FedSMOTE-DP: Privacy-Aware Federated Ensemble Learning for Intrusion Detection in IoMT Networks.

Enormous risks and hidden dangers of information security exist in the applications of Internet of Things (IoT) technologies. To secure IoT software systems, software engineers have to deploy advanced security software such as Intrusion Detection Systems (IDS) that are able to keep track of how the IoT devices behave within the network and detect any malicious activity that may be occurring. Considering that IoT devices generate large amounts of data, Artificial Intelligence (AI) is often regarded as the best method for implementing IDS, thanks to AI’s high capability in processing large amounts of IoT data. To tackle these security concerns, specifically the ones tied to the privacy of data used in IoT systems, the software implementation of a Federated Learning (FL) method is often used to improve both privacy preservation (PP) and scalability in IoT networks. In this article, we present an FL IDS that leverages a 1-Dimensional Convolutional Neural Network (CNN) for efficient and accurate intrusion detection in IoT networks. To address the critical issue of PP in FL, we incorporate three techniques: Differential Privacy, Diffie–Hellman Key Exchange, and Homomorphic Encryption. To evaluate the effectiveness of our solution, we conduct experiments on seven publicly available IoT datasets: TON-IoT, IoT-23, BoT-IoT, CIC IoT 2023, CIC IoMT 2024, RT-IoT 2022, and EdgeIIoT. Our CNN-based approach achieves outstanding performance with an average accuracy, precision, recall, and F1-score of 97.31%, 95.59%, 92.43%, and 92.69%, respectively, across these datasets. These results demonstrate the effectiveness of our approach in accurately identifying and detecting intrusions in IoT networks. Furthermore, our experiments reveal that implementing all three PP techniques only incurs a minimal increase in computation time, with a 10% overhead compared to our solution without any PP mechanisms. This finding highlights the feasibility and efficiency of our solution in maintaining privacy while achieving high performance. Finally, we show the effectiveness of our solution through a comparison study with other recent IDS trained and tested on the same datasets we use.

Intrusion detection in Internet of Things (IoT)-based wireless sensor networks (WSNs) is essential due to their widespread use and inherent vulnerability to security breaches. Traditional centralized intrusion detection systems (IDS) face significant challenges in data privacy, computational efficiency, and scalability, particularly in resource-constrained IoT environments. This study aims to create and assess a federated learning (FL) framework that integrates with long short-term memory (LSTM) networks for efficient intrusion detection in IoT-based WSNs. We design the framework to enhance detection accuracy, minimize false positive rates (FPR), and ensure data privacy, while maintaining system scalability. Using an FL approach, multiple IoT nodes collaboratively train a global LSTM model without exchanging raw data, thereby addressing privacy concerns and improving detection capabilities. The proposed model was tested on three widely used datasets: WSN-DS, CIC-IDS-2017, and UNSW-NB15. The evaluation metrics for its performance included accuracy, F1 score, FPR, and root mean square error (RMSE). We evaluated the performance of the FL-based LSTM model against traditional centralized models, finding significant improvements in intrusion detection. The FL-based LSTM model achieved higher accuracy and a lower FPR across all datasets than centralized models. It effectively managed sequential data in WSNs, ensuring data privacy while maintaining competitive performance, particularly in complex attack scenarios. FL and LSTM networks work well together to make a strong way to find intrusions in IoT-based WSNs, which improves both privacy and detection. This study underscores the potential of FL-based systems to address key challenges in IoT security, including data privacy, scalability, and performance, making the proposed framework suitable for real-world IoT applications.

In the past few decades, machine learning has revolutionized data processing for large-scale applications. Simultaneously, increasing privacy threats in trending applications led to the redesign of classical data training models. In particular, classical machine learning involves centralized data training, where the data is gathered, and the entire training process executes at the central server. Industry 4.0 allows the appearance of Internet of Things-based transactive energy system (IoTES) that involves new services with a number of independent distributed systems. These systems produce bulk data that is heterogeneous and they are prone to cyber-attacks, especially stealthy false data injection attacks (FDIAs). Lossy networks (RPL) security, intrusion detection (ID) is crucial in this area, considering that it is highly vulnerable to attacks, especially those executed by an insider. Although a lot of literature suggests the use of ID systems (IDSs) by applying a variety of techniques, there is relatively little literature offering insight into where the IDSs fall within the RPL topology. The gap in this study will be bridged by aggressively comparing three ID architectures in terms of central and distributed location and on several dimensions, including effectiveness, cost, privacy, and security. The results are supported by the overwhelming contribution of attacker position and IDS-to-attacker distance towards the detection. Therefore, in addition to ascertaining the effectiveness of the old ID systems, the research also probes how federated learning (FL) can enhance ID in the RPL networks. The aspect of the decentralized model training approach in FL can overcome the effect of attacker-position on the performance of an IDS system by making sure that information that is considered to be pertinent in the context of an attack is gathered at the node along with the IDS system, irrespective of its proximity to the potential attackers. In addition, the approach not only eliminates security issues, but it also reduces communication overhead between the ID nodes. This will mean that FL will lower the rate of large-scale data transfer and thereby eliminate the consequences of packet loss and latency that any lossy network will cause. Also, the gap filled by the research is the impact of local data sharing on FL performance and how it is possible to balance the effectiveness with security. The proposed computing method can be computed in parallel and allows detecting the stealthy FDIA on all the nodes without any failure. The simulation experiments support the suggestion that the scheme under consideration is superior to the state-of-the-art approaches in terms of detection accuracy and the complexity of computation when using a distributed environment and ensuring the data privacy of the messages. Keywords: Quantum Computing, Federated Learning, Machine Learning, Learning Process, Machine Learning Models, Internet Of Things, Transfer Learning

In the past few decades, machine learning has revolutionized data processing for large-scale applications. Simultaneously, increasing privacy threats in trending applications led to the redesign of classical data training models. In particular, classical machine learning involves centralized data training, where the data is gathered, and the entire training process executes at the central server. Industry 4.0 allows the appearance of Internet of Things-based transactive energy system (IoTES) that involves new services with a number of independent distributed systems. These systems produce bulk data that is heterogeneous and they are prone to cyber-attacks, especially stealthy false data injection attacks (FDIAs). Lossy networks (RPL) security, intrusion detection (ID) is crucial in this area, considering that it is highly vulnerable to attacks, especially those executed by an insider. Although a lot of literature suggests the use of ID systems (IDSs) by applying a variety of techniques, there is relatively little literature offering insight into where the IDSs fall within the RPL topology. The gap in this study will be bridged by aggressively comparing three ID architectures in terms of central and distributed location and on several dimensions, including effectiveness, cost, privacy, and security. The results are supported by the overwhelming contribution of attacker position and IDS-to-attacker distance towards the detection. Therefore, in addition to ascertaining the effectiveness of the old ID systems, the research also probes how federated learning (FL) can enhance ID in the RPL networks. The aspect of the decentralized model training approach in FL can overcome the effect of attacker-position on the performance of an IDS system by making sure that information that is considered to be pertinent in the context of an attack is gathered at the node along with the IDS system, irrespective of its proximity to the potential attackers. In addition, the approach not only eliminates security issues, but it also reduces communication overhead between the ID nodes. This will mean that FL will lower the rate of large-scale data transfer and thereby eliminate the consequences of packet loss and latency that any lossy network will cause. Also, the gap filled by the research is the impact of local data sharing on FL performance and how it is possible to balance the effectiveness with security. The proposed computing method can be computed in parallel and allows detecting the stealthy FDIA on all the nodes without any failure. The simulation experiments support the suggestion that the scheme under consideration is superior to the state-of-the-art approaches in terms of detection accuracy and the complexity of computation when using a distributed environment and ensuring the data privacy of the messages. Keywords: Quantum Computing, Federated Learning, Machine Learning, Learning Process, Machine Learning Models, Internet Of Things, Transfer Learning

The Internet of Medical Things (IoMT) has significantly advanced healthcare, but it has also brought about critical security challenges. Traditional security solutions struggle to keep pace with the dynamic and interconnected nature of IoMT systems. Machine learning (ML)-based Intrusion Detection Systems (IDS) have been increasingly adopted to counter cyberattacks, but centralized ML approaches pose privacy risks due to the single points of failure (SPoFs). Federated Learning (FL) emerges as a promising solution, enabling model updates directly on end devices without sharing private data with a central server. This study introduces the BFLIDS, a Blockchain-empowered Federated Learning-based IDS designed to enhance security and intrusion detection in IoMT networks. Our approach leverages blockchain to secure transaction records, FL to maintain data privacy by training models locally, IPFS for decentralized storage, and MongoDB for efficient data management. Ethereum smart contracts (SCs) oversee and secure all interactions and transactions within the system. We modified the FedAvg algorithm with the Kullback-Leibler divergence estimation and adaptive weight calculation to boost model accuracy and robustness against adversarial attacks. For classification, we implemented an Adaptive Max Pooling-based Convolutional Neural Network (CNN) and a modified Bidirectional Long Short-Term Memory (BiLSTM) with attention and residual connections on Edge-IIoTSet and TON-IoT datasets. We achieved accuracies of 97.43% (for CNNs and Edge-IIoTSet), 96.02% (for BiLSTM and Edge-IIoTSet), 98.21% (for CNNs and TON-IoT), and 97.42% (for BiLSTM and TON-IoT) in FL scenarios, which are competitive with centralized methods. The proposed BFLIDS effectively detects intrusions, enhancing the security and privacy of IoMT networks.

The Internet of Things (IoT) has expanded to a diverse network of interconnected electronic components, including processors, sensors, actuators, and software throughout several sectors such as healthcare, agriculture, smart cities, other industries. Despite offering simplified solutions, it introduces significant challenges, specifically data security and privacy. Machine Learning (ML), particularly the Federated Learning (FL) framework has demonstrated a promising approach to handle these challenges, specifically by enabling collaborative model training for Intrusion Detection Systems (IDS). However, FL faces some security and privacy issues, including adversarial attacks, poisoning attacks, and privacy leakages during model updates. Since the encryption, mechanisms poses issues like computational overheads and communication costs. Hence, there is need for exploring of alternative mechanism such as Differential Privacy (DP). In this research, we demonstrate an experimental study aiming exploring of FL with DP to secure IoT environment. This study analyzes the effectiveness of DP in horizontal FL setup under Independent and Identically Distributed (IID) pattern. Results on MNIST dataset show promising outcomes; FL with and without employing DP mechanism achieve an accuracy of 98.92% and 98.2%, respectively. Furthermore, the accuracy rate achieved with complex cybersecurity dataset is 93% and 91% before and after employing the DP mechanism. These findings outlines the efficiency of DP in FL framework for improving security and privacy in IoT environment.

The Internet of Things (IoT) is growing rapidly and so the need of ensuring protection against cybersecurity attacks to IoT devices. In this scenario, Intrusion Detection Systems (IDSs) play a crucial role and data-driven IDSs based on machine learning (ML) have recently attracted more and more interest by the research community. While conventional ML-based IDSs are based on a centralized architecture where IoT devices share their data with a central server for model training, we propose a novel approach that is based on federated learning (FL). However, conventional FL is ineffective in the considered scenario, due to the high statistical heterogeneity of data collected by IoT devices. To overcome this limitation, we propose a three-tier FL-based architecture where IoT devices are clustered together based on their statistical properties. Clustering decisions are taken by means of a novel entropy-based strategy, which helps improve model training performance. We tested our solution on the CIC-ToN-IoT dataset: our clustering strategy increases intrusion detection performance with respect to a conventional FL approach up to +17% in terms of F1-score, along with a significant reduction of the number of training rounds.

Internet of Medical Things (IoMT) is network of interconnected medical devices (smart watches, pace makers, prosthetics, glucometer, etc.), software applications, and health systems and services. IoMT has successfully addressed many old healthcare problems. But it comes with its drawbacks essentially with patient’s information privacy and security related issues that comes from IoMT architecture. Using obsolete systems can bring security vulnerabilities and draw attacker’s attention emphasizing the need for effective solution to secure and protect the data traffic in IoMT network. Recently, intrusion detection system (IDS) is regarded as an essential security solution for protecting IoMT network. In the past decades, machines learning (ML) algorithms have demonstrated breakthrough results in the field of intrusion detection. Notwithstanding, to our knowledge, there is no work that investigates the power of machines learning algorithms for intrusion detection in IoMT network. This paper aims to fill this gap of knowledge investigating the application of different ML algorithms for intrusion detection in IoMT network. The investigation analysis includes ML algorithms such as K-nearest neighbor, Naïve Bayes, support vector machine, artificial neural network and decision tree. The benchmark dataset, Bot-IoT which is publicly available with comprehensive set of attacks was used to train and test the effectiveness of all ML models considered for investigation. Also, we used comprehensive set of evaluation metrics to compare the power of ML algorithms with regard to their detection accuracy for intrusion in IoMT networks. The outcome of the analysis provides a promising path to identify the best the machine learning approach can be used for building effective IDS that can safeguard IoMT network against malicious activities.

The number of Internet of Things (IoT) devices has increased considerably in the past few years, resulting in a large growth of cyber attacks on IoT infrastructure. As part of a defense in depth approach to cybersecurity, intrusion detection systems (IDSs) have acquired a key role in attempting to detect malicious activities efficiently. Most modern approaches to IDS in IoT are based on machine learning (ML) techniques. The majority of these are centralized, which implies the sharing of data from source devices to a central server for classification. This presents potentially crucial issues related to privacy of user data as well as challenges in data transfers due to their volumes. In this article, we evaluate the use of federated learning (FL) as a method to implement intrusion detection in IoT environments. FL is an alternative, distributed method to centralized ML models, which has seen a surge of interest in IoT intrusion detection recently. In our implementation, we evaluate FL using a shallow artificial neural network (ANN) as the shared model and federated averaging (FedAvg) as the aggregation algorithm. The experiments are completed on the ToN_IoT and CICIDS2017 datasets in binary and multiclass classification. Classification is performed by the distributed devices using their own data. No sharing of data occurs among participants, maintaining data privacy. When compared against a centralized approach, results have shown that a collaborative FL IDS can be an efficient alternative, in terms of accuracy, precision, recall and F1-score, making it a viable option as an IoT IDS. Additionally, with these results as baseline, we have evaluated alternative aggregation algorithms, namely FedAvgM, FedAdam and FedAdagrad, in the same setting by using the Flower FL framework. The results from the evaluation show that, in our scenario, FedAvg and FedAvgM tend to perform better compared to the two adaptive algorithms, FedAdam and FedAdagrad.

The rapid proliferation of Internet of Things (IoT) devices across domains such as smart homes, industrial control systems, and healthcare networks has significantly expanded the attack surface for cyber threats, including botnet-driven distributed denial-of-service (DDoS), malware injection, and data exfiltration. Conventional intrusion detection systems (IDS) face critical challenges like privacy, scalability, and robustness when applied in such heterogeneous IoT environments. To address these issues, we propose SecureDyn-FL, a comprehensive and robust privacy-preserving federated learning (FL) framework tailored for intrusion detection in IoT networks. SecureDyn-FL is designed to simultaneously address multiple security dimensions in FL-based IDS: (1) poisoning detection through dynamic temporal gradient auditing, (2) privacy protection against inference and eavesdropping attacks through secure aggregation, and (3) adaptation to heterogeneous non-independent-and-identically-distributed (non-IID) data via personalized learning. The framework introduces three core contributions: (i) a dynamic temporal gradient auditing mechanism that leverages Gaussian mixture models (GMMs) and Mahalanobis distance (MD) to detect stealthy and adaptive poisoning attacks, (ii) an optimized privacy-preserving aggregation scheme based on transformed additive ElGamal encryption with adaptive pruning and quantization for secure and efficient communication, and (iii) a dual-objective personalized learning strategy that improves model adaptation under non-IID data using logit-adjusted loss. Extensive experiments on the N-BaIoT dataset under both IID and non-IID settings, including scenarios with up to 50% adversarial clients, demonstrate that SecureDyn-FL consistently outperforms state-of-the-art FL-based IDS defenses. It achieves up to 99.01% detection accuracy, a 98.9% F1-score, and significantly reduced attack success rates across diverse poisoning attacks, while maintaining strong privacy guarantees and computational efficiency for resource-constrained IoT devices.

Internet of things (IoT) is an emerging paradigm that integrates several technologies. IoT network constitutes of many interconnected devices that include various sensors, actu-ators, services and other communicable objects. The increasing demand for IoT and its services have created several security vulnerabilities. Conventional security approaches like intrusion detection systems are not up to the expectation to fulfil the security challenges of IoT networks, due to the conventional technologies used in them. This article presents a survey of intrusion detection and prevention system (IDPS), using state of art technologies, in the context of IoT security. IDPS constitutes of two parts: intrusion detection system and intrusion prevention system. An intrusion detection system (IDS) is used to detect and analyze both inbound and outbound network traffic for malicious activities. An intrusion prevention system (IPS) can be aligned with IDS by proactively inspecting a system’s incoming traffic to mitigate harmful requests. The alignment of IDS and IPS is known as intrusion detection and prevention systems (IDPS). The amalgamation of new technologies, like software-defined network (SDN), machine learning (ML), and manufacturer usage description (MUD), in IDPS is putting the security on the next level. In this study IDPS and its performance benefits are analyzed in the context of IoT security. This survey describes all these prominent technologies in detail and their integrated applications to complement IDPS in the IoT network. Future research directions and challenges of IoT security have been elaborated in the end.

This paper presents Zero-Knowledge Federated Learning Guard (ZK-FLGuard), a privacy-preserving and verifiable federated learning framework for real-time anomaly detection in Fifth-Generation Mobile Network (5G)-enabled Internet of Things (IoT) environments. Building on the integration of zero-knowledge proofs (zk-SNARK—Zero-Knowledge Succinct Non-interactive Argument of Knowledge) and blockchain-based access control, ZK-FLGuard ensures the integrity of model updates without exposing private data. Using real-world intrusion detection datasets (CICIDS2017—Canadian Institute for Cybersecurity Intrusion Detection System 2017, TON_IoT—Telecommunications Organisation of the National Security—IoT) and a synthetic adversarial dataset, our evaluation shows that ZK-FLGuard achieves up to 0.96 F1-score (harmonic mean of precision and recall), improves recall in low-frequency attack detection, and introduces less than 10% additional latency overhead compared to standard Federated Learning (FL). Compared with centralized Long Short-Term Memory (LSTM) and FL without Zero-Knowledge Proof (ZKP), ZK-FLGuard provides competitive accuracy while ensuring verifiable computation and strong privacy guarantees. We address the critical challenge of securing federated anomaly detection in 5G-enabled IoT systems against data leakage, model poisoning, and unauthorized access. While FL preserves privacy by keeping raw data local, it remains vulnerable to gradient leakage and adversarial manipulation. Our hypothesis is that combining zero-knowledge proofs and blockchain with FL can deliver a scalable, tamper-resistant, and privacy-preserving detection pipeline suitable for resource-constrained edge environments.

The security of the Industrial Internet of Things (IIoT) is of vital importance, and the Network Intrusion Detection System (NIDS) plays an indispensable role in this. Although there is an increasing number of studies on the use of deep learning technology to achieve network intrusion detection, the limited local data of the device may lead to poor model performance because deep learning requires large-scale datasets for training. Some solutions propose to centralize the local datasets of devices for deep learning training, but this may involve user privacy issues. To address these challenges, this study proposes a novel federated learning (FL)-based approach aimed at improving the accuracy of network intrusion detection while ensuring data privacy protection. This research combines convolutional neural networks with attention mechanisms to develop a new deep learning intrusion detection model specifically designed for the IIoT. Additionally, variational autoencoders are incorporated to enhance data privacy protection. Furthermore, an FL framework enables multiple IIoT clients to jointly train a shared intrusion detection model without sharing their raw data. This strategy significantly improves the model's detection capability while effectively addressing data privacy and security issues. To validate the effectiveness of the proposed method, a series of experiments were conducted on a real-world Internet of Things (IoT) network intrusion dataset. The experimental results demonstrate that our model and FL approach significantly improve key performance metrics such as detection accuracy, precision, and false-positive rate (FPR) compared to traditional local training methods and existing models.

The number of Internet of Things (IoT) devices has increased considerably in the past few years, which resulted in an exponential growth of cyber attacks on IoT infrastructure. As part of a defense in depth approach to network security, intrusion detection systems (IDS) have acquired a key role as they attempt to detect malicious activities promptly and efficiently. In this thesis, an investigation on the use of ensemble learning and federated learning as methods to develop IDS in IoT environment is proposed. Three main contributions are offered, which were evaluated on two open-source datasets, namely ToN IoT and CICIDS2017. The first contribution is a novel method based on a combination of ensemble models. The method uses ensemble stacking and boosting to detect anomalies in IoT traffic. Three machine learning models, namely kNN, Decision Tree and Logistic Regression, are used as the base learners for the stacking model. The XGBoost model is used as the meta learner. Results show that the proposed model is capable of high accuracy, precision, recall and F1-Score in both datasets in binary and multi-class classification. Secondly, this thesis proposes another novel IDS approach based on a stacking ensemble of deep learning (DL) models. This approach is named Deep Integrated Stacking for the IoT (DIS-IoT), as it combines four different DL models into a fully connected DL layer, creating a standalone ensemble stacking model. Results demonstrate that DIS-IoT is capable of a high level of accuracy with a very low False Positive rate (FPR) in both datasets improving on other standard, standalone, DL methods. Results from this set of experiments were also compared against results available in the literature, which were obtained from similar approaches on the ToN IoT dataset. DIS-IoT achieves comparable performance with others in binary classification, but outperforms them in multi-class classification. The third contribution uses Federated Learning (FL) as an alternative, distributed, method to a centralized intrusion detection model. The FL model is composed of four clients and one server. Data analysis was performed at the client side, each using their own portion of the dataset. No data sharing between participants occurred, hence maintaining data privacy. The results from the experiments demonstrated that a collaborative federated system using horizontal data partitioning and the FedAvg aggregation algorithm, can have a comparable performance with a centralized model, making it a viable option for an IoT IDS. Moreover, several other federated averaging algorithms were evaluated in order to verify their efficacy in this setting. These were FedAvgM, FedAdam and FedAdagrad. The experiments demonstrated that FedAvg and FedAvgM were the most efficient options in the given scenario. However, further research in alternative, larger, settings are required to evaluate FedAdam and FedAdagrad more accurately.

Technological breakthroughs in the Internet of Things (IoT) easily promote smart lives for humans by connecting everything through the Internet. The de facto standardised IoT routing strategy is the routing protocol for low-power and lossy networks (RPL), which is applied in various heterogeneous IoT applications. Hence, the increase in reliance on the IoT requires focus on the security of the RPL protocol. The top defence layer is an intrusion detection system (IDS), and the heterogeneous characteristics of the IoT and variety of novel intrusions make the design of the RPL IDS significantly complex. Most existing IDS solutions are unified models and cannot detect novel RPL intrusions. Therefore, the RPL requires a customised global attack knowledge-based IDS model to identify both existing and novel intrusions in order to enhance its security. Federated transfer learning (FTL) is a trending topic that paves the way to designing a customised RPL-IoT IDS security model in a heterogeneous IoT environment. In this paper, we propose a federated-transfer-learning-assisted customised distributed IDS (FT-CID) model to detect RPL intrusion in a heterogeneous IoT. The design process of FT-CID includes three steps: dataset collection, FTL-assisted edge IDS learning, and intrusion detection. Initially, the central server initialises the FT-CID with a predefined learning model and observes the unique features of different RPL-IoTs to construct a local model. The experimental model generates an RPL-IIoT dataset with normal and abnormal traffic through simulation on the Contiki-NG OS. Secondly, the edge IDSs are trained using the local parameters and the globally shared parameters generated by the central server through federation and aggregation of different local parameters of various edges. Hence, transfer learning is exploited to update the server's and edges' local and global parameters based on relational knowledge. It also builds and customised IDS model with partial retraining through local learning based on globally shared server knowledge. Finally, the customised IDS in the FT-CID model enforces the detection of intrusions in heterogeneous IoT networks. Moreover, the FT-CID model accomplishes high RPL security by implicitly utilising the local and global parameters of different IoTs with the assistance of FTL. The FT-CID detects RPL intrusions with an accuracy of 85.52% in tests on a heterogeneous IoT network.