Federated PCA on Grassmann Manifold for IoT Anomaly Detection

IF 3 3区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE/ACM Transactions on Networking Pub Date : 2024-07-11 DOI:10.1109/TNET.2024.3423780

Tung-Anh Nguyen;Long Tan Le;Tuan Dung Nguyen;Wei Bao;Suranga Seneviratne;Choong Seon Hong;Nguyen H. Tran

{"title":"Federated PCA on Grassmann Manifold for IoT Anomaly Detection","authors":"Tung-Anh Nguyen;Long Tan Le;Tuan Dung Nguyen;Wei Bao;Suranga Seneviratne;Choong Seon Hong;Nguyen H. Tran","doi":"10.1109/TNET.2024.3423780","DOIUrl":null,"url":null,"abstract":"With the proliferation of the Internet of Things (IoT) and the rising interconnectedness of devices, network security faces significant challenges, especially from anomalous activities. While traditional machine learning-based intrusion detection systems (ML-IDS) effectively employ supervised learning methods, they possess limitations such as the requirement for labeled data and challenges with high dimensionality. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions but pose challenges in deployment onto resource-constrained IoT devices and in interpretability. To address these concerns, this paper proposes a novel federated unsupervised anomaly detection framework – FedPCA – that leverages Principal Component Analysis (PCA) and the Alternating Directions Method Multipliers (ADMM) to learn common representations of distributed non-i.i.d. datasets. Building on the FedPCA framework, we propose two algorithms, FedPE in Euclidean space and FedPG on Grassmann manifolds. Our approach enables real-time threat detection and mitigation at the device level, enhancing network resilience while ensuring privacy. Moreover, the proposed algorithms are accompanied by theoretical convergence rates even under a sub-sampling scheme, a novel result. Experimental results on the UNSW-NB15 and TON-IoT datasets show that our proposed methods offer performance in anomaly detection comparable to non-linear baselines, while providing significant improvements in communication and memory efficiency, underscoring their potential for securing IoT networks.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 5","pages":"4456-4471"},"PeriodicalIF":3.0000,"publicationDate":"2024-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE/ACM Transactions on Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10593810/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

With the proliferation of the Internet of Things (IoT) and the rising interconnectedness of devices, network security faces significant challenges, especially from anomalous activities. While traditional machine learning-based intrusion detection systems (ML-IDS) effectively employ supervised learning methods, they possess limitations such as the requirement for labeled data and challenges with high dimensionality. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions but pose challenges in deployment onto resource-constrained IoT devices and in interpretability. To address these concerns, this paper proposes a novel federated unsupervised anomaly detection framework – FedPCA – that leverages Principal Component Analysis (PCA) and the Alternating Directions Method Multipliers (ADMM) to learn common representations of distributed non-i.i.d. datasets. Building on the FedPCA framework, we propose two algorithms, FedPE in Euclidean space and FedPG on Grassmann manifolds. Our approach enables real-time threat detection and mitigation at the device level, enhancing network resilience while ensuring privacy. Moreover, the proposed algorithms are accompanied by theoretical convergence rates even under a sub-sampling scheme, a novel result. Experimental results on the UNSW-NB15 and TON-IoT datasets show that our proposed methods offer performance in anomaly detection comparable to non-linear baselines, while providing significant improvements in communication and memory efficiency, underscoring their potential for securing IoT networks.

查看原文本刊更多论文

用于物联网异常检测的格拉斯曼漫域上的联合 PCA

随着物联网（IoT）的普及和设备互联程度的不断提高，网络安全面临着巨大的挑战，尤其是来自异常活动的挑战。虽然传统的基于机器学习的入侵检测系统（ML-IDS）有效地采用了监督学习方法，但它们也存在一些局限性，例如对标记数据的要求和高维度的挑战。自动编码器和生成对抗网络（GAN）等最新的无监督 ML-IDS 方法提供了替代解决方案，但在部署到资源受限的物联网设备和可解释性方面存在挑战。为了解决这些问题，本文提出了一种新颖的联合无监督异常检测框架--FedPCA，它利用主成分分析（PCA）和交替方向法乘法器（ADMM）来学习分布式非 i.i.d. 数据集的通用表示。在 FedPCA 框架的基础上，我们提出了两种算法：欧几里得空间中的 FedPE 和格拉斯曼流形上的 FedPG。我们的方法可在设备层面实现实时威胁检测和缓解，在确保隐私的同时增强网络弹性。此外，即使在子采样方案下，所提出的算法也具有理论收敛率，这是一项新成果。在 UNSW-NB15 和 TON-IoT 数据集上的实验结果表明，我们提出的方法在异常检测方面的性能可与非线性基线相媲美，同时在通信和内存效率方面也有显著提高，这凸显了它们在确保物联网网络安全方面的潜力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE/ACM Transactions on Networking 工程技术-电信学

CiteScore

8.20

自引率

5.40%

发文量

246

审稿时长

4-8 weeks

期刊介绍： The IEEE/ACM Transactions on Networking’s high-level objective is to publish high-quality, original research results derived from theoretical or experimental exploration of the area of communication/computer networking, covering all sorts of information transport networks over all sorts of physical layer technologies, both wireline (all kinds of guided media: e.g., copper, optical) and wireless (e.g., radio-frequency, acoustic (e.g., underwater), infra-red), or hybrids of these. The journal welcomes applied contributions reporting on novel experiences and experiments with actual systems.