A Multimodal Swarm Learning Approach for DDoS Detection in Internet of Things Infrastructure
DOI:
https://doi.org/10.4108/eetinis.131.9961Keywords:
DDoS, Decentralized Machine Learning, multimodal, CNN, Swam LearningAbstract
The Internet of Things (IoT) has emerged as a foundational platform for driving intelligent solutions, playing a central role in the Fourth Industrial Revolution. Its potential lies in enabling seamless connectivity and real-time data exchange among diverse devices and systems, thereby powering advanced applications such as intelligent transportation, smart healthcare, precision agriculture, and automated manufacturing. These solutions promise to improve efficiency, optimize resource utilization, and enhance decision-making across various sectors. However, this potential is challenged by some issues, including security vulnerabilities, privacy concerns, and significant heterogeneity arising from the vast diversity of devices, communication protocols, and data formats. In this paper, we develop a multimodal deep learning solution to detect DDoS attacks on IoT infrastructure based on two data types: packet-based data and flow-based data. Firstly, the datasets containing packets labeled as benign or attack are processed into two branches: packet-based and flow-based features. Then, each branch is trained using two independent CNN models. Finally, the feature information extracted from both modalities is fused and fed into a concatenation-based classifier for DDoS attack detection. Experimental results on Edge-IIoTset and CiCIoMT2024 datasets indicate that the multimodal deep learning model within a decentralized machine learning architecture achieves performance comparable to centralized machine learning. In addition, our proposal is also robust to non-independent and identically distributed (non-IID) data in decentralized machine learning architecture.
Downloads
References
[1] Leonel Santos, Ramiro Gonc¸alves, Carlos Rabadao, and José Martins. (2023) A flow-based intrusion detection framework for internet of things networks. In: Cluster Computing (2023), pp. 1–21.
[2] Roberto Doriguzzi-Corin, Stuart Millar, Sandra Scott-Hayward, Jesus Martinez-del-Rincon, and Domenico Siracusa. (2020) LUCID: A practical, lightweight deep learning solution for DDoS attack detection. In: IEEE Transactions on Network and Service Management 17.2 (2020), pp. 876–889.
[3] Xuan-Ha Nguyen, Xuan-Duong Nguyen, Hoang-Hai Huynh, and Kim-Hung Le. Realguard: A lightweight network intrusion detection system for IoT gateways. In: Sensors 22.2 (2022), p. 432.
[4] Aklil Kiflay, Athanasios Tsokanos, Mahmood Fazlali, (2024) and Raimund Kirner. Network intrusion detection leveraging multimodal features. In: Array 22 (2024), p. 100349.
[5] Rashid, M. M., Khan, S. U., Eusufzai, F., Redwan, M. A., Sabuj, S. R., and Elsharief, M. (2023). A federated learning-based approach for improving intrusion detection in industrial internet of things networks. Network, 3(1), 158-179.
[6] Li, Y., Chen, C., Liu, N., Huang, H., Zheng, Z., and Yan, Q. (2020). A blockchain-based decentralized federated learning framework with committee consensus. IEEE Network, 35(1), 234-241.
[7] Warnat-Herresthal, S., Schultze, H., Shastry, K. L., Manamohan, S., Mukherjee, S., Garg, V., ... and Schultze, J. L. (2021). Swarm learning for decentralized and confidential clinical machine learning. Nature, 594(7862), 265-270.
[8] Abdulrahman A. Alshdadi, Abdulwahab Ali Almazroi, Eesa Alsolami, and Nasir Ayub., Enhanced IoT Security for DDOS Attack Detection: Split Attention-Based ResNeXt-GRU Ensembler Approach. In in IEEE Access, vol. 12 (2024), pp. 112368-112380.
[9] Yawar Abbas Abid, Jinsong Wu, Guangquan Xu, Shihui Fu, and Nasir Ayub., Multilevel Deep Neural Network Approach for Enhanced Distributed Denial-of-Service Attack Detection and Classification in Software-Defined Internet of Things Networks. in IEEE Internet of Things Journal, vol. 11, no. 14 (2024), pp. 24715-24725.
[10] Liyuan Chang, and Bin Cao., Toward Efficient Network Traffic Classifications via Multimodal Learning. in IEEE Internet of Things Journal, vol. 12, no. 24 (2024), pp. 51812-51820.
[11] Makhduma F. Saiyed, and Irfan Al-Anbagi., A Genetic Algorithm- and t-Test-Based System for DDoS Attack Detection in IoT Networks. in IEEE Internet of Things Journal, in IEEE Access, vol. 12 (2024), pp. 25623-25641.
[12] Konečný, J., McMahan, H. B., Yu, F. X., Richtárik, P., Suresh, A. T., and Bacon, D. (2016). Federated learning: Strategies for improving communication efficiency. arXiv preprint arXiv:1610.05492.
[13] Giri Sai Ram Ragam, Swarm Learning Team. (2024) Whitepaper on merge methods in swarm learning. Hewlett Packard Enterprise. https://github.com/HewlettPackard/swarm-learning/blob/master/docs/HPE_Merge_Methods_Whitepaper.pdf. Accessed: 2025-04-25
[14] Doriguzzi-Corin, R., Millar, S., Scott-Hayward, S., Martinez-del-Rincon, J., Siracusa, D. (2020) LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection. IEEE Transactions on Network and Service Management. Advance online publication. https://doi.org/10.1109/TNSM.2020.2971776.
[15] Doriguzzi-Corin, R., and Siracusa, D. (2024) FLAD: adaptive federated learning for DDoS attack detection. Computers & Security, 137, 103597.
[16] Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L., and Janicke, H. (2022) Edge-IIoTset: A new comprehensive realistic cyber security dataset of IoT and IIoT applications for centralized and federated learning. IEEE Access, 10, 40281- 40306.
[17] Dadkhah, S., Neto, E. C. P., Ferreira, R., Molokwu, R. C., Sadeghi, S., and Ghorbani, A. A. (2024) CICIoMT2024: A benchmark dataset for multi-protocol security assessment in IoMT. Internet of Things, 28, 101351.
[18] Al Nuaimi, T., Al Zaabi, S., Alyilieli, M., AlMaskari, M., Alblooshi, S., Alhabsi, F., ... & Al Badawi, A. (2023) A comparative evaluation of intrusion detection systems on the edge-IIoT-2022 dataset. Intelligent Systems with Applications, 20, 200298.
Downloads
Published
Issue
Section
Categories
License
Copyright (c) 2025 Thuat Nguyen-Khanh; Anh Pham-Nguyen-Hai, Luan Van-Thien, Quan Le-Trung
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.
