A federated learning-based zero trust intrusion detection system for Internet of Things

Abstract

The exponential growth of Internet of Things (IoT) devices poses distinctive challenges to safeguarding the security and privacy of interconnected systems. As the frequency of cyberattacks continues to escalate, the development of an effective and scalable Intrusion Detection System (IDS) based on Federated Learning (FL) for IoT becomes increasingly complex. Existing methodologies struggle to balance spatial and temporal feature extraction, particularly when confronted with dynamic and evolving cyber threats. Additionally, the lack of diversity in datasets employed for FL-based IDS evaluations further hinders progress. Furthermore, a notable tradeoff between performance and scalability emerges, particularly as the number of edge devices in communication grows. Motivated by the aforementioned challenges, this article presents a horizontal FL model that combines Convolutional Neural Networks (CNN) and Bidirectional Long-Term Short Memory (BiLSTM) for effective intrusion detection. This hybrid approach aims to address the limitations of existing methods and enhance the effectiveness of intrusion detection in the context of FL for IoT. Specifically, CNN plays a pivotal role in spatial feature extraction, allowing the model to identify and comprehend local patterns indicative of potential intrusions, and the BiLSTM component contributes by capturing temporal dependencies and learning sequential patterns within the data. The proposed IDS adheres to a zero-trust model by keeping the data on local edge devices, sharing only the learned weights with the centralized FL server. In turn, the FL server aggregates updates from diverse sources to optimize the accuracy of the global learning model. The experimental results using CICIDS2017 and Edge-IIoTset prove the effectiveness of the proposed approach over centralized and federated deep learning-based IDS.