Block Hunter: Federated Learning for Cyber Threat Hunting in Blockchain-based IIoT Networks

TL;DR

This paper introduces Block Hunter, a federated learning framework designed to detect cyber threats in blockchain-based IIoT networks, achieving high accuracy while preserving privacy and minimizing bandwidth use.

Contribution

It presents the first federated threat hunting model for IIoT networks that combines cluster-based anomaly detection with machine learning, enhancing security without compromising privacy.

Findings

High detection accuracy of anomalies.

Efficient bandwidth utilization.

Effective privacy preservation in threat detection.

Abstract

Nowadays, blockchain-based technologies are being developed in various industries to improve data security. In the context of the Industrial Internet of Things (IIoT), a chain-based network is one of the most notable applications of blockchain technology. IIoT devices have become increasingly prevalent in our digital world, especially in support of developing smart factories. Although blockchain is a powerful tool, it is vulnerable to cyber attacks. Detecting anomalies in blockchain-based IIoT networks in smart factories is crucial in protecting networks and systems from unexpected attacks. In this paper, we use Federated Learning (FL) to build a threat hunting framework called Block Hunter to automatically hunt for attacks in blockchain-based IIoT networks. Block Hunter utilizes a cluster-based architecture for anomaly detection combined with several machine learning models in a federated environment. To the best of our knowledge, Block Hunter is the first federated threat hunting model in IIoT networks that identifies anomalous behavior while preserving privacy. Our results prove the efficiency of the Block Hunter in detecting anomalous activities with high accuracy and minimum required bandwidth.