<p>With the rapid expansion of the Internet of Things (IoT), intricate security challenges have emerged since traditional centralized intrusion detection systems (IDS) struggle with privacy, scalability, and evolving cyber threats. This paper presents a new hybrid IDS framework that uniquely combines Federated Learning (FL) and Deep Reinforcement Learning (RL) (DQN-based). In contrast to previous studies that implemented FL and RL independently, we have designed our framework to incorporate RL agents with federated aggregation, as well as an anomaly detection module and then performing adaptive attack classification. The novel, integrated design allows for collaborative learning across distributed IoT entities while maintaining data privacy by keeping raw network traffic on local devices. Adding an optimization process to account for model bias and uneven data distributions, namely confidence thresholding, SMOTE augmentation, and softmax-based action selection, allows an agent to measure reliability and provides another advantage over competing techniques, the interpretability of system decision, which is crucial for security deployment in the wild. We replicated our model in OpenAI Gym, using the CIC IoT 2023 dataset, ensuring that realistic IoT traffic patterns and attack scenarios were used in testing, providing some realism in deployment. The experimental results came to demonstrate a benefit with the FL aided RL model, continually outperforming the RL baselines. In particular, the proposed Clustered FedAvg framework provides a 12.5% improvement in detection accuracy, with an overall accuracy of 99.7%, precision of 99.5%, recall of 99.4%, and F1-Score of 99.4%. The system thus reduces communication overhead, and is able to show resilience against heterogeneous (non-IID) data distributions and adversarial environments. These findings illustrate the proposed framework’s provision of both scalability and robustness while preserving confidentiality. In addition, the results offered here advance the field of IoT security by establishing the first integrated FL–RL architecture that jointly improves detection accuracy, prevents intrusion by preserving user data privacy, and reduces communication costs during IDS operation. The ability to combine federated aggregation with reinforcement learning in addition to specific imbalance handling mechanisms provides a scalable, adaptive, and privacy-preserving IDS solution in contexts of the proposed architecture. The assessment of the methods on real IoT traffic signals practical contributions while providing a meaningful first step to improve security in large scale IoT networks under emerging IoT based cyber-attacks.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Improving IoT security through federated deep Q-learning with realistic traffic modelling

  • Deepthi Godavarthi,
  • Teja Uma Mahesh,
  • Jithendar,
  • Sachi Nandan Mohanty,
  • Jatindra Kumar Dash

摘要

With the rapid expansion of the Internet of Things (IoT), intricate security challenges have emerged since traditional centralized intrusion detection systems (IDS) struggle with privacy, scalability, and evolving cyber threats. This paper presents a new hybrid IDS framework that uniquely combines Federated Learning (FL) and Deep Reinforcement Learning (RL) (DQN-based). In contrast to previous studies that implemented FL and RL independently, we have designed our framework to incorporate RL agents with federated aggregation, as well as an anomaly detection module and then performing adaptive attack classification. The novel, integrated design allows for collaborative learning across distributed IoT entities while maintaining data privacy by keeping raw network traffic on local devices. Adding an optimization process to account for model bias and uneven data distributions, namely confidence thresholding, SMOTE augmentation, and softmax-based action selection, allows an agent to measure reliability and provides another advantage over competing techniques, the interpretability of system decision, which is crucial for security deployment in the wild. We replicated our model in OpenAI Gym, using the CIC IoT 2023 dataset, ensuring that realistic IoT traffic patterns and attack scenarios were used in testing, providing some realism in deployment. The experimental results came to demonstrate a benefit with the FL aided RL model, continually outperforming the RL baselines. In particular, the proposed Clustered FedAvg framework provides a 12.5% improvement in detection accuracy, with an overall accuracy of 99.7%, precision of 99.5%, recall of 99.4%, and F1-Score of 99.4%. The system thus reduces communication overhead, and is able to show resilience against heterogeneous (non-IID) data distributions and adversarial environments. These findings illustrate the proposed framework’s provision of both scalability and robustness while preserving confidentiality. In addition, the results offered here advance the field of IoT security by establishing the first integrated FL–RL architecture that jointly improves detection accuracy, prevents intrusion by preserving user data privacy, and reduces communication costs during IDS operation. The ability to combine federated aggregation with reinforcement learning in addition to specific imbalance handling mechanisms provides a scalable, adaptive, and privacy-preserving IDS solution in contexts of the proposed architecture. The assessment of the methods on real IoT traffic signals practical contributions while providing a meaningful first step to improve security in large scale IoT networks under emerging IoT based cyber-attacks.