Danish Javeed , Muhammad Shahid Saeed , Muhammad Adil , Prabhat Kumar , Alireza Jolfaei
{"title":"A federated learning-based zero trust intrusion detection system for Internet of Things","authors":"Danish Javeed , Muhammad Shahid Saeed , Muhammad Adil , Prabhat Kumar , Alireza Jolfaei","doi":"10.1016/j.adhoc.2024.103540","DOIUrl":null,"url":null,"abstract":"<div><p>The rapid expansion of Internet of Things (IoT) devices presents unique challenges in ensuring the security and privacy of interconnected systems. As cyberattacks become more frequent, developing an effective and scalable Intrusion Detection System (IDS) based on Federated Learning (FL) for IoT becomes increasingly complex. Current methodologies struggle to balance spatial and temporal feature extraction, especially when dealing with dynamic and evolving cyber threats. The lack of diversity in datasets used for FL-based IDS evaluations further impedes progress. There is also a noticeable tradeoff between performance and scalability, particularly as the number of edge devices in communication increases. To address these challenges, this article introduces a horizontal FL model that combines Convolutional Neural Networks (CNN) and Bidirectional Long-Term Short Memory (BiLSTM) for effective intrusion detection. This hybrid approach aims to overcome the limitations of existing methods and enhance the effectiveness of intrusion detection in the context of FL for IoT. Specifically, CNN is used for spatial feature extraction, enabling the model to identify local patterns indicative of potential intrusions, while the BiLSTM component captures temporal dependencies and learns sequential patterns within the data. The proposed IDS follows a zero-trust model by keeping the data on local edge devices and sharing only the learned weights with the centralized FL server. The FL server then aggregates updates from various sources to optimize the accuracy of the global learning model. Experimental results using CICIDS2017 and Edge-IIoTset demonstrate the effectiveness of the proposed approach over centralized and federated deep learning-based IDS.</p></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1570870524001513/pdfft?md5=ce7346cd6f957b06bddd591858574f96&pid=1-s2.0-S1570870524001513-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1570870524001513","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The rapid expansion of Internet of Things (IoT) devices presents unique challenges in ensuring the security and privacy of interconnected systems. As cyberattacks become more frequent, developing an effective and scalable Intrusion Detection System (IDS) based on Federated Learning (FL) for IoT becomes increasingly complex. Current methodologies struggle to balance spatial and temporal feature extraction, especially when dealing with dynamic and evolving cyber threats. The lack of diversity in datasets used for FL-based IDS evaluations further impedes progress. There is also a noticeable tradeoff between performance and scalability, particularly as the number of edge devices in communication increases. To address these challenges, this article introduces a horizontal FL model that combines Convolutional Neural Networks (CNN) and Bidirectional Long-Term Short Memory (BiLSTM) for effective intrusion detection. This hybrid approach aims to overcome the limitations of existing methods and enhance the effectiveness of intrusion detection in the context of FL for IoT. Specifically, CNN is used for spatial feature extraction, enabling the model to identify local patterns indicative of potential intrusions, while the BiLSTM component captures temporal dependencies and learns sequential patterns within the data. The proposed IDS follows a zero-trust model by keeping the data on local edge devices and sharing only the learned weights with the centralized FL server. The FL server then aggregates updates from various sources to optimize the accuracy of the global learning model. Experimental results using CICIDS2017 and Edge-IIoTset demonstrate the effectiveness of the proposed approach over centralized and federated deep learning-based IDS.
期刊介绍:
The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to:
Mobile and Wireless Ad Hoc Networks
Sensor Networks
Wireless Local and Personal Area Networks
Home Networks
Ad Hoc Networks of Autonomous Intelligent Systems
Novel Architectures for Ad Hoc and Sensor Networks
Self-organizing Network Architectures and Protocols
Transport Layer Protocols
Routing protocols (unicast, multicast, geocast, etc.)
Media Access Control Techniques
Error Control Schemes
Power-Aware, Low-Power and Energy-Efficient Designs
Synchronization and Scheduling Issues
Mobility Management
Mobility-Tolerant Communication Protocols
Location Tracking and Location-based Services
Resource and Information Management
Security and Fault-Tolerance Issues
Hardware and Software Platforms, Systems, and Testbeds
Experimental and Prototype Results
Quality-of-Service Issues
Cross-Layer Interactions
Scalability Issues
Performance Analysis and Simulation of Protocols.