Fed-LSAE: Thwarting Poisoning Attacks against Federated Cyber Threat Detection System via Autoencoder-based Latent Space Inspection

TL;DR

This paper introduces Fed-LSAE, a novel federated learning defense mechanism using autoencoder-based latent space inspection to effectively detect and exclude malicious clients, significantly improving robustness against poisoning attacks in IoT cybersecurity.

Contribution

The paper proposes a new robust aggregation method, Fed-LSAE, leveraging latent space autoencoder techniques to enhance security in federated learning for cyber threat detection.

Findings

Achieved approximately 98% improvement in detection metrics.

Effectively excludes malicious clients during federated training.

Demonstrated robustness against advanced poisoning attacks on IoT datasets.

Abstract

The significant rise of security concerns in conventional centralized learning has promoted federated learning (FL) adoption in building intelligent applications without privacy breaches. In cybersecurity, the sensitive data along with the contextual information and high-quality labeling in each enterprise organization play an essential role in constructing high-performance machine learning (ML) models for detecting cyber threats. Nonetheless, the risks coming from poisoning internal adversaries against FL systems have raised discussions about designing robust anti-poisoning frameworks. Whereas defensive mechanisms in the past were based on outlier detection, recent approaches tend to be more concerned with latent space representation. In this paper, we investigate a novel robust aggregation method for FL, namely Fed-LSAE, which takes advantage of latent space representation via the penultimate layer and Autoencoder to exclude malicious clients from the training process. The experimental results on the CIC-ToN-IoT and N-BaIoT datasets confirm the feasibility of our defensive mechanism against cutting-edge poisoning attacks for developing a robust FL-based threat detector in the context of IoT. More specifically, the FL evaluation witnesses an upward trend of approximately 98% across all metrics when integrating with our Fed-LSAE defense.