Intrusion Detection Approach for Industrial Internet of Things Traffic Using Deep Recurrent Reinforcement Learning Assisted Federated Learning

Abstract

The rapid growth of industrial Internet of Things (IIoT) applications generates massive amount of heterogeneous data that are prone to cyberattacks. The imperative is to secure industrial data from adversarial attacks and develop a robust and secure framework capable of withstanding sophisticated attacks. Toward this machine learning (ML) algorithms are used for intrusion detection by analyzing the devices’ network traffic. However, classical ML models work on entire datasets that are located on a central server and are not a suitable choice for a secure intrusion detection framework. We propose the federated learning (FL)-based network intrusion detection model for IIoT scenarios which only share learned parameters with the central server and keep the data intact to local servers only. The proposed model is assisted with gated recurrent units (GRUs) for FL training to extract temporal dependencies of network traffic attacks in order to improve intrusion detection accuracy. Additionally, to increase the model aggregation rate of FL, we integrate deep reinforcement learning (DRL) to select of IIoT devices with high quality while keeping data privacy and energy-efficiency as main concerns. In contrast to earlier approaches, we consider nonindependent and identically distributed (non-IID) data over recent IIoT datasets. Experimental findings indicate that the proposed framework outperforms state-of-the-art FL and non-FL intrusion detection models in terms of accuracy, precision, recall, F1-score, and receiver operating characterstics (ROC).