Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Federated Learning in Adversarial Environments: Testbed Design and Poisoning Resilience in Cybersecurity

Hao Jian Huang, Hakan T. Otal, M. Abdullah Canbaz

TL;DR

Privacy-preserving Federated Learning in cybersecurity faces poisoning threats that can compromise model integrity. The paper builds a Raspberry Pi–NVIDIA Jetson FL testbed using the Flower framework to simulate non-IID IoT-like data and evaluate data- and model-poisoning effects on DNP3 intrusion detection with an MLP. It contributes a practical architecture, empirical analysis of poisoning impact on both local and global models, and insights into robustness gains with more benign clients, highlighting the need for defense mechanisms. The study provides a scalable, real-world platform for stress-testing secure FL in critical infrastructure and informs design considerations for resilient, privacy-preserving cyber-defense systems.

Abstract

This paper presents the design and implementation of a Federated Learning (FL) testbed, focusing on its application in cybersecurity and evaluating its resilience against poisoning attacks. Federated Learning allows multiple clients to collaboratively train a global model while keeping their data decentralized, addressing critical needs for data privacy and security, particularly in sensitive fields like cybersecurity. Our testbed, built using Raspberry Pi and Nvidia Jetson hardware by running the Flower framework, facilitates experimentation with various FL frameworks, assessing their performance, scalability, and ease of integration. Through a case study on federated intrusion detection systems, the testbed's capabilities are shown in detecting anomalies and securing critical infrastructure without exposing sensitive network data. Comprehensive poisoning tests, targeting both model and data integrity, evaluate the system's robustness under adversarial conditions. The results show that while federated learning enhances data privacy and distributed learning, it remains vulnerable to poisoning attacks, which must be mitigated to ensure its reliability in real-world applications.

Federated Learning in Adversarial Environments: Testbed Design and Poisoning Resilience in Cybersecurity

TL;DR

Privacy-preserving Federated Learning in cybersecurity faces poisoning threats that can compromise model integrity. The paper builds a Raspberry Pi–NVIDIA Jetson FL testbed using the Flower framework to simulate non-IID IoT-like data and evaluate data- and model-poisoning effects on DNP3 intrusion detection with an MLP. It contributes a practical architecture, empirical analysis of poisoning impact on both local and global models, and insights into robustness gains with more benign clients, highlighting the need for defense mechanisms. The study provides a scalable, real-world platform for stress-testing secure FL in critical infrastructure and informs design considerations for resilient, privacy-preserving cyber-defense systems.

Abstract

This paper presents the design and implementation of a Federated Learning (FL) testbed, focusing on its application in cybersecurity and evaluating its resilience against poisoning attacks. Federated Learning allows multiple clients to collaboratively train a global model while keeping their data decentralized, addressing critical needs for data privacy and security, particularly in sensitive fields like cybersecurity. Our testbed, built using Raspberry Pi and Nvidia Jetson hardware by running the Flower framework, facilitates experimentation with various FL frameworks, assessing their performance, scalability, and ease of integration. Through a case study on federated intrusion detection systems, the testbed's capabilities are shown in detecting anomalies and securing critical infrastructure without exposing sensitive network data. Comprehensive poisoning tests, targeting both model and data integrity, evaluate the system's robustness under adversarial conditions. The results show that while federated learning enhances data privacy and distributed learning, it remains vulnerable to poisoning attacks, which must be mitigated to ensure its reliability in real-world applications.
Paper Structure (11 sections, 4 figures)

This paper contains 11 sections, 4 figures.

Table of Contents

  1. Introduction
  2. Methodology
  3. Overview of System Architecture
  4. Software and Hardware Setup
  5. Comparison of FL Frameworks
  6. Datasets
  7. Experimental Results
  8. Clean Performance Results
  9. Poisoned Model Performance Results
  10. Comparison of Aggregated Models
  11. Conclusion and Future Work

Figures (4)

  • Figure 1: System architecture for the testbed, illustrating the key components and interactions within the FL setup.
  • Figure 2: The performance of FL testbed clients models with normal data
  • Figure 3: The performance of each experiment with multiple clients (3,4,5) in evaluation accuracy, loss, and F1-Score
  • Figure 4: The performance of the aggregated model of each experiment with various number of clients in evaluation accuracy, loss, and F1-Score