Authors:
Jacopo Talpini
;
Fabio Sartori
and
Marco Savi
Affiliation:
Department of Informatics, Systems and Communication, University of Milano-Bicocca, Milano, Italy
Keyword(s):
Intrusion Detection, IoT, Federated Learning, Machine Learning.
Abstract:
The Internet of Things (IoT) is growing rapidly and so the need of ensuring protection against cybersecurity
attacks to IoT devices. In this scenario, Intrusion Detection Systems (IDSs) play a crucial role and data-driven
IDSs based on machine learning (ML) have recently attracted more and more interest by the research community. While conventional ML-based IDSs are based on a centralized architecture where IoT devices share
their data with a central server for model training, we propose a novel approach that is based on federated
learning (FL). However, conventional FL is ineffective in the considered scenario, due to the high statistical
heterogeneity of data collected by IoT devices. To overcome this limitation, we propose a three-tier FL-based
architecture where IoT devices are clustered together based on their statistical properties. Clustering decisions
are taken by means of a novel entropy-based strategy, which helps improve model training performance. We
tested our so
lution on the CIC-ToN-IoT dataset: our clustering strategy increases intrusion detection performance with respect to a conventional FL approach up to +17% in terms of F1-score, along with a significant
reduction of the number of training rounds.
(More)