IoT Malicious Traffic Detection Based on FSKDE and Federated DIOT-Pysyft

In order to solve the limitations of existing malicious traffic detection methods in the Internet of Things (IoT) environment, such as resources, heterogeneous devices, scarce traffic, and dynamic threats, this paper proposes the Feature Selection based on Kernel Density Estimation (FSKDE) and the federated learning method Detection Internet of Things based on Pysyft (DIOT-Pysyft). First, IoT devices perform data preprocessing operations on the collected network traffic data; Second, the FSKDE is used to calculate the probability density of each column of features and selects features according to a preset abnormal threshold; Third, the DIOT-Pysyft is build. It initializes the server that the federated convolutional neural network (CNN) is sent to the IoT devices. The IoT devices use the processed data to train the federated CNN and send them to server secretly. After that, the improved FedAvg algorithm is used to average the gradient of the federated CNN model, which for training and transmitting the encrypted and averaged gradient to the server to build a new global model to participate in the next round of training. Finally, this paper uses the UNSW-NB15 dataset to verify the proposed method for detecting malicious traffic in the IoT environment. The experimental results show that the identification accuracy of the IoT malicious traffic detection based on FSKDE and federated DIOT-Pysyft reaches 91.78%, which can detect potential malicious traffic in the IoT environment. The improved FedAvg method further protects the privacy and security of IoT data and ensures the accuracy while protecting the data.