The application of Machine Learning (ML) techniques to the well-known intrusion detection systems (IDS) is key to cope with increasingly sophisticated cybersecurity attacks through an effective and efficient detection process. In the context of the Internet of Things (IoT), most ML-enabled IDS approaches use centralized approaches where IoT devices share their data with data centers for further analysis. To mitigate privacy concerns associated with centralized approaches, in recent years the use of Federated Learning (FL) has attracted a significant interest in different sectors, including healthcare and transport systems. However, the development of FL-enabled IDS for IoT is in its infancy, and still requires research efforts from various areas, in order to identify the main challenges for the deployment in real-world scenarios. In this direction, our work evaluates a FL-enabled IDS approach based on a multiclass classifier considering different data distributions for the detection of different attacks in an IoT scenario. In particular, we use three different settings that are obtained by partitioning the recent ToN\_IoT dataset according to IoT devices' IP address and types of attack. Furthermore, we evaluate the impact of different aggregation functions according to such setting by using the recent IBMFL framework as FL implementation. Additionally, we identify a set of challenges and future directions based on the existing literature and the analysis of our evaluation results.
翻译:机械学习(ML)技术应用于众所周知的入侵探测系统(IDS)是应对日益复杂的网络安全攻击的关键。在物联网(IoT)方面,大多数由ML带动的ISDS方法采用集中方法,即IoT设备与数据中心共享数据以便进一步分析。为了减轻与集中方法有关的隐私问题,近年来,使用Falde Learning(FL)吸引了不同部门的极大兴趣,包括保健和运输系统。然而,FL带动的IoT软件数据集的开发尚处于初级阶段,仍需要各领域的研究工作,以便确定在现实世界情景中部署的主要挑战。在这方面,我们的工作根据一个多级分类分类分类分析器评价FL带动的ISDS方法,以考虑在IoT情景中不同袭击的探测数据分布。特别是,我们使用三种不同的环境,通过根据IoT设备IP地址和攻击类型对最近的IP地址和类型进行分解而获得的Toó数据集,这需要从各个领域中开展研究,以便确定在现实世界情景中部署的主要挑战。此外,我们的工作根据一个多级分类分类分类分类分析方法,根据我们现有的FBML分析结果来确定了目前执行结果。