TY - GEN
T1 - Explainable Federated Learning for Botnet Detection in IoT Networks
AU - Kalakoti, Rajesh
AU - Bahsi, Hayretdin
AU - Nomm, Sven
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The widespread use of Internet of Things (IoT) de-vices has increased the vulnerability to botnet attacks, presenting significant challenges to network security. Federated learning (FL) is a promising approach for detecting IoT botnets while preserving data privacy. However, the black-box nature of FL models impedes their interpretability and transparency, which are crucial for trust and accountability in security applications. In this paper, we propose an approach to generate explanations for the server model induced for intrusion detection tasks in the FL setting without direct access to data of IoT device-based clients. This involves aggregating SHAP (SHapley Additive ex-Planations) value explanations from individual IoT device-based client models to approximate the server model's explanations. We evaluated this approach by comparing the aggregated client-based explanations with the server-based explanations obtained when the server has access to the data of participating IoT device clients. We employed a deep neural network (DNN) model trained in a horizontal federated learning (HFL) setting with the federated averaging (FedAvg) algorithm. DNN model achieved high detection rates of Accuracy, Precision, Recall & Fl-Score in Botnet Detection of multiclass classification on both IoT device-based client-side models and the server-side model. Additionally, we analyzed the importance of features contributing to IoT botnet detection using the generated SHAP explanations. The results demonstrate that the aggregation of client-based SHAP explanations closely approximates the server-based explanations, achieving comparable explainability without compromising data privacy.
AB - The widespread use of Internet of Things (IoT) de-vices has increased the vulnerability to botnet attacks, presenting significant challenges to network security. Federated learning (FL) is a promising approach for detecting IoT botnets while preserving data privacy. However, the black-box nature of FL models impedes their interpretability and transparency, which are crucial for trust and accountability in security applications. In this paper, we propose an approach to generate explanations for the server model induced for intrusion detection tasks in the FL setting without direct access to data of IoT device-based clients. This involves aggregating SHAP (SHapley Additive ex-Planations) value explanations from individual IoT device-based client models to approximate the server model's explanations. We evaluated this approach by comparing the aggregated client-based explanations with the server-based explanations obtained when the server has access to the data of participating IoT device clients. We employed a deep neural network (DNN) model trained in a horizontal federated learning (HFL) setting with the federated averaging (FedAvg) algorithm. DNN model achieved high detection rates of Accuracy, Precision, Recall & Fl-Score in Botnet Detection of multiclass classification on both IoT device-based client-side models and the server-side model. Additionally, we analyzed the importance of features contributing to IoT botnet detection using the generated SHAP explanations. The results demonstrate that the aggregation of client-based SHAP explanations closely approximates the server-based explanations, achieving comparable explainability without compromising data privacy.
KW - Botnet
KW - Explainable AI
KW - Federated Learning
KW - Horizontal Federated Learning
KW - Internet of Things
KW - Intrusion Detection
KW - Post-Hoc explainability
KW - SHAP
UR - http://www.scopus.com/inward/record.url?scp=85206145920&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85206145920&partnerID=8YFLogxK
U2 - 10.1109/CSR61664.2024.10679348
DO - 10.1109/CSR61664.2024.10679348
M3 - Conference contribution
AN - SCOPUS:85206145920
T3 - Proceedings of the 2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024
SP - 22
EP - 29
BT - Proceedings of the 2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024
Y2 - 2 September 2024 through 4 September 2024
ER -