A federated learning-based zero trust intrusion detection system for Internet of Things

The rapid expansion of Internet of Things (IoT) devices presents unique challenges in ensuring the security and privacy of interconnected systems. As cyberattacks become more frequent, developing an effective and scalable Intrusion Detection System (IDS) based on Federated Learning (FL) for IoT becomes increasingly complex. Current methodologies struggle to balance spatial and temporal feature extraction, especially when dealing with dynamic and evolving cyber threats. The lack of diversity in datasets used for FL-based IDS evaluations further impedes progress. There is also a noticeable tradeoff between performance and scalability, particularly as the number of edge devices in communication increases. To address these challenges, this article introduces a horizontal FL model that combines Convolutional Neural Networks (CNN) and Bidirectional Long-Term Short Memory (BiLSTM) for effective intrusion detection. This hybrid approach aims to overcome the limitations of existing methods and enhance the effectiveness of intrusion detection in the context of FL for IoT. Specifically, CNN is used for spatial feature extraction, enabling the model to identify local patterns indicative of potential intrusions, while the BiLSTM component captures temporal dependencies and learns sequential patterns within the data. The proposed IDS follows a zero-trust model by keeping the data on local edge devices and sharing only the learned weights with the centralized FL server. The FL server then aggregates updates from various sources to optimize the accuracy of the global learning model. Experimental results using CICIDS2017 and Edge-IIoTset demonstrate the effectiveness of the proposed approach over centralized and federated deep learning-based IDS.