The Internet of Vehicles (IoV) has garnered significant attention from researchers and automotive industry professionals due to its expanding range of applications and services aimed at enhancing road safety and driver/passenger comfort. However, the massive amount of data spread across this network makes securing it challenging. The IoV network generates, collects, and processes vast amounts of valuable and sensitive data that intruders can manipulate. An intrusion detection system (IDS) is the most typical method to protect such networks. An IDS monitors activity on the road to detect any sign of a security threat and generates an alert if a security anomaly is detected. Federated Learning (FL) is a decentralized machine learning technique, FL allows model training on client devices while maintaining user data privacy.
1. Introduction
The rapid expansion of the Internet of Things (IoT) has led to a number of novel applications, such as smart cities, smart grids, and the Internet of Vehicles (IoV). When these smart objects take the form of interconnected vehicles over the internet, the IoT becomes the IoV. Significant interest in IoV technologies has emerged due to substantial advancements in the smart automobile industry. IoV networks are integrated and open network systems that connect vehicles, human intelligence, neighboring environments, and public networks. These networks aim to increase road safety, reduce human error-related accidents, and mitigate congestion. This is accomplished by continuously monitoring traffic congestion. However, despite the numerous benefits offered by the IoV, several issues must be addressed to safeguard the lives of all road users. The IoV is vulnerable to cyberattacks, which threaten its stability, robustness, and can lead to vehicle unavailability and traffic accidents. Since communication in these networks requires the involvement of multiple components, they are susceptible to a broad array of attacks. Thus, ensuring their security requires advanced intrusion detection systems (IDSs) that can address potential cyberattacks. IDSs excel at identifying anomalies and attacks in the network’s data during communications between vehicles and various devices. Given that the IoV is a relatively new network paradigm, new and ever-evolving attacks against it continue to emerge. The IoV network creates a huge amount of data very quickly, especially when there are cyberattacks.The accuracy of machine learning and deep learning approaches makes them a preferred choice in this high-stakes environment
[1]. Nevertheless, the need to store and transmit data to a centralized server may compromise privacy and security. In contrast, Federated Learning (FL), a decentralized learning approach that protects privacy, trains models locally before sending only the parameters to the centralized server.
2. Federated Learning for Intrusion Detection Systems in Internet of Vehicles
2.1. Intrusion Detection Systems Based on Federated Learning
The emergence of IDSs that utilize FL represents a significant advancement in cybersecurity. This innovative technique ensures the security of networked environments while upholding data privacy
[2]. Unlike conventional IDSs that depend on centralized data analysis, FL-based IDSs operate on a decentralized principle. Within this innovative framework, each device independently generates localized ML models by leveraging their own data inputs. These models are subsequently improved through a collaborative learning process, where devices communicate changes to the models rather than exchanging raw data
[3]. Ongoing research efforts continuously enhance this approach, leading to the emergence of FL-based IDSs as a potential future in the pursuit of secure and privacy-conscious network defense mechanisms
[4].
Motivation to Adapt Federated Learning in Intrusion Detection Systems
The incorporation of FL into IDSs is driven by the significant demand for heightened security and privacy in our increasingly interconnected society. Despite the notable advancements made by ML and DL in the field of IDSs, various limitations associated with these technologies must be acknowledged, particularly concerning data privacy and communication efficiency. FL addresses these challenges by facilitating localized model training without compromising the privacy of raw data, thereby safeguarding individual privacy while promoting collaborative learning.
FL facilitates decentralized, real-time threat detection in contexts such as the IoT or IoV, where various geographically scattered devices generate data. The IDS’s capacity to adapt to local contexts allows it to detect and recognize distinct threats peculiar to individual environments. The motivations for implementing FL in IDSs revolve around several essential elements, including the following
[5]:
-
Privacy preservation: FL enables collaborative model training while ensuring the privacy of sensitive raw data. Data privacy is of utmost importance in contexts where it holds significant value, such as the healthcare, finance, or government sectors. FL guarantees the protection of individual privacy by maintaining data locally and exchanging model updates. This approach aligns with legal and ethical requirements around privacy.
-
Data efficiency: Data efficiency is a significant concern in conventional centralized systems, as transmitting substantial amounts of raw data to a central server may prove unfeasible. This is particularly true when there are constraints on available bandwidth or communication costs are high. FL addresses this issue by focusing on lowering the volume of data transferred. Specifically, only updates to the model are exchanged, resulting in a substantial reduction in communication overhead.
-
Adaptability and customization: The adaptability and customization of FL models allow for their adaptation to specific local settings. In the IDS field, various contexts may encounter distinct and specific threats. FL permits individual devices to customize their intrusion detection models based on their unique threat landscapes, ensuring precision in identifying potential threats.
-
Continuous learning: Continuous learning is essential in the security field as threats perpetually evolve. FL permits the ongoing updating of models as new data become accessible. The capacity to adapt in real time ensures that IDSs remain effective in the face of developing threats, providing a significant advantage in dynamic situations.
-
Robustness and fault tolerance: The inherent robustness of FL systems is based on their ability to withstand and recover from faults. In the event of a device failure or offline status, the system can maintain operation by utilizing the remaining functional devices
[6]. The maintenance of fault tolerance is of the utmost importance in guaranteeing uninterrupted intrusion detection capabilities inside diverse and large-scale networks.
-
Decentralization and edge computing: The utilization of FL facilitates decentralized learning, which aligns with edge computing principles, wherein data processing occurs in close proximity to its origin. In scenarios like IoT or IoV, where devices are dispersed geographically, FL enables localized learning, ensuring prompt reactions to potential risks without dependence on a central server.
These elements make FL a compelling and viable approach for enhancing the efficacy and confidentiality aspects of IDSs in diverse settings.
2.2. Related Surveys
A few reviews have focused on the topic of FL-based IDSs.
Table 1 succinctly outlines the primary differentiators. For instance, ref.
[5] offers a comprehensive survey of FL-based IDS approaches and discusses the difficulties and challenges of using these methods. Meanwhile, the authors of
[7] focus on the current scientific progress of FL applications in attack detection problems for IoT and explore these applications. The extensive review presented in
[8] draws from an analysis of 39 research papers published from 2018 to March 2022, with a specific focus on the IoT. The analysis examined evaluation variables related to IoT, particularly concerning FL, and identified and dis-cussed prospects and unresolved issues pertaining to FL-based IoT. The authors of
[9] also provided an overview and comparison of six studies that use FL to enhance IDS effectiveness for IoT. In the absence of specific datasets for assessing FL, the authors emphasized data partitioning modeling among clients. Additionally, they investigated the modeling of bias in the test data to assess its impact on the effectiveness of the ML model. The authors of
[10] discussed the implementation of FL-based IDSs in various domains and highlighted distinctions between different architectural configurations. Their structured literature analysis offers a reference architecture that can be used as a set of principles for comparing and designing FL-based IDS. Despite significant progress in FL for IDS development, a comprehensive survey exploring FL for IDS applications within the context of IoV is conspicuously lacking.
Table 1. Summary of related surveys on Federated Learning-based IDS.
Survey Title |
Year |
Main Focus |
Key Contributions |
IDS |
IoV |
Survey [5] |
2021 |
FL-based IDS |
Discussion on the role of FL in intrusion detection - Comprehensive review of ML/DL/FL in intrusion detection - Highlighting open research challenges |
✓ |
X |
Survey [7] |
2022 |
FL in IDS within (IoT) domain |
Understanding of federated learning, privacy preservation, and anomaly detection in network systems, with a particular focus on applications in IoT and related domains. |
✓ |
X |
Survey [9] |
2022 |
FL-based IDS |
- Review of FL system architectures - Review of Evaluation Datasets - Comparative analysis of proposed systems Open challenges and future directions |
✓ |
X |
Survey [8] |
2022 |
FL-based IoT |
Organizing and reviewing FL-based IoT domains - Creating a taxonomy to organize various aspects of FL-based IoT Providing some research questions about the FL-based IoT area and answering them Reviewing evaluation factors Focusing on open issues and future research challenges |
X |
X |
Survey [10] |
2022 |
FL-based IDS |
Review of FL application in attack detection and mitigation Proposal of a reference architecture Establishment of a taxonomy Identification of open issues and research directions |
✓ |
X |
Survey (10.3390/fi15120403) |
2023 |
FL-based IDS in IoV environment |
Offer of a generic taxonomy for describing FL systems A well-organized literature review on IDSs based on FL in an IoV environment. Highlighting challenges and potential future directions based on the existing literature. |
✓ |
✓ |
This entry is adapted from the peer-reviewed paper 10.3390/fi15120403