The rapid expansion of the Internet of Things (IoT) has introduced significant cybersecurity risks, implying the need for lightweight edge-level intrusion detection systems (IDS). On-device training and federated learning (FL) enable collaborative construction of unified models using field data, ensuring data privacy preservation. However, repetitive global model updates and parameter transmission, particularly over IoT architectures characterized by limited bandwidth or intermittent connectivity, can result in significant network latency, as well as in unsustainable energy consumption for the involved resource-constrained IoT-edge devices. Moreover, collecting a sufficient set of realistic attack samples in situ is often difficult, resulting in highly imbalanced datasets that limit distributed training. To overcome these limitations, we combined Siamese Neural Networks (SNNs) and gradient sparsification, enabling IoT-edge devices to support privacy-preserving few-shot FL and model compression needed to train a shared IDS model collaboratively by using very few samples and optimizing the communication overhead during model updates, respectively. The percentage of gradient sparsification is dynamically selected at each training round through an epsilon-greedy exploration-exploitation strategy, allowing the system to balance adaptively the trade-off between communication savings and detection performance. To accommodate a model sparsification few-shot learning strategy in IoT environments, a distributed IDS based on federated SNNs has been proposed and tested on constrained microcontroller units. It is validated using the CSE-CIC-IDS2018 dataset. It demonstrates that the SNN-based IDS, when augmented with FL and gradient sparsification, achieves high performance even under network bandwidth limitations, as well as reduced and unbalanced training data constraints, highlighting its potential for secure and privacy-aware IoT-edge applications.
Combining epsilon-greedy reinforcement learning based gradient sparsification and siamese neural networks for few-shot federated tinyML intrusion detection in IoT
Fusco P.;Palmieri F.;Ficco M.
2025
Abstract
The rapid expansion of the Internet of Things (IoT) has introduced significant cybersecurity risks, implying the need for lightweight edge-level intrusion detection systems (IDS). On-device training and federated learning (FL) enable collaborative construction of unified models using field data, ensuring data privacy preservation. However, repetitive global model updates and parameter transmission, particularly over IoT architectures characterized by limited bandwidth or intermittent connectivity, can result in significant network latency, as well as in unsustainable energy consumption for the involved resource-constrained IoT-edge devices. Moreover, collecting a sufficient set of realistic attack samples in situ is often difficult, resulting in highly imbalanced datasets that limit distributed training. To overcome these limitations, we combined Siamese Neural Networks (SNNs) and gradient sparsification, enabling IoT-edge devices to support privacy-preserving few-shot FL and model compression needed to train a shared IDS model collaboratively by using very few samples and optimizing the communication overhead during model updates, respectively. The percentage of gradient sparsification is dynamically selected at each training round through an epsilon-greedy exploration-exploitation strategy, allowing the system to balance adaptively the trade-off between communication savings and detection performance. To accommodate a model sparsification few-shot learning strategy in IoT environments, a distributed IDS based on federated SNNs has been proposed and tested on constrained microcontroller units. It is validated using the CSE-CIC-IDS2018 dataset. It demonstrates that the SNN-based IDS, when augmented with FL and gradient sparsification, achieves high performance even under network bandwidth limitations, as well as reduced and unbalanced training data constraints, highlighting its potential for secure and privacy-aware IoT-edge applications.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
