Detecting Zero-day Attack with Federated Learning using Autonomously Extracted Anomalies in IoT

In recent years, Internet of Things (IoT) has become an essential element of our daily lives. However, IoT devices used in IoT environments have limited available resources due to power and cost constraints, and this fact makes it difficult to implement advanced security measures on them. In fact, zero-day attacks targeting vulnerable IoT devices have occurred, and introducing an anomaly-based intrusion detection system (IDS) that can detect zero-day attacks is one of the countermeasures against the attacks. However, existing methods still suffer from limited detection ability due to a lack of training data. To solve this problem, this paper proposes an intrusion detection method that aggregates zero-day and false positive (FP) attack candidates extracted by an unsupervised anomaly detection algorithm using a one-class classification algorithm and FL. The detection performance evaluation confirms that the proposed method can share the autonomously detected zero-day attacks among IoT networks while suppressing FPs generated during the candidate extraction process.