A novel federated learning approach for IoT botnet intrusion detection using SHAP-based knowledge distillation
Abstract The exponential growth of the Internet of Things (IoT) has introduced new security vulnerabilities, particularly from botnet attacks that exploit the heterogeneity and limited processing capabilities of IoT devices. Traditional centralized intrusion detection models are ineffective in prote...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2025-08-01
|
| Series: | Complex & Intelligent Systems |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s40747-025-02001-9 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Abstract The exponential growth of the Internet of Things (IoT) has introduced new security vulnerabilities, particularly from botnet attacks that exploit the heterogeneity and limited processing capabilities of IoT devices. Traditional centralized intrusion detection models are ineffective in protecting distributed IoT environments due to data privacy concerns and the challenges posed by non-IID (non-independent and identically distributed) data. In response, we propose a novel, privacy-preserving federated learning framework tailored for IoT intrusion detection. Our framework leverages SHAP (Shapley Additive Explanations), a technique for computing feature importance, to provide interpretable insights while maintaining data privacy. Each IoT client trains locally on its unique, heterogeneous data, computes SHAP values to quantify feature relevance, and shares only distilled feature knowledge with the central server. This aggregated knowledge forms a global feature profile that enables the global model to accurately detect diverse botnet intrusions across non-IID client data. Experimental results demonstrate that our model achieves near-perfect accuracy (99.99%) across various botnet types, showcasing robustness in identifying botnet-specific attack patterns while preserving privacy. By addressing IoT data heterogeneity, non-IID data, and privacy concerns, our framework provides a scalable, interpretable, and privacy-compliant federated learning solution, advancing the security of IoT networks against botnet intrusions. |
|---|---|
| ISSN: | 2199-4536 2198-6053 |