Leveraging federated learning for DoS attack detection in IoT networks based on ensemble feature selection and deep learning models

Cyber Security and Applications Pub Date : 2025-04-30 DOI:10.1016/j.csa.2025.100098

Tasneem Qasem Al-Ghadi , Selvakumar Manickam , I. Dewa Made Widia , Eka Ratri Noor Wulandari , Shankar Karuppayah

{"title":"Leveraging federated learning for DoS attack detection in IoT networks based on ensemble feature selection and deep learning models","authors":"Tasneem Qasem Al-Ghadi , Selvakumar Manickam , I. Dewa Made Widia , Eka Ratri Noor Wulandari , Shankar Karuppayah","doi":"10.1016/j.csa.2025.100098","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Things (IoT) seamlessly integrates into daily life, enhancing decision-making and simplifying everyday tasks across various domains, including organizations, healthcare, the military, and industry. However, IoT systems face numerous security threats, making data protection against cyberattacks essential. While deploying an Intrusion Detection System (IDS) in a centralized framework can lead to data leakage, Federated Learning (FL) offers a privacy-preserving alternative by training models locally and transmitting only the updated model weights to a central server for aggregation. Detecting Denial-of-Service (DoS) attacks in IoT networks is critical for ensuring cybersecurity. This study compares the performance of centralized and federated learning (FL) approaches in detecting DoS attacks using four deep learning models: Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), and Convolutional Neural Network (CNN). To enhance model efficiency, we apply filter-based feature selection techniques, including Variance Threshold, Mutual Information, Chi-square, ANOVA, and L1-based methods, and employ an ensemble feature selection approach by combining them through a union operation. Additionally, a wrapper-based Recursive Feature Elimination (RFE) method is used to refine feature selection by removing redundant and irrelevant features. Experiments were conducted using the IoT Intrusion Dataset (IoTID20), and model performance was evaluated based on accuracy, precision, recall, F1-score, and ROC-AUC metrics. In the centralized learning scenario, the highest accuracy was achieved with GRU using Mutual Information (MI) at 99.91 %, followed by RNN with MI at 99.90 %. In the FL scenario, the highest accuracy was achieved with CNN using the ANOVA method at 99.73 %, followed by GRU with Chi2 at 99.61 %. These findings underscore the significant impact of feature selection on learning performance and provide valuable insights into optimizing deep learning-based DoS detection in IoT networks.</div></div>","PeriodicalId":100351,"journal":{"name":"Cyber Security and Applications","volume":"3 ","pages":"Article 100098"},"PeriodicalIF":0.0000,"publicationDate":"2025-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cyber Security and Applications","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2772918425000153","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) seamlessly integrates into daily life, enhancing decision-making and simplifying everyday tasks across various domains, including organizations, healthcare, the military, and industry. However, IoT systems face numerous security threats, making data protection against cyberattacks essential. While deploying an Intrusion Detection System (IDS) in a centralized framework can lead to data leakage, Federated Learning (FL) offers a privacy-preserving alternative by training models locally and transmitting only the updated model weights to a central server for aggregation. Detecting Denial-of-Service (DoS) attacks in IoT networks is critical for ensuring cybersecurity. This study compares the performance of centralized and federated learning (FL) approaches in detecting DoS attacks using four deep learning models: Recurrent Neural Network (RNN), Long Short-Term Memory (LSTM), Gated Recurrent Unit (GRU), and Convolutional Neural Network (CNN). To enhance model efficiency, we apply filter-based feature selection techniques, including Variance Threshold, Mutual Information, Chi-square, ANOVA, and L1-based methods, and employ an ensemble feature selection approach by combining them through a union operation. Additionally, a wrapper-based Recursive Feature Elimination (RFE) method is used to refine feature selection by removing redundant and irrelevant features. Experiments were conducted using the IoT Intrusion Dataset (IoTID20), and model performance was evaluated based on accuracy, precision, recall, F1-score, and ROC-AUC metrics. In the centralized learning scenario, the highest accuracy was achieved with GRU using Mutual Information (MI) at 99.91 %, followed by RNN with MI at 99.90 %. In the FL scenario, the highest accuracy was achieved with CNN using the ANOVA method at 99.73 %, followed by GRU with Chi2 at 99.61 %. These findings underscore the significant impact of feature selection on learning performance and provide valuable insights into optimizing deep learning-based DoS detection in IoT networks.

查看原文本刊更多论文

基于集成特征选择和深度学习模型，利用联合学习进行物联网网络中的DoS攻击检测

物联网（IoT）无缝集成到日常生活中，增强决策并简化各个领域（包括组织、医疗保健、军事和工业）的日常任务。然而，物联网系统面临着许多安全威胁，因此保护数据免受网络攻击至关重要。在集中式框架中部署入侵检测系统（IDS）可能会导致数据泄露，而联邦学习（FL）通过在本地训练模型并仅将更新的模型权重传输到中央服务器以进行聚合，从而提供了一种保护隐私的替代方案。检测物联网网络中的拒绝服务（DoS）攻击对于确保网络安全至关重要。本研究比较了集中式学习和联邦学习（FL）方法在使用四种深度学习模型检测DoS攻击方面的性能：循环神经网络（RNN）、长短期记忆（LSTM）、门控循环单元（GRU）和卷积神经网络（CNN）。为了提高模型效率，我们应用了基于过滤器的特征选择技术，包括方差阈值、互信息、卡方、方差分析和基于l1的方法，并通过联合操作将它们组合在一起，采用了一种集成特征选择方法。此外，采用基于包装器的递归特征消除（RFE）方法，通过去除冗余和不相关的特征来优化特征选择。使用物联网入侵数据集（IoTID20）进行实验，并根据准确性、精密度、召回率、f1分数和ROC-AUC指标评估模型性能。在集中学习场景中，使用互信息（MI）的GRU准确率最高，达到99.91%，其次是使用互信息（MI）的RNN，准确率为99.90%。在FL场景中，使用方差分析方法的CNN准确率最高，为99.73%，其次是使用Chi2的GRU准确率为99.61%。这些发现强调了特征选择对学习性能的重要影响，并为优化物联网网络中基于深度学习的DoS检测提供了有价值的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Cyber Security and Applications

CiteScore

5.20

自引率

0.00%

发文量