Anomaly Traffic Detection with Federated Learning toward Network-based Malware Detection in IoT

Abstract

To mitigate cyberattacks, detecting anomalies in network traffic is of key importance. In this paper, we propose a model training method for detection of Internet of Things (IoT) anomalous traffic that is robust against the contamination of anomalous samples in the training set. The key idea is to focus on the nature of IoT malware infections (i.e., only a limited number of IoT networks contain infected devices) and employ federated learning (FL) to mitigate the impact of anomalous samples on model training. The simulation evaluation using IoT traffic data obtained from residences and malware traffic data collected from sandbox experiments demonstrates that the proposed method does not cause accuracy degradation even when the anomalous samples are contaminated, in contrast with the detection accuracy of baseline methods, which does degrade.