Robust Federated Learning for execution time-based device model identification under label-flipping attack

TL;DR

This paper demonstrates that federated learning can accurately identify device models using execution time features, maintaining high accuracy and privacy even under label-flipping attacks, with some aggregation methods being more robust than others.

Contribution

It compares centralized and federated learning for device identification using execution time data and evaluates robustness against label-flipping attacks with various aggregation methods.

Findings

Achieved 0.9999 accuracy in both centralized and federated setups.

Federated learning preserves privacy without sacrificing accuracy.

Robust aggregation methods like Zeno and median are effective against certain attacks, but degrade with high malicious client percentage.

Abstract

The computing device deployment explosion experienced in recent years, motivated by the advances of technologies such as Internet-of-Things (IoT) and 5G, has led to a global scenario with increasing cybersecurity risks and threats. Among them, device spoofing and impersonation cyberattacks stand out due to their impact and, usually, low complexity required to be launched. To solve this issue, several solutions have emerged to identify device models and types based on the combination of behavioral fingerprinting and Machine/Deep Learning (ML/DL) techniques. However, these solutions are not appropriated for scenarios where data privacy and protection is a must, as they require data centralization for processing. In this context, newer approaches such as Federated Learning (FL) have not been fully explored yet, especially when malicious clients are present in the scenario setup. The present work analyzes and compares the device model identification performance of a centralized DL model with an FL one while using execution time-based events. For experimental purposes, a dataset containing execution-time features of 55 Raspberry Pis belonging to four different models has been collected and published. Using this dataset, the proposed solution achieved 0.9999 accuracy in both setups, centralized and federated, showing no performance decrease while preserving data privacy. Later, the impact of a label-flipping attack during the federated model training is evaluated, using several aggregation mechanisms as countermeasure. Zeno and coordinate-wise median aggregation show the best performance, although their performance greatly degrades when the percentage of fully malicious clients (all training samples poisoned) grows over 50%.