<p>The rapid growth of the Internet of Things (IoT) has introduced significant security vulnerabilities and increased the risk of cyberattacks. Intrusion Detection Systems (IDS) are widely used to identify malicious activities; however, their detection accuracy is often degraded by latency and privacy concerns in centralized environments. Federated Learning (FL) has therefore emerged as a privacy-preserving solution for distributed intrusion detection. The FL-based intrusion detection remains challenging due to data imbalance across distributed nodes and susceptibility to adversarial attacks, which can degrade model generalization and robustness. To address these challenges, this paper proposes a Groupers Brown Bear Optimization-based Spiking Residual ShuffleNet (GBOA_SR-ShuffleNet) framework. In the proposed approach, the GBOA algorithm is used to optimally train the SR-ShuffleNet, enabling improved parameter tuning under heterogeneous and imbalanced data distributions typical of FL environments. This leads to more stable model updates, convergence and enhances robustness against adversarial effects, thereby improving the reliability of federated intrusion detection. The servers and IoT nodes are the main entities of the FL-based intrusion detection framework. In local training, intrusion detection is carried out, where the data are normalized by Dual normalization to stabilize data distribution and improve learning convergence. The features are fused using the Kumar-John distance measure with Deep Kronecker Network (DKN), which enhances discriminative feature representation and reduces redundancy. The Bootstrapping method augments the data to avoid class imbalance, and intrusion detection is performed using SR-ShuffleNet. The GBOA trains the SR-ShuffleNet, and Shapley Additive xPlanations (SHAP) show the final result of intrusion detection, which is utilized to provide interpretability and explain the detection decisions. Moreover, the GBOA_SR-ShuffleNet attains the accuracy, Mean Average Precision (mAP), loss, Mean Squared Error (MSE), Root MSE (RMSE), Root Relative Squared Error (RRSE), recall, F1-Score, and False Alarm Rate (FAR) of 96.48%, 95.63% 0.035, 0.080, 0.282, 0.336, 96.93%, 96.28%, and 3.15%.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

GBOA_SR-ShuffleNet: an explainable federated learning framework for privacy-preserving intrusion detection in IoT

  • Sneha Leela Jacob,
  • H. Parveen Sultana

摘要

The rapid growth of the Internet of Things (IoT) has introduced significant security vulnerabilities and increased the risk of cyberattacks. Intrusion Detection Systems (IDS) are widely used to identify malicious activities; however, their detection accuracy is often degraded by latency and privacy concerns in centralized environments. Federated Learning (FL) has therefore emerged as a privacy-preserving solution for distributed intrusion detection. The FL-based intrusion detection remains challenging due to data imbalance across distributed nodes and susceptibility to adversarial attacks, which can degrade model generalization and robustness. To address these challenges, this paper proposes a Groupers Brown Bear Optimization-based Spiking Residual ShuffleNet (GBOA_SR-ShuffleNet) framework. In the proposed approach, the GBOA algorithm is used to optimally train the SR-ShuffleNet, enabling improved parameter tuning under heterogeneous and imbalanced data distributions typical of FL environments. This leads to more stable model updates, convergence and enhances robustness against adversarial effects, thereby improving the reliability of federated intrusion detection. The servers and IoT nodes are the main entities of the FL-based intrusion detection framework. In local training, intrusion detection is carried out, where the data are normalized by Dual normalization to stabilize data distribution and improve learning convergence. The features are fused using the Kumar-John distance measure with Deep Kronecker Network (DKN), which enhances discriminative feature representation and reduces redundancy. The Bootstrapping method augments the data to avoid class imbalance, and intrusion detection is performed using SR-ShuffleNet. The GBOA trains the SR-ShuffleNet, and Shapley Additive xPlanations (SHAP) show the final result of intrusion detection, which is utilized to provide interpretability and explain the detection decisions. Moreover, the GBOA_SR-ShuffleNet attains the accuracy, Mean Average Precision (mAP), loss, Mean Squared Error (MSE), Root MSE (RMSE), Root Relative Squared Error (RRSE), recall, F1-Score, and False Alarm Rate (FAR) of 96.48%, 95.63% 0.035, 0.080, 0.282, 0.336, 96.93%, 96.28%, and 3.15%.