Zero-X: A Blockchain-Enabled Open-Set Federated Learning Framework for Zero-Day Attack Detection in IoV
Abdelaziz Amara korba, Abdelwahab Boualouache, Yacine Ghamri-Doudane
TL;DR
Zero-X addresses IoV security by combining Open-Set Recognition with privacy-preserving Federated Learning and a blockchain-enabled training framework to detect both 0-day and N-day attacks. The architecture uses a Deep Auto-Encoder for anomaly detection and a Deep-MCDD for open-set classification, with a consortium blockchain and a Proof-of-Accuracy consensus to secure model updates and guard against poisoning. Evaluations on 5G-NIDD and VDoS demonstrate high detection rates, low false positives, and robust performance under non-IID data, while maintaining privacy through differential privacy. The work advances secure, scalable IoV intrusion detection by decentralizing training, enabling rapid zero-day recognition, and providing insights into deployment on CAVs and MEC infrastructures. Future work includes incremental learning to convert unknown attacks into known ones and an autonomous intrusion-response mechanism using reinforcement learning at vehicular edge nodes.
Abstract
The Internet of Vehicles (IoV) is a crucial technology for Intelligent Transportation Systems (ITS) that integrates vehicles with the Internet and other entities. The emergence of 5G and the forthcoming 6G networks presents an enormous potential to transform the IoV by enabling ultra-reliable, low-latency, and high-bandwidth communications. Nevertheless, as connectivity expands, cybersecurity threats have become a significant concern. The issue has been further exacerbated by the rising number of zero-day (0-day) attacks, which can exploit unknown vulnerabilities and bypass existing Intrusion Detection Systems (IDSs). In this paper, we propose Zero-X, an innovative security framework that effectively detects both 0-day and N-day attacks. The framework achieves this by combining deep neural networks with Open-Set Recognition (OSR). Our approach introduces a novel scheme that uses blockchain technology to facilitate trusted and decentralized federated learning (FL) of the ZeroX framework. This scheme also prioritizes privacy preservation, enabling both CAVs and Security Operation Centers (SOCs) to contribute their unique knowledge while protecting the privacy of their sensitive data. To the best of our knowledge, this is the first work to leverage OSR in combination with privacy-preserving FL to identify both 0-day and N-day attacks in the realm of IoV. The in-depth experiments on two recent network traffic datasets show that the proposed framework achieved a high detection rate while minimizing the false positive rate. Comparison with related work showed that the Zero-X framework outperforms existing solutions.