TY - GEN
T1 - Anomaly Traffic Detection with Federated Learning toward Network-based Malware Detection in IoT
AU - Nishio, Takayuki
AU - Nakahara, Masataka
AU - Okui, Norihiro
AU - Kubota, Ayumu
AU - Kobayashi, Yasuaki
AU - Sugiyama, Keizo
AU - Shinkuma, Ryoichi
N1 - Funding Information:
This work is supported in part by JST, PRESTO Grant Number JP-MJPR2035, Japan. These research results were partly obtained from the commissioned research (No.05201) by National Institute of Information and Communications Technology (NICT), Japan.
Funding Information:
This work is supported in part by JST, PRESTO Grant Number JPMJPR2035, Japan. These research results were partly obtained from the commissioned research (No.05201) by National Institute of Information and Communications Technology (NICT), Japan.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - To mitigate cyberattacks, detecting anomalies in network traffic is of key importance. In this paper, we propose a model training method for detection of Internet of Things (IoT) anomalous traffic that is robust against the contamination of anomalous samples in the training set. The key idea is to focus on the nature of IoT malware infections (i.e., only a limited number of IoT networks contain infected devices) and employ federated learning (FL) to mitigate the impact of anomalous samples on model training. The simulation evaluation using IoT traffic data obtained from residences and malware traffic data collected from sandbox experiments demonstrates that the proposed method does not cause accuracy degradation even when the anomalous samples are contaminated, in contrast with the detection accuracy of baseline methods, which does degrade.
AB - To mitigate cyberattacks, detecting anomalies in network traffic is of key importance. In this paper, we propose a model training method for detection of Internet of Things (IoT) anomalous traffic that is robust against the contamination of anomalous samples in the training set. The key idea is to focus on the nature of IoT malware infections (i.e., only a limited number of IoT networks contain infected devices) and employ federated learning (FL) to mitigate the impact of anomalous samples on model training. The simulation evaluation using IoT traffic data obtained from residences and malware traffic data collected from sandbox experiments demonstrates that the proposed method does not cause accuracy degradation even when the anomalous samples are contaminated, in contrast with the detection accuracy of baseline methods, which does degrade.
KW - Anomaly Detection
KW - Federated Learning
KW - IoT
KW - Malware Detection
KW - Traffic Monitoring
UR - http://www.scopus.com/inward/record.url?scp=85146959077&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85146959077&partnerID=8YFLogxK
U2 - 10.1109/GLOBECOM48099.2022.10000633
DO - 10.1109/GLOBECOM48099.2022.10000633
M3 - Conference contribution
AN - SCOPUS:85146959077
T3 - 2022 IEEE Global Communications Conference, GLOBECOM 2022 - Proceedings
SP - 299
EP - 304
BT - 2022 IEEE Global Communications Conference, GLOBECOM 2022 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 IEEE Global Communications Conference, GLOBECOM 2022
Y2 - 4 December 2022 through 8 December 2022
ER -