CAFiKS: Communication-Aware Federated IDS With Knowledge Sharing for Secure IoT Connectivity

Download PDF
Open Webpage

Ogobuchi Daniel Okey, Demóstenes Zegarra Rodríguez, Frederico Gadelha Guimarães, João Henrique Kleinschmidt

Published: 01 Jan 2025, Last Modified: 02 Jan 2026IEEE AccessEveryoneRevisionsCC BY-SA 4.0
Abstract: Federated learning has recently gained significant attention as a method for building machine learning models due to its ability to preserve data privacy while delivering improved performance. In many cases, deep neural networks (DNNs) serve as the backbone algorithm in federated processes. However, their computational demands make them impractical for deployment in Internet of Things (IoT) environments, which are characterised by resource-constrained devices; hence, the need for lightweight and adaptable solutions. Currently, the most widely used aggregation method only assumes that data is independently and identically distributed (IID), which is impractical for real-world applications. Additionally, to cater for robust security measures to protect the vast number of devices and data in IoT networks, federated learning-based methods are increasingly being employed to develop intrusion detection systems (IDS) that monitor IoT traffic for malicious activities. In this paper, we introduce CAFiKS (Communication-Aware Federated Intrusion Detection System with Knowledge Sharing), a novel FL method designed to address the challenges of data heterogeneity, model complexity, and convergence rates. CAFiKS integrates knowledge sharing and parameter compression techniques to achieve a lightweight model that is both resource-efficient and adaptable to heterogeneous IoT settings. Specifically, CAFiKS leverages knowledge distillation (KD), where a high-capacity teacher model trains a smaller, more efficient student model by transferring essential knowledge. This approach significantly reduces model size while preserving high detection accuracy. We evaluated CAFiKS on several novel datasets under both data and system heterogeneity scenarios to ensure scalability. The experimental results demonstrate that the CAFiKS achieves high detection accuracy (up to 99%) on the selected datasets in identifying network traffic anomalies while using a compact network architecture for predictions. By incorporating knowledge distillation, FL clients effectively reduce communication bottlenecks and mitigate communication threats.