to cybersecurity, intrusion detection systems (IDSs) have acquired a key role in attempting to detect malicious activities efficiently. Most modern approaches to IDS in IoT are based on machine learning (ML) techniques. The majority of these are centralized, which implies the sharing of data from source devices to a central server for classification. This presents potentially crucial issues related to privacy of user data as well as challenges in data transfers due to their volumes. In this article, we evaluate the use of federated learning (FL) as a method to implement intrusion detection in IoT environments. FL is an alternative, distributed method to centralized ML models, which has seen a surge of interest in IoT intrusion detection recently. In our implementation, we evaluate FL using a shallow artificial neural network (ANN) as the shared model and federated averaging (FedAvg) as the aggregation algorithm. The experiments are completed on the ToN_IoT and CICIDS2017 datasets in binary and multiclass classification. Classification is performed by the distributed devices using their own data. No sharing of data occurs among participants, maintaining data privacy. When compared against a centralized approach, results have shown that a collaborative FL IDS can be an efficient alternative, in terms of accuracy, precision, recall and F1-score, making it a viable option as an IoT IDS. Additionally, with these results as baseline, we have evaluated alternative aggregation algorithms, namely FedAvgM, FedAdam and FedAdagrad, in the same setting by using the Flower FL framework. The results from the evaluation show that, in our scenario, FedAvg and FedAvgM tend to perform better compared to the two adaptive algorithms, FedAdam and FedAdagrad.
first_indexed 2024-03-10T23:07:03Z
format Article
id doaj.art-066aa1c6bab748d4909745626288a66c
institution Directory Open Access Journal
issn 2673-2688
language English
last_indexed 2024-03-10T23:07:03Z
publishDate 2023-07-01
publisher MDPI AG
record_format Article
series AI
spelling doaj.art-066aa1c6bab748d4909745626288a66c2023-11-19T09:12:23ZengMDPI AGAI2673-26882023-07-014350953010.3390/ai4030028Federated Learning for IoT Intrusion DetectionRiccardo Lazzarini0Huaglory Tianfield1Vassilis Charissis2School of Computing, Engineering and Built Environment, Glasgow Caledonian University (GCU), Glasgow G4 0BA, UKSchool of Computing, Engineering and Built Environment, Glasgow Caledonian University (GCU), Glasgow G4 0BA, UKSchool of Arts and Creative Industries, Edinburgh Napier University, Edinburgh EH10 5DT, UKThe number of Internet of Things (IoT) devices has increased considerably in the past few years, resulting in a large growth of cyber attacks on IoT infrastructure. As part of a defense in depth approach to cybersecurity, intrusion detection systems (IDSs) have acquired a key role in attempting to detect malicious activities efficiently. Most modern approaches to IDS in IoT are based on machine learning (ML) techniques. The majority of these are centralized, which implies the sharing of data from source devices to a central server for classification. This presents potentially crucial issues related to privacy of user data as well as challenges in data transfers due to their volumes. In this article, we evaluate the use of federated learning (FL) as a method to implement intrusion detection in IoT environments. FL is an alternative, distributed method to centralized ML models, which has seen a surge of interest in IoT intrusion detection recently. In our implementation, we evaluate FL using a shallow artificial neural network (ANN) as the shared model and federated averaging (FedAvg) as the aggregation algorithm. The experiments are completed on the ToN_IoT and CICIDS2017 datasets in binary and multiclass classification. Classification is performed by the distributed devices using their own data. No sharing of data occurs among participants, maintaining data privacy. When compared against a centralized approach, results have shown that a collaborative FL IDS can be an efficient alternative, in terms of accuracy, precision, recall and F1-score, making it a viable option as an IoT IDS. Additionally, with these results as baseline, we have evaluated alternative aggregation algorithms, namely FedAvgM, FedAdam and FedAdagrad, in the same setting by using the Flower FL framework. The results from the evaluation show that, in our scenario, FedAvg and FedAvgM tend to perform better compared to the two adaptive algorithms, FedAdam and FedAdagrad.https://www.mdpi.com/2673-2688/4/3/28Internet of Thingsintrusion detection systemsfederated learningdeep learning
spellingShingle Riccardo Lazzarini
Huaglory Tianfield
Vassilis Charissis
Federated Learning for IoT Intrusion Detection
AI
Internet of Things
intrusion detection systems
federated learning
deep learning
title Federated Learning for IoT Intrusion Detection
title_full Federated Learning for IoT Intrusion Detection
title_fullStr Federated Learning for IoT Intrusion Detection
title_full_unstemmed Federated Learning for IoT Intrusion Detection
title_short Federated Learning for IoT Intrusion Detection
title_sort federated learning for iot intrusion detection
topic Internet of Things
intrusion detection systems
federated learning
deep learning
url https://www.mdpi.com/2673-2688/4/3/28
work_keys_str_mv AT riccardolazzarini federatedlearningforiotintrusiondetection
AT huaglorytianfield federatedlearningforiotintrusiondetection
AT vassilischarissis federatedlearningforiotintrusiondetection