Improved Federated Learning Technique to detect Network Anomaly Detection in IoT /
Hisham Tariq Butt
- 76p. Soft Copy 30cm
Federated learning in network intrusion detection has one significant problem: Byzantine attacks, in which compromised clients inject malicious updates. Existing Byzantineresilient strategies suffer significant degradation, with F1-scores decreasing by approximately 96% when 30% of clients are malicious. This paper presents A3 (Adaptive Attack-Aware Aggregation), which addresses this drawback through adaptive strategy selection and dual aggregation modes. The strategy employs geometric filtering under high-threat conditions and trust-based filtering under normal conditions. The design of A3 incorporates the use of triple-weighted scoring on the dimensions of diversity, confidence, and trust, along with adaptive weight optimization and Byzantine detection. The CICIDS2017 data experiments indicate that A3 achieves an accuracy of 95.83% and an F1- score of 95.90% in benign environments. The performance is still 94.99% accurate and 94.49% F1-score, only 0.84 percentage points lower than in the clean environment, in the Byzantine environment of 30% malicious clients. The algorithm is consistent in many forms of attacks and its accuracy deviates by a very small percentage of 0.71, but multiKrum exposes a disparity of 54.27. Study of comparative performance demonstrates that A3 has higher performance than FedAvg (84.40%), Median (94.49%), and multi-Krum (82.98%). The highest results are obtained with the golden ratio weighting (95.36% accuracy) whereas confidence scoring is the most potent single element. It consists of a geometricalally filtered Krum-style distance analysis, statistical Byzantine detection, round 2 at the start and momentum smoothing, an i value of 0.15. Blending validation can also be used by utilizing a combination of scores of A3 (60 percent) and empirical check-up (40xvii percent). The outcomes of multiple runs demonstrate very statistically significant outcome (p < 0.001), which reveals that the systems federated to identify intrusions are stronger in case with A3.