FIDWATCH: Federated incremental distillation for continuous monitoring of IoT security threats

IF 4.4 3区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Ibrahim Alrashdi , Karam M. Sallam , Majed Abdullah Alrowaily , Omar Alruwaili , Bilal Arain
{"title":"FIDWATCH: Federated incremental distillation for continuous monitoring of IoT security threats","authors":"Ibrahim Alrashdi ,&nbsp;Karam M. Sallam ,&nbsp;Majed Abdullah Alrowaily ,&nbsp;Omar Alruwaili ,&nbsp;Bilal Arain","doi":"10.1016/j.adhoc.2024.103637","DOIUrl":null,"url":null,"abstract":"<div><p>The fast evolutions of Internet of Things (IoT) technologies have been accelerating their applicability in different sectors of life and becoming a pillar for sustainable development. However, this revolutionary expansion led to a substantial increase in attack surface, raising many concerns about security threats and their possible consequences. Machine learning has significantly contributed to designing intrusion detection systems (IDS) but suffers from critical limitations such as data privacy and sovereignty, data imbalance, concept drift, and catastrophic forgetting. This collectively makes existing IDSs an improper choice for securing IoT environments. This paper presents a federated learning approach called FIDWATCH to continuously monitor and detect a broad range of IoT security threats. The local side of FIDWATCH introduces contrastive focal loss to enhance the ability of the local model (teacher) to discriminate between diverse types of IoT security threats while putting an increased emphasis on hard-to-classify samples. A fine-grained Knowledge Distillation (KD) is introduced to allow the client to distill the required teacher's knowledge into a lighter, more compact model termed the pupil model. This greatly assists the competence and flexibility of the model in resource-constrained scenarios. Furthermore, an adaptive incremental updating method is introduced in FIDWATCH to allow the global model to exploit the distilled knowledge and refine the shared dataset. This helps generate global anchors for improving the robustness of the mode against the distributional shift, thereby improving model alignment and compliance with the dynamics of IoT security threats. Proof-of-concept simulations are performed on data from two public datasets (BoT-IoT and ToN-IoT), demonstrating the superiority of FIDWATCH over cutting-edge performance with an average f1-score of 97.07% and 95.63%, respectively.</p></div>","PeriodicalId":55555,"journal":{"name":"Ad Hoc Networks","volume":null,"pages":null},"PeriodicalIF":4.4000,"publicationDate":"2024-08-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ad Hoc Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1570870524002488","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The fast evolutions of Internet of Things (IoT) technologies have been accelerating their applicability in different sectors of life and becoming a pillar for sustainable development. However, this revolutionary expansion led to a substantial increase in attack surface, raising many concerns about security threats and their possible consequences. Machine learning has significantly contributed to designing intrusion detection systems (IDS) but suffers from critical limitations such as data privacy and sovereignty, data imbalance, concept drift, and catastrophic forgetting. This collectively makes existing IDSs an improper choice for securing IoT environments. This paper presents a federated learning approach called FIDWATCH to continuously monitor and detect a broad range of IoT security threats. The local side of FIDWATCH introduces contrastive focal loss to enhance the ability of the local model (teacher) to discriminate between diverse types of IoT security threats while putting an increased emphasis on hard-to-classify samples. A fine-grained Knowledge Distillation (KD) is introduced to allow the client to distill the required teacher's knowledge into a lighter, more compact model termed the pupil model. This greatly assists the competence and flexibility of the model in resource-constrained scenarios. Furthermore, an adaptive incremental updating method is introduced in FIDWATCH to allow the global model to exploit the distilled knowledge and refine the shared dataset. This helps generate global anchors for improving the robustness of the mode against the distributional shift, thereby improving model alignment and compliance with the dynamics of IoT security threats. Proof-of-concept simulations are performed on data from two public datasets (BoT-IoT and ToN-IoT), demonstrating the superiority of FIDWATCH over cutting-edge performance with an average f1-score of 97.07% and 95.63%, respectively.

FIDWATCH:用于持续监控物联网安全威胁的联合增量提炼技术
物联网(IoT)技术的快速发展加速了其在不同生活领域的应用,并成为可持续发展的支柱。然而,这种革命性的扩展导致攻击面大幅增加,引发了许多对安全威胁及其可能后果的担忧。机器学习为入侵检测系统(IDS)的设计做出了巨大贡献,但也存在一些严重的局限性,如数据隐私和主权、数据不平衡、概念漂移和灾难性遗忘。这一切都使得现有的 IDS 成为保护物联网环境安全的不当选择。本文提出了一种名为 FIDWATCH 的联合学习方法,用于持续监控和检测各种物联网安全威胁。FIDWATCH 的本地端引入了对比焦点损失,以增强本地模型(教师)区分不同类型物联网安全威胁的能力,同时更加重视难以分类的样本。引入了细粒度的知识蒸馏(KD),允许客户端将所需的教师知识蒸馏为更轻、更紧凑的模型(称为学生模型)。这大大提高了模型在资源受限情况下的能力和灵活性。此外,FIDWATCH 还引入了一种自适应增量更新方法,允许全局模型利用已提炼的知识并完善共享数据集。这有助于生成全局锚点,提高模式对分布变化的稳健性,从而改善模式的一致性并符合物联网安全威胁的动态变化。我们在两个公共数据集(BoT-IoT 和 ToN-IoT)的数据上进行了概念验证模拟,结果表明 FIDWATCH 优于尖端性能,平均 f1 分数分别为 97.07% 和 95.63%。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Ad Hoc Networks
Ad Hoc Networks 工程技术-电信学
CiteScore
10.20
自引率
4.20%
发文量
131
审稿时长
4.8 months
期刊介绍: The Ad Hoc Networks is an international and archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in ad hoc and sensor networking areas. The Ad Hoc Networks considers original, high quality and unpublished contributions addressing all aspects of ad hoc and sensor networks. Specific areas of interest include, but are not limited to: Mobile and Wireless Ad Hoc Networks Sensor Networks Wireless Local and Personal Area Networks Home Networks Ad Hoc Networks of Autonomous Intelligent Systems Novel Architectures for Ad Hoc and Sensor Networks Self-organizing Network Architectures and Protocols Transport Layer Protocols Routing protocols (unicast, multicast, geocast, etc.) Media Access Control Techniques Error Control Schemes Power-Aware, Low-Power and Energy-Efficient Designs Synchronization and Scheduling Issues Mobility Management Mobility-Tolerant Communication Protocols Location Tracking and Location-based Services Resource and Information Management Security and Fault-Tolerance Issues Hardware and Software Platforms, Systems, and Testbeds Experimental and Prototype Results Quality-of-Service Issues Cross-Layer Interactions Scalability Issues Performance Analysis and Simulation of Protocols.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信