Fed-IIoT: A Robust Federated Malware Detection Architecture in Industrial IoT

Abstract

The sheer volume of industrial Internet of Things (IIoT) malware is one of the most serious security threats in today's interconnected world, with new types of advanced persistent threats and advanced forms of obfuscations. This article presents a robust federated learning based architecture called Fed-IIoT for detecting Android malware applications in IIoT. Fed-IIoT consists of two parts: first, participant side, where the data are triggered by two dynamic poisoning attacks based on a generative adversarial network (GAN) and federated GAN; and second, server side, which aims to monitor the global model and shape a robust collaboration training model, by avoiding anomaly in aggregation by a GAN network (A3GAN) and adjust two GAN-based countermeasure algorithms. One of the main advantages of Fed-IIoT is that devices can safely participate in the IIoT and efficiently communicate with each other, with no privacy issues. We evaluate our solutions through experiments on various features using three IoT datasets. The results confirm the high accuracy rates of our attack and defense algorithms and show that the A3GAN defensive approach preserves the robustness of data privacy for Android mobile users and is about 8% higher accuracy with existing state-of-the-art solutions.