Federated RNN for intrusion detection system in IoT environment under adversarial attack

In the past few years, despite significant advancements in IoT networks, security continues to be a critical concern, highlighted by the widespread integration of connected devices, and IoT networks remain susceptible to a diverse range of attacks. As a potential solution, Intrusion Detection Systems (IDS) play an essential role in monitoring network traffic to detect and mitigate threats. However, adapting IDS to the complex environments of IoT networks presents significant challenges. This paper introduces a novel IDS designed specifically for IoT contexts, utilizing federated learning (FL) for enhanced threat detection and response. We propose a unique attack method, the MPLFA (Margin Points Label Flipping Attack), alongside a defense mechanism, the SNCOC (Select Non-poisoned Cluster based on Optimal Clustering). Our proposed defense method is a robust aggregation function for FL. Our experiments on IoT datasets (N-BaIoT2018, UNSW-NB15, CICIoV2024, and CSE-CIC-IDS2018) demonstrate that in the absence of attacks, detection accuracy remains close to 99%. However, the MPLFA Attack significantly degrades detection performance, reducing accuracy by approximately 54% across all datasets. Conversely, SNCOC effectively enhances detection accuracy, improving it by nearly 47%. These results were obtained using three different attack rates (25%, 30%, and 35%), highlighting the effectiveness of our proposed methods in adversarial scenarios. Furthermore, as an aggregation function in FL, SNCOC consistently outperforms established methods such as FedAvg, MKrum, and FoolGold by up to 32%, nearly 32%, and about 25% under various conditions, respectively.