Federated Learning for Early Detection of Advanced Persistent Threats in IoT Networks

Article Sidebar

pdf
Published: Dec 25, 2025
DOI: https://doi.org/10.61710/kjcs.v3i4.140
Keywords:
Intrusion detection system, federated learning, initial compromised

Main Article Content

bassam noori
Faculty of Computer Science and Information Technology, University of Al-Qadisiyah, Iraq

Abstract

In the era of connected IoT devices, ensuring cybersecurity while preserving data privacy is increasingly critical. Federated learning offers a promising approach by enabling collaborative training of detection systems without sharing raw data. This paper presents a novel federated Intrusion Detection System (IDS) based on XGBoost algorithm, and for the first time designed to detect initial compromise (I.C.) phase of Advanced Persistent Threats (APTs) in distributed Internet of Things (IoT) environments. By leveraging the federated framework, the IDS achieves robust detection across multiple devices while maintaining privacy and minimizing computational overhead. Extensive simulation results indicated that our proposed method achieved a precision of 97%, recall of 100%, and F1-score of 98%, providing a practical and efficient solution for real-world IoT security challenges.

Downloads

Download data is not yet available.

Article Details

How to Cite
noori, bassam. (2025). Federated Learning for Early Detection of Advanced Persistent Threats in IoT Networks. AlKadhim Journal for Computer Science, 3(4), 100–108. https://doi.org/10.61710/kjcs.v3i4.140
Issue
Vol. 3 No. 4 (2025): Alkadhim Jornal for Computer Science
Section
Computer Science
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

References

F. John Dian, R. Vahidnia, and A. Rahmati, “Wearables and the Internet of Things (IoT), Applications, Opportunities, and Challenges: A Survey,” IEEE Access, vol. 8, pp. 69200–69211, 2020, doi: 10.1109/ACCESS.2020.2986329.

T. Steffens, Attribution of Advanced Persistent Threats. Springer, 2020.

O. Access, K. M. Khudhair, B. M. Khudhair, and R. R. Hadi, “Cognitive Honeypots AI-Enhanced Deception for Proactive Threat,” vol. 3, no. 3, pp. 55–70, 2025.

A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities,” IEEE Communications Surveys & Tutorials, vol. PP, no. 8, p. 1, 2019.

F. Pereira, R. Correia, P. Pinho, S. I. Lopes, and N. B. Carvalho, “Challenges in resource-constrained iot devices: Energy and communication as critical success factors for future iot deployment,” Sensors, vol. 20, no. 22, pp. 1–30, 2020.

P. M. Chanal and M. S. Kakkasageri, “Preserving Data Confidentiality in Internet of Things,” SN Computer Science, vol. 2, no. 1, pp. 1–12, 2021, doi: 10.1007/s42979-020-00429-z.

A. Radovici, C. Rusu, and R. Serban, “A Survey of IoT Security Threats and Solutions,” Proceedings - 17th RoEduNet IEEE International Conference: Networking in Education and Research, RoEduNet 2018, vol. 9, no. 45, 2018, doi: 10.1109/ROEDUNET.2018.8514146.

G. Eric and A. Jurcut, “Intrusion Detection in Internet of Things Systems : A Review on Design Approaches Leveraging Multi-Access Edge,” Sensors, vol. 22, pp. 1–33, 2022.

O. Access and I. Technology, “A Comprehensive Review of Intrusion Detection Systems in IoT Networks Using ML and DL Techniques,” vol. 3, no. 2, 2025.

H. Huang, H. Al-Azzawi, and H. Brani, Network Traffic Anomaly Detection. 2014. [Online]. Available: http://arxiv.org/abs/1402.0856

X. Jaw, Ebrima and Wang, “Feature selection and ensemble-based intrusion detection system: an efficient and comprehensive approach,” Symmetry, vol. 13, p. 1764, 2021.

N. A. Al-Athba Al-Marri, B. S. Ciftler, and M. M. Abdallah, “Federated Mimic Learning for Privacy Preserving Intrusion Detection,” 2020 IEEE International Black Sea Conference on Communications and Networking, BlackSeaCom 2020, 2020, doi: 10.1109/BlackSeaCom48709.2020.9234959.

O. Access, B. S. Zynal, A. T. Lateef, S. A. Jebur, and H. A. Naser, “Improving Communication Performance Through Fiber Amplifier,” vol. 2, no. 2, pp. 1–9, 2024.

V. Rey, P. M. Sánchez Sánchez, A. Huertas Celdrán, and G. Bovet, “Federated learning for malware detection in IoT devices,” Computer Networks, vol. 204, no. December 2021, p. 108693, 2022, doi: 10.1016/j.comnet.2021.108693.

B. Olanrewaju-George and B. Pranggono, “Federated learning-based intrusion detection system for the internet of things using unsupervised and supervised deep learning models,” Cyber Security and Applications, vol. 3, no. October 2023, p. 100068, 2025, doi: 10.1016/j.csa.2024.100068.

C. Regan, M. Nasajpour, R. M. Parizi, S. Pouriyeh, A. Dehghantanha, and K.-K. R. Choo, “Federated IoT attack detection using decentralized edge data,” Machine Learning with Applications, vol. 8, no. November 2021, p. 100263, 2022, doi: 10.1016/j.mlwa.2022.100263.

B. Li, Y. Wu, J. Song, R. Lu, T. Li, and L. Zhao, “DeepFed: Federated Deep Learning for Intrusion Detection in Industrial Cyber-Physical Systems,” IEEE Transactions on Industrial Informatics, vol. 17, no. 8, pp. 5615–5624, 2021, doi: 10.1109/TII.2020.3023430.

V. Mothukuri, P. Khare, R. M. Parizi, S. Pouriyeh, A. Dehghantanha, and G. Srivastava, “Federated-Learning-Based Anomaly Detection for IoT Security Attacks,” IEEE Internet of Things Journal, vol. 9, no. 4, pp. 2545–2554, 2022, doi: 10.1109/JIOT.2021.3077803.

T. Rehman, N. Tariq, F. A. Khan, and S. U. Rehman, “FFL-IDS: A Fog-Enabled Federated Learning-Based Intrusion Detection System to Counter Jamming and Spoofing Attacks for the Industrial Internet of Things,” Sensors, vol. 25, no. 1, pp. 1–34, 2025, doi: 10.3390/s25010010.

R. Panigrahi and S. Borah, “A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems,” International Journal of Engineering and Technology(UAE), vol. 7, no. 3.24 Special Issue 24, pp. 479–482, 2018.

S. A. Jebur, M. A. Mohammed, L. R. Ali, and D. H. Abd, “MIX - Hybrid Convolutional Neural Network Framework with Explainable Artificial Intelligence for Fig Leaves Disease Detection,” International Journal of Intelligent Engineering & Systems, vol. 18, no. 4, pp. 881–895, 2025, doi: 10.22266/ijies2025.0531.57.

L. R. Al-Khazraji, A. R. Abbas, and A. S. Jamil, “Generating Various Deep Dream Images Through Maximizing the Loss Function of Particular Layers Using Inception-v3 and Inception-ResNet-V2 Models,” Iraqi Journal of Science, vol. 65, no. 6, pp. 3468–3483, 2024, doi: 10.24996/ijs.2024.65.6.39.

A. Kumar, K. Abhishek, M. R. Ghalib, A. Shankar, and X. Cheng, “Intrusion detection and prevention system for an IoT environment,” Digital Communications and Networks, vol. 8, no. 4, pp. 540–551, 2022, doi: 10.1016/j.dcan.2022.05.027.

G. Drainakis, “Federated vs. centralized machine learning under privacy-elastic users: A comparative analysis,” 19th International Symposium on Network Computing and Applications (NCA)., 2020.

T. Chen and C. Guestrin, “XGBoost: A scalable tree boosting system,” Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, vol. 13-17-Augu, pp. 785–794, 2016, doi: 10.1145/2939672.2939785.

K. Ghosh, C. Bellinger, R. Corizzo, P. Branco, B. Krawczyk, and N. Japkowicz, The class imbalance problem in deep learning, vol. 113, no. 7. Springer US, 2024. doi: 10.1007/s10994-022-06268-8.

J. Liu et al., “A new realistic benchmark for advanced persistent threats in network traffic,” IEEE Networking Letters, vol. 4, no. 3, pp. 162–166, 2022.

Y. Shen, M. Simsek, B. Kantarci, H. T. Mouftah, M. Bagheri, and P. Djukic, “Prior Knowledge based Advanced Persistent Threats Detection for IoT in a Realistic Benchmark,” in GLOBECOM 2022 IEEE Global Communications Conference, 2022, pp. 3551–3556.

B. N. Shaker, B. Al-Musawi, and M. F. Hassan, “Explainable AI for enhancing IDS against advanced persistent kill chain,” Cluster Computing, vol. 28, no. 7, p. 459, 2025, doi: 10.1007/s10586-025-05219-x.