Federated IoT attack detection using decentralized edge data

Abstract

Internet of Things (IoT) devices are mass-produced and designed for different applications, ranging from monitoring of the environment to on-demand electrical switches, and so on. These IoT devices are often heterogeneous in nature, only to receive updates at infrequent intervals, and can remain ‘out of sight’ on a home or office network for extended periods. In other words, security and privacy are two key (research and operational) challenges in IoT systems. In recent years, there have been attempts to design deep learning-based solutions to mitigate limitations associated with detection systems designed for typical operational technology (OT) systems, although a number of challenges remain. This paper proposes a federated-based approach that employs a deep autoencoder to detect​ botnet attacks using on-device decentralized traffic data. Through the suggested federated solution, privacy is addressed by ensuring the device’s data is not transferred or moved off the network edge. Instead, the machine learning computation itself is brought to where the data is born (i.e. the edge layer), with the added benefit of data security. We demonstrate that using our proposed model, we can achieve up to 98% accuracy rate in the anomaly detection when using features such as source IP, MAC-IP, and destination IP, etc., for training. The overall comparative performance analysis between our decentralized proposed approach and a centralized format demonstrates a significant improvement in the accuracy rate of attack detection.