Botnet Detection and Mitigation Model for IoT Networks Using Federated Learning

• Published in: Sensors (Basel, Switzerland) Vol. 23; no. 14; p. 6305
• Main Authors: de Caldas Filho, Francisco Lopes, Soares, Samuel Carlos Meneses, Oroski, Elder, de Oliveira Albuquerque, Robson, da Mata, Rafael Zerbini Alves, de Mendonça, Fábio Lúcio Lopes, de Sousa Júnior, Rafael Timóteo
• Format: Journal Article
• Language: English
• Published: Switzerland MDPI AG 11.07.2023; MDPI
• Subjects: Cybersecurity; Cyberterrorism; Data encryption; DDoS; Deep learning; Denial of service attacks; Detectors; federated learning; fog computing; HIDPS; Internet of Things; Internet service providers; Intrusion detection systems; Machine learning; Neural networks; NIDS; Privacy; Security software; Security systems; Servers; Software; Threats; deep learning; fog computing; DDoS; HIDPS; NIDS; federated learning
• ISSN: 1424-8220; 1424-8220
• DOI: 10.3390/s23146305

The Internet of Things (IoT) introduces significant security vulnerabilities, raising concerns about cyber-attacks. Attackers exploit these vulnerabilities to launch distributed denial-of-service (DDoS) attacks, compromising availability and causing financial damage to digital infrastructure. This study focuses on mitigating DDoS attacks in corporate local networks by developing a model that operates closer to the attack source. The model utilizes Host Intrusion Detection Systems (HIDS) to identify anomalous behaviors in IoT devices and employs network-based intrusion detection approaches through a Network Intrusion Detection System (NIDS) for comprehensive attack identification. Additionally, a Host Intrusion Detection and Prevention System (HIDPS) is implemented in a fog computing infrastructure for real-time and precise attack detection. The proposed model integrates NIDS with federated learning, allowing devices to locally analyze their data and contribute to the detection of anomalous traffic. The distributed architecture enhances security by preventing volumetric attack traffic from reaching internet service providers and destination servers. This research contributes to the advancement of cybersecurity in local network environments and strengthens the protection of IoT networks against malicious traffic. This work highlights the efficiency of using a federated training and detection procedure through deep learning to minimize the impact of a single point of failure (SPOF) and reduce the workload of each device, thus achieving accuracy of 89.753% during detection and increasing privacy issues in a decentralized IoT infrastructure with a near-real-time detection and mitigation system.