Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

In-network Attack Detection with Federated Deep Learning in IoT Networks: Real Implementation and Analysis

Devashish Chaudhary, Sutharshan Rajasegarar, Shiva Raj Pokhrel, Lei Pan, Ruby D

Abstract

The rapid expansion of the Internet of Things (IoT) and its integration with backbone networks have heightened the risk of security breaches. Traditional centralized approaches to anomaly detection, which require transferring large volumes of data to central servers, suffer from privacy, scalability, and latency limitations. This paper proposes a lightweight autoencoder-based anomaly detection framework designed for deployment on resource-constrained edge devices, enabling real-time detection while minimizing data transfer and preserving privacy. Federated learning is employed to train models collaboratively across distributed devices, where local training occurs on edge nodes and only model weights are aggregated at a central server. A real-world IoT testbed using Raspberry Pi sensor nodes was developed to collect normal and attack traffic data. The proposed federated anomaly detection system, implemented and evaluated on the testbed, demonstrates its effectiveness in accurately identifying network attacks. The communication overhead was reduced significantly while achieving comparable performance to the centralized method.

In-network Attack Detection with Federated Deep Learning in IoT Networks: Real Implementation and Analysis

Abstract

The rapid expansion of the Internet of Things (IoT) and its integration with backbone networks have heightened the risk of security breaches. Traditional centralized approaches to anomaly detection, which require transferring large volumes of data to central servers, suffer from privacy, scalability, and latency limitations. This paper proposes a lightweight autoencoder-based anomaly detection framework designed for deployment on resource-constrained edge devices, enabling real-time detection while minimizing data transfer and preserving privacy. Federated learning is employed to train models collaboratively across distributed devices, where local training occurs on edge nodes and only model weights are aggregated at a central server. A real-world IoT testbed using Raspberry Pi sensor nodes was developed to collect normal and attack traffic data. The proposed federated anomaly detection system, implemented and evaluated on the testbed, demonstrates its effectiveness in accurately identifying network attacks. The communication overhead was reduced significantly while achieving comparable performance to the centralized method.
Paper Structure (14 sections, 5 equations, 3 figures, 3 tables, 1 algorithm)

This paper contains 14 sections, 5 equations, 3 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Literature
  3. Proposed Federated Anomaly Detection
  4. Normal and Attack Data Collection
  5. IoT Testbed Design and attack scenarios implementation
  6. Defining Threshold to detect attacks
  7. Results and Discussion
  8. Threshold Calculation
  9. Performance Metrics
  10. Analysis of attack detection performance
  11. Optimal Value of $k$
  12. Communication and Computation Overhead
  13. Complexity Analysis
  14. Conclusion

Figures (3)

  • Figure 1: (a) Raspberry Pi 3B+ with ZigBee (b) Network Topology (c) Redirection Attack.
  • Figure 2: Reconstruction loss/error over time. A small loss is observed during the normal (attack-free) operation, and the loss becomes higher during the attack period (towards the middle).
  • Figure 3: (a) F1-score for different devices using optimal $k$ values. (b) F1-score for each device for different values of $k \in \{1,2,3,4\}$.