An ensemble deep federated learning cyber-threat hunting model for Industrial Internet of Things

 

By Amir Namavar Jahromi, Hadis Karimipour, Ali Dehghantanha

 

View PDF

 

Abstract:

 

Industrial Internet of Things (IIoT) is an emerging technology with prompt evolution in diverse applications, including critical infrastructure. While the increasing number of IIoT devices in today’s critical infrastructure enhances their efficiency and reliability, it also increases their vulnerability towards cyber-attacks. Ambient Intelligence (AmI), including machine learning techniques, is a way to handle such challenges with minimizing the human role. Although using machine learning-based techniques is increased in some applications these days, they are not widely used in IIoT environments due to the privacy issues of transferring all the data into a single machine to train the models.

This paper proposes an ensemble-based deep federated learning cyber-threat hunting model to hunt the attack samples without data sharing. The proposed hunting model consists of two parallel federated-based components, one analyzes the IIoT status based on the normal situation of the network, and the other analyzes it with considering the threat situation. This model used an ensemble of classifiers to make the final decision. The proposed cyber-threat hunting model is evaluated using two test cases and compared with some works in the literature and outperformed them in the f1-score metric. Moreover, evaluations show that the proposed model acts stable in facing different numbers of clients, and its training time is faster than the centralized models with the same computational complexity.