The Internet of Things (IoT) is growing rapidly and so the need of ensuring protection against cybersecurity attacks to IoT devices. In this scenario, Intrusion Detection Systems (IDSs) play a crucial role and data-driven IDSs based on machine learning (ML) have recently attracted more and more interest by the research community. While conventional ML-based IDSs are based on a centralized architecture where IoT devices share their data with a central server for model training, we propose a novel approach that is based on federated learning (FL). However, conventional FL is ineffective in the considered scenario, due to the high statistical heterogeneity of data collected by IoT devices. To overcome this limitation, we propose a three-tier FL-based architecture where IoT devices are clustered together based on their statistical properties. Clustering decisions are taken by means of a novel entropy-based strategy, which helps improve model training performance. We tested our solution on the CIC-ToN-IoT dataset: our clustering strategy increases intrusion detection performance with respect to a conventional FL approach up to +17% in terms of F1-score, along with a significant reduction of the number of training rounds.

Talpini, J., Sartori, F., Savi, M. (2023). A Clustering Strategy for Enhanced FL-Based Intrusion Detection in IoT Networks. In Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3 (pp.152-160). SciTePress [10.5220/0011627500003393].

A Clustering Strategy for Enhanced FL-Based Intrusion Detection in IoT Networks

Talpini, J
Primo
;
Sartori, F;Savi, M
2023

Abstract

The Internet of Things (IoT) is growing rapidly and so the need of ensuring protection against cybersecurity attacks to IoT devices. In this scenario, Intrusion Detection Systems (IDSs) play a crucial role and data-driven IDSs based on machine learning (ML) have recently attracted more and more interest by the research community. While conventional ML-based IDSs are based on a centralized architecture where IoT devices share their data with a central server for model training, we propose a novel approach that is based on federated learning (FL). However, conventional FL is ineffective in the considered scenario, due to the high statistical heterogeneity of data collected by IoT devices. To overcome this limitation, we propose a three-tier FL-based architecture where IoT devices are clustered together based on their statistical properties. Clustering decisions are taken by means of a novel entropy-based strategy, which helps improve model training performance. We tested our solution on the CIC-ToN-IoT dataset: our clustering strategy increases intrusion detection performance with respect to a conventional FL approach up to +17% in terms of F1-score, along with a significant reduction of the number of training rounds.
paper
Intrusion detection; IoT; Federated Learning; Machine Learning
English
International Conference on Agents and Artificial Intelligence (ICAART 2023)
2023
Rocha, AP; Steels, L; van den Herik, J
Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3
978-989-758-623-1
2023
3
152
160
https://www.scitepress.org/Link.aspx?doi=10.5220/0011627500003393
open
Talpini, J., Sartori, F., Savi, M. (2023). A Clustering Strategy for Enhanced FL-Based Intrusion Detection in IoT Networks. In Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3 (pp.152-160). SciTePress [10.5220/0011627500003393].
File in questo prodotto:
File Dimensione Formato  
Talpini-2023-ICAART-AAM.pdf

accesso aperto

Descrizione: Author's Accepted Manuscript
Tipologia di allegato: Author’s Accepted Manuscript, AAM (Post-print)
Licenza: Creative Commons
Dimensione 451.17 kB
Formato Adobe PDF
451.17 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10281/423161
Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
Social impact