A Heterogeneity-Aware Semi-Decentralized Model for a Lightweight Intrusion Detection System for IoT Networks Based on Federated Learning and BiLSTM

Shuroog Alsaleh ^1,2, Mohamed El Bachir Menai ², Saad Al-Ahmadi ²

⁰Department of Computer Science, King Saud University, Riyadh 11451, Saudi Arabia.

Sensors (basel, Switzerland) +

|

February 26, 2025

View abstract on PubMed

Summary

This study introduces a semi-decentralized federated learning (FL) model for lightweight intrusion detection systems (IDS) in Internet of Things (IoT) networks. The proposed clustering approach enhances performance and reduces communication overhead, effectively detecting distributed denial-of-service (DDoS) attacks on resource-constrained devices.

Area Of Science

Cybersecurity
Network Security
Artificial Intelligence

Background

Internet of Things (IoT) networks are vulnerable to cyberattacks due to their scale and device heterogeneity.
Resource-constrained IoT devices cannot support conventional intrusion detection systems (IDS).
Federated learning (FL) offers a lightweight solution for IoT IDSs by enabling on-device training.

Purpose Of The Study

To propose a novel semi-decentralized FL-based model for a lightweight IDS tailored to IoT device capabilities.
To address the challenges of IoT device heterogeneity, lightweight-ness, and performance in intrusion detection.
To specifically mitigate distributed denial-of-service (DDoS) attacks in IoT environments.

Main Methods

A semi-decentralized FL architecture with device clustering and cluster heads to reduce communication overhead.
Integration of deep learning models including Long Short-Term Memory (LSTM), Bidirectional LSTM (BiLSTM), and Wasserstein Generative Adversarial Network (WGAN).
Evaluation using the CICIoT2023 dataset, followed by testing on BoT-IoT, WUSTL-IIoT-2021, and Edge-IIoTset datasets.

Main Results

The proposed semi-decentralized FL model effectively reduces communication overhead and improves the aggregation process.
BiLSTM demonstrated superior performance and suitability for resource-constrained IoT devices due to its model size.
The model achieved high performance across multiple datasets, with particular effectiveness in detecting DDoS attacks.

Conclusions

The developed semi-decentralized FL model offers an effective and lightweight solution for intrusion detection in heterogeneous IoT networks.
Clustering IoT devices significantly enhances the efficiency and performance of federated learning-based IDSs.
The model shows strong potential for real-world deployment in securing IoT ecosystems against prevalent threats like DDoS attacks.

Keywords:

anomaly detection centralized FL decentralized FL deep learning energy-based federated learning internet of things intrusion detection system machine learning semi-decentralized FL transfer learning