Explainable Federated Learning for Botnet Detection in IoT Networks

Rajesh Kalakoti, Hayretdin Bahsi, Sven Nomm

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

The widespread use of Internet of Things (IoT) de-vices has increased the vulnerability to botnet attacks, presenting significant challenges to network security. Federated learning (FL) is a promising approach for detecting IoT botnets while preserving data privacy. However, the black-box nature of FL models impedes their interpretability and transparency, which are crucial for trust and accountability in security applications. In this paper, we propose an approach to generate explanations for the server model induced for intrusion detection tasks in the FL setting without direct access to data of IoT device-based clients. This involves aggregating SHAP (SHapley Additive ex-Planations) value explanations from individual IoT device-based client models to approximate the server model's explanations. We evaluated this approach by comparing the aggregated client-based explanations with the server-based explanations obtained when the server has access to the data of participating IoT device clients. We employed a deep neural network (DNN) model trained in a horizontal federated learning (HFL) setting with the federated averaging (FedAvg) algorithm. DNN model achieved high detection rates of Accuracy, Precision, Recall & Fl-Score in Botnet Detection of multiclass classification on both IoT device-based client-side models and the server-side model. Additionally, we analyzed the importance of features contributing to IoT botnet detection using the generated SHAP explanations. The results demonstrate that the aggregation of client-based SHAP explanations closely approximates the server-based explanations, achieving comparable explainability without compromising data privacy.

Original languageEnglish (US)
Title of host publicationProceedings of the 2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages22-29
Number of pages8
ISBN (Electronic)9798350375367
DOIs
StatePublished - 2024
Externally publishedYes
Event2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024 - Hybrid, London, United Kingdom
Duration: Sep 2 2024Sep 4 2024

Publication series

NameProceedings of the 2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024

Conference

Conference2024 IEEE International Conference on Cyber Security and Resilience, CSR 2024
Country/TerritoryUnited Kingdom
CityHybrid, London
Period9/2/249/4/24

Keywords

  • Botnet
  • Explainable AI
  • Federated Learning
  • Horizontal Federated Learning
  • Internet of Things
  • Intrusion Detection
  • Post-Hoc explainability
  • SHAP

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Explainable Federated Learning for Botnet Detection in IoT Networks'. Together they form a unique fingerprint.

Cite this