The Internet of Things is exploding—projected to reach over 30 billion devices by 2030. But with connectivity comes vulnerability. Traditional security models rely on centralized data collection, which creates privacy risks and single points of failure.
The Challenge: Privacy vs. Security in IoT
IoT devices generate massive amounts of sensitive network traffic data. Training machine learning models to detect attacks typically requires sending this data to a central server—violating user privacy and consuming bandwidth.
Federated Learning (FL) offers a solution: train models locally on devices and share only model updates (weights), not raw data. But is FL robust enough for security-critical environments? Can it withstand adversarial attacks like data poisoning?
Project Goal: Build a hybrid security system combining Autoencoders for anomaly detection with Federated Learning for privacy-preserving attack classification, using the Aposemat IoT-23 dataset.
System Architecture
The proposed system operates in three layers: anomaly detection, attack classification, and distributed learning.
1. Anomaly Detection
Autoencoder trained on benign traffic to identify deviations via reconstruction error
2. Classification
Random Forest, XGBoost, and 1D CNN models classify specific attack types
3. Federated Learning
Flower framework orchestrates distributed training across emulated IoT clients
Methodology & Implementation
1. Dataset: Aposemat IoT-23
We used the Aposemat IoT-23 dataset, which provides labeled network traffic from diverse IoT devices. It includes both normal behavior and malicious activities (DDoS, C&C, Reconnaissance, etc.), making it ideal for training intrusion detection systems.
Feature Selection: 24 network flow features were extracted, including duration, protocol types (TCP/UDP/ICMP), byte counts, and connection states.
2. Autoencoder for Anomaly Detection
The Autoencoder was trained exclusively on benign traffic. It learns to compress and reconstruct normal patterns. When attack traffic is fed into the model, the reconstruction error spikes, flagging it as anomalous.
3. Centralized Model Performance
Before implementing FL, we established baselines using centralized training. Three models were evaluated:
| Model | Accuracy | Strengths | Weaknesses |
|---|---|---|---|
| Random Forest | 73% | High precision on Benign & DDoS | Struggles with C&C variants |
| XGBoost | 73% | Efficient, good feature importance | Low recall on minority classes |
| 1D CNN | 69% | Automatic feature extraction | Requires more tuning for imbalanced data |
4. Federated Learning with Flower
We implemented Federated Averaging (FedAvg) using the Flower framework. The architecture consisted of a central aggregation server and multiple emulated IoT clients.
# Federated Learning Configuration
strategy = fl.server.strategy.FedAvg(
fraction_fit=0.5, # 50% clients participate per round
min_fit_clients=2, # Minimum clients required
fraction_evaluate=0.5, # 50% clients evaluate per round
min_evaluate_clients=2,
on_fit_config_fn=fit_config, # Local epochs = 5
)
Result: The federated 1D CNN achieved 69.3% accuracy, comparable to its centralized counterpart. This validates that privacy-preserving training doesn't necessarily sacrifice performance in this context.
Security Analysis: Testing Robustness
A key contribution of this project was stress-testing the FL system against adversarial attacks. We simulated two specific threats:
⚠️ Data Poisoning Attack
We simulated label-flipping attacks where malicious clients intentionally mislabel training data.
Impact: As poisoning intensity increased, global model accuracy degraded significantly. At 100% poisoning, accuracy dropped to near 0%. The model's decision boundaries were heavily distorted, causing benign traffic to be misclassified as attacks.
⚠️ Denial of Service (DoS) Attack
We simulated a connection flood against the Flower server (localhost:8080) using concurrent threads.
Impact: The server accepted the flood connections, misinterpreting them as legitimate FL clients. This disrupted client selection and aggregation phases, effectively halting the federated learning process. While the server didn't crash, its orchestration logic was overwhelmed.
Key Findings & Lessons Learned
1. Autoencoders Excel at Unknown Threats
The 96% anomaly detection rate proves that unsupervised learning is powerful for identifying zero-day or novel attacks that supervised models might miss.
2. FL Privacy Comes with Risks
While FL protects data privacy, it introduces new attack vectors. Data poisoning is a critical vulnerability that requires defensive aggregation techniques (e.g., Krum, Multi-Krum).
3. Server Orchestration is a Bottleneck
The Flower server's susceptibility to connection floods highlights the need for rate-limiting and client authentication mechanisms in production FL deployments.
4. Data Imbalance Matters
All models struggled with minority attack classes (e.g., Okiru, C&C variants). Future work should explore SMOTE or class-weighted loss functions.
Limitations & Future Work
This project served as a foundational exploration. Several areas were identified for future improvement:
- Deception Environments: The initial architecture proposed routing severe attacks to deception environments (Honeynets). This component was conceptual and not implemented in the current experimental scope.
- Non-IID Data: The FL simulation used identical data splits across clients for controlled experiments. Real-world IoT data is non-IID (non-independent and identically distributed), which affects convergence.
- Advanced Defenses: Implementing robust aggregation rules to mitigate data poisoning effects.
- Real Hardware Testing: Moving from emulated clients to actual Raspberry Pi or IoT devices to measure real computational overhead.
📚 Academic Context
This research was completed as my undergraduate major project and published as a conference paper. It represents my early exploration into machine learning security, privacy-preserving technologies, and adversarial robustness—themes that continue to influence my work in cloud security and detection engineering.