Federated PCA on Grassmann Manifold for IoT Anomaly Detection

TL;DR

This paper introduces FedPCA, a federated unsupervised anomaly detection framework for IoT security that uses PCA on Grassmann manifolds, offering efficient, privacy-preserving threat detection with proven convergence.

Contribution

It presents a novel federated PCA-based anomaly detection method on Grassmann manifolds with theoretical convergence analysis and practical efficiency improvements for IoT security.

Findings

Comparable anomaly detection performance to nonlinear baselines

Significant improvements in communication efficiency

Enhanced memory efficiency for resource-constrained devices

Abstract

With the proliferation of the Internet of Things (IoT) and the rising interconnectedness of devices, network security faces significant challenges, especially from anomalous activities. While traditional machine learning-based intrusion detection systems (ML-IDS) effectively employ supervised learning methods, they possess limitations such as the requirement for labeled data and challenges with high dimensionality. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions but pose challenges in deployment onto resource-constrained IoT devices and in interpretability. To address these concerns, this paper proposes a novel federated unsupervised anomaly detection framework, FedPCA, that leverages Principal Component Analysis (PCA) and the Alternating Directions Method Multipliers (ADMM) to learn common representations of distributed non-i.i.d. datasets. Building on the FedPCA framework, we propose two algorithms, FEDPE in Euclidean space and FEDPG on Grassmann manifolds. Our approach enables real-time threat detection and mitigation at the device level, enhancing network resilience while ensuring privacy. Moreover, the proposed algorithms are accompanied by theoretical convergence rates even under a subsampling scheme, a novel result. Experimental results on the UNSW-NB15 and TON-IoT datasets show that our proposed methods offer performance in anomaly detection comparable to nonlinear baselines, while providing significant improvements in communication and memory efficiency, underscoring their potential for securing IoT networks.