Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FedMSE: Semi-supervised federated learning approach for IoT network intrusion detection

Van Tuan Nguyen, Razvan Beuran

TL;DR

FedMSE tackles IoT intrusion detection under privacy and scalability constraints by integrating semi-supervised federated learning with a hybrid SAE-CEN detector and a mean-squared-error based aggregation. The SAE-CEN component maps normal traffic to a compact latent space and uses a centroid-based anomaly score, while MSEAvg weights global updates by reconstruction performance on a shared development set, improving robustness to non-IID data. On the NBaiot dataset, FedMSE achieves an AUC of 97.30±0.49 with only 50% gateway participation, outperforming Autoencoder variants with FedAvg or FedProx, and showing strong scalability in large, heterogeneous IoT networks. The approach reduces data sharing and communication overhead while maintaining high detection accuracy, making it practical for real-world IoT security deployments.

Abstract

This paper proposes a novel federated learning approach for improving IoT network intrusion detection. The rise of IoT has expanded the cyber attack surface, making traditional centralized machine learning methods insufficient due to concerns about data availability, computational resources, transfer costs, and especially privacy preservation. A semi-supervised federated learning model was developed to overcome these issues, combining the Shrink Autoencoder and Centroid one-class classifier (SAE-CEN). This approach enhances the performance of intrusion detection by effectively representing normal network data and accurately identifying anomalies in the decentralized strategy. Additionally, a mean square error-based aggregation algorithm (MSEAvg) was introduced to improve global model performance by prioritizing more accurate local models. The results obtained in our experimental setup, which uses various settings relying on the N-BaIoT dataset and Dirichlet distribution, demonstrate significant improvements in real-world heterogeneous IoT networks in detection accuracy from 93.98$\pm$2.90 to 97.30$\pm$0.49, reduced learning costs when requiring only 50\% of gateways participating in the training process, and robustness in large-scale networks.

FedMSE: Semi-supervised federated learning approach for IoT network intrusion detection

TL;DR

FedMSE tackles IoT intrusion detection under privacy and scalability constraints by integrating semi-supervised federated learning with a hybrid SAE-CEN detector and a mean-squared-error based aggregation. The SAE-CEN component maps normal traffic to a compact latent space and uses a centroid-based anomaly score, while MSEAvg weights global updates by reconstruction performance on a shared development set, improving robustness to non-IID data. On the NBaiot dataset, FedMSE achieves an AUC of 97.30±0.49 with only 50% gateway participation, outperforming Autoencoder variants with FedAvg or FedProx, and showing strong scalability in large, heterogeneous IoT networks. The approach reduces data sharing and communication overhead while maintaining high detection accuracy, making it practical for real-world IoT security deployments.

Abstract

This paper proposes a novel federated learning approach for improving IoT network intrusion detection. The rise of IoT has expanded the cyber attack surface, making traditional centralized machine learning methods insufficient due to concerns about data availability, computational resources, transfer costs, and especially privacy preservation. A semi-supervised federated learning model was developed to overcome these issues, combining the Shrink Autoencoder and Centroid one-class classifier (SAE-CEN). This approach enhances the performance of intrusion detection by effectively representing normal network data and accurately identifying anomalies in the decentralized strategy. Additionally, a mean square error-based aggregation algorithm (MSEAvg) was introduced to improve global model performance by prioritizing more accurate local models. The results obtained in our experimental setup, which uses various settings relying on the N-BaIoT dataset and Dirichlet distribution, demonstrate significant improvements in real-world heterogeneous IoT networks in detection accuracy from 93.982.90 to 97.300.49, reduced learning costs when requiring only 50\% of gateways participating in the training process, and robustness in large-scale networks.

Paper Structure

This paper contains 16 sections, 6 equations, 12 figures, 4 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Federated learning
  4. Autoencoder
  5. Related work
  6. Proposed approach
  7. Hybrid intrusion detection approach
  8. Mean Squared Error-based model aggregation
  9. Evaluation
  10. Experiment settings
  11. IoT network construction
  12. Hyperparameters setting
  13. Experiment 1: Federated intrusion detection performance
  14. Experiment 2: Effects of gateway selection ratio
  15. Experiment 3: Accuracy for different IoT network sizes
  16. ...and 1 more sections

Figures (12)

  • Figure 1: Illustration of the Federated Learning mechanism.
  • Figure 2: Architecture of (a) Autoencoder and (b) use of Autoencoder as feature representation for anomaly detection
  • Figure 3: Overview of our proposed approach.
  • Figure 4: Illustration of SAE-CEN hybrid model principle.
  • Figure 5: Data allocation for experimental scenarios. The training data (a, b) contains only normal data. The testing data (c, d) includes both normal data and abnormal data and some new IoT devices appear in subnetworks.
  • ...and 7 more figures