FLEAM: A Federated Learning Empowered Architecture to Mitigate DDoS in Industrial IoT

The distributed denial of service (DDoS) attack is detrimental to the industrial Internet of things (IIoT) as it triggers severe resource starvation on networked objects. Recent dynamics demonstrate that it is a highly profitable business for attackers using botnets. Current centralized mitigation solutions concentrate on detection and mitigation at a victim's side, paying inadequate attention to hacking costs and the collaboration of defenders. Thus, we propose the federated learning empowered mitigation architecture (FLEAM) to advocate joint defense, incurring a higher hacking expense. FLEAM combines FL and fog computing to reduce mitigation time and improve detection accuracy, enabling defenders to jointly combatting botnets. Our comprehensive evaluations showcase that the attacking expense incurred is 2.5 times higher, the mitigation delay is about 72% lower, and the accuracy is 47% greater on average than classic solutions.