Federated Deep Learning for Zero-Day Botnet Attack Detection in IoT-Edge Devices

Abstract

Deep learning (DL) has been widely proposed for botnet attack detection in Internet of Things (IoT) networks. However, the traditional centralized DL (CDL) method cannot be used to detect the previously unknown (zero-day) botnet attack without breaching the data privacy rights of the users. In this article, we propose the federated DL (FDL) method for zero-day botnet attack detection to avoid data privacy leakage in IoT-edge devices. In this method, an optimal deep neural network (DNN) architecture is employed for network traffic classification. A model parameter server remotely coordinates the independent training of the DNN models in multiple IoT-edge devices, while the federated averaging (FedAvg) algorithm is used to aggregate local model updates. A global DNN model is produced after a number of communication rounds between the model parameter server and the IoT-edge devices. The zero-day botnet attack scenarios in IoT-edge devices is simulated with the Bot-IoT and N-BaIoT data sets. Experiment results show that the FDL model: 1) detects zero-day botnet attacks with high classification performance; 2) guarantees data privacy and security; 3) has low communication overhead; 4) requires low-memory space for the storage of training data; and 5) has low network latency. Therefore, the FDL method outperformed CDL, localized DL, and distributed DL methods in this application scenario.