FedShield: Privacy-Preserving Federated Learning with Differential Privacy and Byzantine-Robust Aggregation for Intrusion Detection in Heterogeneous IoT Networks
Keywords:
Federated learning; Differential privacy; Byzantine fault tolerance; Network intrusion detection; IoT security; Gradient privacy; Poisoning attacks; CybersecurityAbstract
The proliferation of Internet of Things (IoT) devices in critical infrastructure has dramatically expanded the attack surface for malicious intrusions, making Network Intrusion Detection Systems (NIDS) indispensable. However, traditional centralized machine learning approaches to NIDS require raw traffic data to be transmitted to a central server, raising severe privacy concerns and creating single points of failure. Federated Learning (FL) offers a compelling alternative by training models locally and sharing only model updates, yet it remains vulnerable to poisoning attacks from Byzantine clients and to inference attacks that can extract sensitive information from gradient updates. In this paper, we propose FedShield, a privacy-preserving federated learning framework for intrusion detection in heterogeneous IoT networks. FedShield integrates three complementary mechanisms: (i) Rényi Differential Privacy (RDP) for provable gradient privacy, (ii) a Median-of-Means Byzantine-Robust aggregation scheme (MoM-BRA) that tolerates up to 40% malicious participants without sacrificing model utility, and (iii) an adaptive noise calibration protocol that balances privacy budget expenditure against detection performance. We evaluate FedShield on three benchmark datasets—NSL-KDD, CIC-IDS2018, and TON-IoT—achieving detection accuracy of 98.4%, 97.1%, and 96.8% respectively, with a privacy budget of ε = 2.0 under δ = 10⁻⁵, while maintaining resilience against gradient inversion and model poisoning attacks. FedShield outperforms six state-of-the-art baselines and reduces communication overhead by 34% through structured gradient compression.
References
[1] Ericsson, “IoT Connections Outlook,” Ericsson Mobility Report, 2023.
[2] M. Antonakakis et al., “Understanding the Mirai botnet,” in Proc. USENIX Security, pp. 1093–1110, 2017.
[3] A. Khraisat and A. Alazab, “A critical review of intrusion detection systems in the internet of things,” Electronics, vol. 10, no. 20, p. 2420, 2021.
[4] B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y Arcas, “Communication-efficient learning of deep networks from decentralized data,” in Proc. AISTATS, pp. 1273–1282, 2017.
[5] J. Geiping, H. Bauermeister, H. Dröge, and M. Moeller, “Inverting gradients — how easy is it to break privacy in federated learning?,” in Proc. NeurIPS, pp. 16937–16947, 2020.
[6] E. Bagdasaryan, A. Veit, Y. Hua, D. Estrin, and V. Shmatikov, “How to backdoor federated learning,” in Proc. AISTATS, pp. 2938–2948, 2020.
[7] M. Fang, X. Cao, J. Jia, and N. Gong, “Local model poisoning attacks to Byzantine-robust federated learning,” in Proc. USENIX Security, pp. 1623–1640, 2020.
[8] P. Blanchard, E. M. El Mhamdi, R. Guerraoui, and J. Stainer, “Machine learning with adversaries: Byzantine tolerant gradient descent,” in Proc. NeurIPS, pp. 119–129, 2017.
[9] T. D. Nguyen et al., “DIOT: Self-learning system for detecting IoT botnet attacks,” in Proc. ICDCS, pp. 756–767, 2019.
[10] S. I. Popoola, R. Ande, B. Adebisi, G. Gui, M. Hammoudeh, and O. Jogunola, “Federated deep learning for zero-day botnet attack detection in IoT-edge devices,” IEEE Internet Things J., vol. 9, no. 5, pp. 3930–3944, 2022.
[11] V. Rey, P. M. S. Sánchez, A. H. Celdrán, and G. Bovet, “Federated learning for malware detection in IoT devices,” Comput. Netw., vol. 204, p. 108693, 2022.
[12] M. Abadi et al., “Deep learning with differential privacy,” in Proc. CCS, pp. 308–318, 2016.
[13] H. B. McMahan, D. Ramage, K. Talwar, and L. Zhang, “Learning differentially private recurrent language models,” in Proc. ICLR, 2018.
[14] I. Mironov, “Rényi differential privacy of the Gaussian mechanism,” in Proc. CSF, pp. 263–275, 2017.
[15] B. Ghazi, R. Kumar, P. Manurangsi, and R. Pagh, “Private counting from anonymous messages,” in Proc. ICML, pp. 3417–3427, 2020.
[16] S. Balle and Y.-X. Wang, “Improving the Gaussian mechanism for differential privacy,” in Proc. ICML, pp. 394–403, 2018.
[17] P. Blanchard, E. M. El Mhamdi, R. Guerraoui, and J. Stainer, “Machine learning with adversaries,” in Proc. NeurIPS, 2017.
[18] D. Yin, Y. Chen, R. Kannan, and P. Bartlett, “Byzantine-robust distributed learning: Towards optimal statistical rates,” in Proc. ICML, pp. 5650–5659, 2018.
[19] N. Nguyen, P. Rathee, C. Wressnegger, and K. Rieck, “FLAME: Taming backdoors in federated learning,” in Proc. USENIX Security, pp. 1415–1432, 2022.
[20] M. Fang, X. Cao, J. Jia, and N. Gong, “Local model poisoning attacks to Byzantine-robust federated learning,” in Proc. USENIX Security, 2020.
[21] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in Proc. IEEE CISDA, pp. 1–6, 2009.
[22] N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems,” in Proc. MilCIS, pp. 1–6, 2015.
[23] I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” in Proc. ICISSP, pp. 108–116, 2018.
[24] Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai, “Kitsune: An ensemble of autoencoders for online network intrusion detection,” in Proc. NDSS, 2018.
[25] W. Hu et al., “Network intrusion detection based on attention-based BiLSTM,” IEEE Access, vol. 10, pp. 8564–8572, 2022.
[26] X. Peng et al., “Graph neural network for network intrusion detection,” IEEE Trans. Inf. Forensics Security, vol. 18, pp. 1184–1195, 2023.
[27] A. F. Aji and K. Heafield, “Sparse communication for distributed gradient descent,” in Proc. EMNLP, pp. 440–450, 2017.
[28] N. Moustafa, “TON-IoT telemetry dataset: A new generation dataset of IoT and IIoT for data-driven intrusion detection systems,” IEEE Access, vol. 9, pp. 23 615–23 625, 2021.
[29] T. Li, A. K. Sahu, M. Zaheer, M. Sanjabi, A. Smola, and V. Smith, “Federated optimization in heterogeneous networks,” in Proc. MLSys, 2020.
[30] A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, “Towards deep learning models resistant to adversarial attacks,” in Proc. ICLR, 2018.
[31] K. Bonawitz et al., “Practical secure aggregation for privacy-preserving machine learning,” in Proc. CCS, pp. 1175–1191
