A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM
Internet of Things (IoT) networks’ wide range and heterogeneity make them prone to cyberattacks. Most IoT devices have limited resource capabilities (e.g., memory capacity, processing power, and energy consumption) to function as conventional intrusion detection systems (IDSs). Researchers have appl...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-02-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/25/4/1039 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849718402871984128 |
|---|---|
| author | Shuroog Alsaleh Mohamed El Bachir Menai Saad Al-Ahmadi |
| author_facet | Shuroog Alsaleh Mohamed El Bachir Menai Saad Al-Ahmadi |
| author_sort | Shuroog Alsaleh |
| collection | DOAJ |
| description | Internet of Things (IoT) networks’ wide range and heterogeneity make them prone to cyberattacks. Most IoT devices have limited resource capabilities (e.g., memory capacity, processing power, and energy consumption) to function as conventional intrusion detection systems (IDSs). Researchers have applied many approaches to lightweight IDSs, including energy-based IDSs, machine learning/deep learning (ML/DL)-based IDSs, and federated learning (FL)-based IDSs. FL has become a promising solution for IDSs in IoT networks because it reduces the overhead in the learning process by engaging IoT devices during the training process. Three FL architectures are used to tackle the IDSs in IoT networks, including centralized (client–server), decentralized (device-to-device), and semi-decentralized. However, none of them has solved the heterogeneity of IoT devices while considering lightweight-ness and performance at the same time. Therefore, we propose a semi-decentralized FL-based model for a lightweight IDS to fit the IoT device capabilities. The proposed model is based on clustering the IoT devices—FL clients—and assigning a cluster head to each cluster that acts on behalf of FL clients. Consequently, the number of IoT devices that communicate with the server is reduced, helping to reduce the communication overhead. Moreover, clustering helps in improving the aggregation process as each cluster sends the average model’s weights to the server for aggregation in one FL round. The distributed denial-of-service (DDoS) attack is the main concern in our IDS model, since it easily occurs in IoT devices with limited resource capabilities. The proposed model is configured with three deep learning techniques—LSTM, BiLSTM, and WGAN—using the CICIoT2023 dataset. The experimental results show that the BiLSTM achieves better performance and is suitable for resource-constrained IoT devices based on model size. We test the pre-trained semi-decentralized FL-based model on three datasets—BoT-IoT, WUSTL-IIoT-2021, and Edge-IIoTset—and the results show that our model has the highest performance in most classes, particularly for DDoS attacks. |
| format | Article |
| id | doaj-art-7b0f50e032b445f987ea134f42fbdb79 |
| institution | DOAJ |
| issn | 1424-8220 |
| language | English |
| publishDate | 2025-02-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj-art-7b0f50e032b445f987ea134f42fbdb792025-08-20T03:12:23ZengMDPI AGSensors1424-82202025-02-01254103910.3390/s25041039A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTMShuroog Alsaleh0Mohamed El Bachir Menai1Saad Al-Ahmadi2Department of Computer Science, King Saud University, Riyadh 11451, Saudi ArabiaDepartment of Information Technology, Princess Nourah bint Abdulrahman University, Riyadh 11671, Saudi ArabiaDepartment of Information Technology, Princess Nourah bint Abdulrahman University, Riyadh 11671, Saudi ArabiaInternet of Things (IoT) networks’ wide range and heterogeneity make them prone to cyberattacks. Most IoT devices have limited resource capabilities (e.g., memory capacity, processing power, and energy consumption) to function as conventional intrusion detection systems (IDSs). Researchers have applied many approaches to lightweight IDSs, including energy-based IDSs, machine learning/deep learning (ML/DL)-based IDSs, and federated learning (FL)-based IDSs. FL has become a promising solution for IDSs in IoT networks because it reduces the overhead in the learning process by engaging IoT devices during the training process. Three FL architectures are used to tackle the IDSs in IoT networks, including centralized (client–server), decentralized (device-to-device), and semi-decentralized. However, none of them has solved the heterogeneity of IoT devices while considering lightweight-ness and performance at the same time. Therefore, we propose a semi-decentralized FL-based model for a lightweight IDS to fit the IoT device capabilities. The proposed model is based on clustering the IoT devices—FL clients—and assigning a cluster head to each cluster that acts on behalf of FL clients. Consequently, the number of IoT devices that communicate with the server is reduced, helping to reduce the communication overhead. Moreover, clustering helps in improving the aggregation process as each cluster sends the average model’s weights to the server for aggregation in one FL round. The distributed denial-of-service (DDoS) attack is the main concern in our IDS model, since it easily occurs in IoT devices with limited resource capabilities. The proposed model is configured with three deep learning techniques—LSTM, BiLSTM, and WGAN—using the CICIoT2023 dataset. The experimental results show that the BiLSTM achieves better performance and is suitable for resource-constrained IoT devices based on model size. We test the pre-trained semi-decentralized FL-based model on three datasets—BoT-IoT, WUSTL-IIoT-2021, and Edge-IIoTset—and the results show that our model has the highest performance in most classes, particularly for DDoS attacks.https://www.mdpi.com/1424-8220/25/4/1039internet of thingsintrusion detection systemanomaly detectionmachine learningdeep learningfederated learning |
| spellingShingle | Shuroog Alsaleh Mohamed El Bachir Menai Saad Al-Ahmadi A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM Sensors internet of things intrusion detection system anomaly detection machine learning deep learning federated learning |
| title | A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM |
| title_full | A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM |
| title_fullStr | A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM |
| title_full_unstemmed | A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM |
| title_short | A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM |
| title_sort | heterogeneity aware semi decentralized model for a lightweight intrusion detection system for iot networks based on federated learning and bilstm |
| topic | internet of things intrusion detection system anomaly detection machine learning deep learning federated learning |
| url | https://www.mdpi.com/1424-8220/25/4/1039 |
| work_keys_str_mv | AT shuroogalsaleh aheterogeneityawaresemidecentralizedmodelforalightweightintrusiondetectionsystemforiotnetworksbasedonfederatedlearningandbilstm AT mohamedelbachirmenai aheterogeneityawaresemidecentralizedmodelforalightweightintrusiondetectionsystemforiotnetworksbasedonfederatedlearningandbilstm AT saadalahmadi aheterogeneityawaresemidecentralizedmodelforalightweightintrusiondetectionsystemforiotnetworksbasedonfederatedlearningandbilstm AT shuroogalsaleh heterogeneityawaresemidecentralizedmodelforalightweightintrusiondetectionsystemforiotnetworksbasedonfederatedlearningandbilstm AT mohamedelbachirmenai heterogeneityawaresemidecentralizedmodelforalightweightintrusiondetectionsystemforiotnetworksbasedonfederatedlearningandbilstm AT saadalahmadi heterogeneityawaresemidecentralizedmodelforalightweightintrusiondetectionsystemforiotnetworksbasedonfederatedlearningandbilstm |