Change search
Link to record
Permanent link

Direct link
Publications (6 of 6) Show all publications
Wang, H., Eklund, D., Oprea, A. & Raza, S. (2023). FL4IoT: IoT Device Fingerprinting and Identification Using Federated Learning. ACM Trans. Internet Things, 4(3)
Open this publication in new window or tab >>FL4IoT: IoT Device Fingerprinting and Identification Using Federated Learning
2023 (English)In: ACM Trans. Internet Things, ISSN 2691-1914, Vol. 4, no 3Article in journal (Refereed) Published
Abstract [en]

Unidentified devices in a network can result in devastating consequences. It is, therefore, necessary to fingerprint and identify IoT devices connected to private or critical networks. With the proliferation of massive but heterogeneous IoT devices, it is getting challenging to detect vulnerable devices connected to networks. Current machine learning-based techniques for fingerprinting and identifying devices necessitate a significant amount of data gathered from IoT networks that must be transmitted to a central cloud. Nevertheless, private IoT data cannot be shared with the central cloud in numerous sensitive scenarios. Federated learning (FL) has been regarded as a promising paradigm for decentralized learning and has been applied in many different use cases. It enables machine learning models to be trained in a privacy-preserving way. In this article, we propose a privacy-preserved IoT device fingerprinting and identification mechanisms using FL; we call it FL4IoT. FL4IoT is a two-phased system combining unsupervised-learning-based device fingerprinting and supervised-learning-based device identification. FL4IoT shows its practicality in different performance metrics in a federated and centralized setup. For instance, in the best cases, empirical results show that FL4IoT achieves ∌99% accuracy and F1-Score in identifying IoT devices using a federated setup without exposing any private data to a centralized cloud entity. In addition, FL4IoT can detect spoofed devices with over 99% accuracy.

Place, publisher, year, edition, pages
Association for Computing Machinery, 2023
Keywords
identification, Internet of things, fingerprinting, machine learning, federated learning
National Category
Communication Systems
Identifiers
urn:nbn:se:ri:diva-65760 (URN)10.1145/3603257 (DOI)
Available from: 2023-08-14 Created: 2023-08-14 Last updated: 2023-11-06Bibliographically approved
Zenden, I., Wang, H., Iacovazzi, A., Vahidi, A., Blom, R. & Raza, S. (2023). On the Resilience of Machine Learning-Based IDS for Automotive Networks. In: proc of IEEE Vehicular Networking Conference, VNC: . Paper presented at 14th IEEE Vehicular Networking Conference, VNC 2023.Instanbul. 26 April 2023 through 28 April 2023. (pp. 239-246). IEEE Computer Society
Open this publication in new window or tab >>On the Resilience of Machine Learning-Based IDS for Automotive Networks
Show others...
2023 (English)In: proc of IEEE Vehicular Networking Conference, VNC, IEEE Computer Society , 2023, p. 239-246Conference paper, Published paper (Refereed)
Abstract [en]

Modern automotive functions are controlled by a large number of small computers called electronic control units (ECUs). These functions span from safety-critical autonomous driving to comfort and infotainment. ECUs communicate with one another over multiple internal networks using different technologies. Some, such as Controller Area Network (CAN), are very simple and provide minimal or no security services. Machine learning techniques can be used to detect anomalous activities in such networks. However, it is necessary that these machine learning techniques are not prone to adversarial attacks. In this paper, we investigate adversarial sample vulnerabilities in four different machine learning-based intrusion detection systems for automotive networks. We show that adversarial samples negatively impact three of the four studied solutions. Furthermore, we analyze transferability of adversarial samples between different systems. We also investigate detection performance and the attack success rate after using adversarial samples in the training. After analyzing these results, we discuss whether current solutions are mature enough for a use in modern vehicles.

Place, publisher, year, edition, pages
IEEE Computer Society, 2023
Keywords
Adversarial AI/ML, Controller Area Network, Intrusion Detection System, Machine Learning, Vehicle Security, Computer crime, Control system synthesis, Controllers, Intrusion detection, Learning algorithms, Network security, Process control, Safety engineering, Automotive networks, Automotives, Autonomous driving, Controller-area network, Electronics control unit, Intrusion Detection Systems, Machine learning techniques, Machine-learning
National Category
Control Engineering
Identifiers
urn:nbn:se:ri:diva-65727 (URN)10.1109/VNC57357.2023.10136285 (DOI)2-s2.0-85163164299 (Scopus ID)9798350335491 (ISBN)
Conference
14th IEEE Vehicular Networking Conference, VNC 2023.Instanbul. 26 April 2023 through 28 April 2023.
Note

This research is partially funded by the CyReV project(Sweden’s Innovation Agency, D-nr 2019-03071), partiallyby the H2020 ARCADIAN-IoT (Grant ID. 101020259), andH2020 VEDLIoT (Grant ID. 957197).

Available from: 2023-08-11 Created: 2023-08-11 Last updated: 2024-03-03Bibliographically approved
Wang, H., Muñoz-González, L., Hameed, M. Z., Eklund, D. & Raza, S. (2023). SparSFA: Towards robust and communication-efficient peer-to-peer federated learning. Computers & security (Print), 129, Article ID 103182.
Open this publication in new window or tab >>SparSFA: Towards robust and communication-efficient peer-to-peer federated learning
Show others...
2023 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 129, article id 103182Article in journal (Refereed) Published
Abstract [en]

Federated Learning (FL) has emerged as a powerful paradigm to train collaborative machine learning (ML) models, preserving the privacy of the participants’ datasets. However, standard FL approaches present some limitations that can hinder their applicability in some applications. Thus, the need of a server or aggregator to orchestrate the learning process may not be possible in scenarios with limited connectivity, as in some IoT applications, and offer less flexibility to personalize the ML models for the different participants. To sidestep these limitations, peer-to-peer FL (P2PFL) provides more flexibility, allowing participants to train their own models in collaboration with their neighbors. However, given the huge number of parameters of typical Deep Neural Network architectures, the communication burden can also be very high. On the other side, it has been shown that standard aggregation schemes for FL are very brittle against data and model poisoning attacks. In this paper, we propose SparSFA, an algorithm for P2PFL capable of reducing the communication costs. We show that our method outperforms competing sparsification methods in P2P scenarios, speeding the convergence and enhancing the stability during training. SparSFA also includes a mechanism to mitigate poisoning attacks for each participant in any random network topology. Our empirical evaluation on real datasets for intrusion detection in IoT, considering both balanced and imbalanced-dataset scenarios, shows that SparSFA is robust to different indiscriminate poisoning attacks launched by one or multiple adversaries, outperforming other robust aggregation methods whilst reducing the communication costs through sparsification. 

Place, publisher, year, edition, pages
Elsevier Ltd, 2023
Keywords
Adversarial machine learning, Communication efficiency, IDS, IoT, Peer-to-peer federated learning, Poisoning attack, Cost reduction, Deep neural networks, Internet of things, Learning systems, Network architecture, Network security, Network topology, Communication cost, Machine learning models, Machine-learning, Peer to peer, Poisoning attacks, Intrusion detection
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-64312 (URN)10.1016/j.cose.2023.103182 (DOI)2-s2.0-85151480655 (Scopus ID)
Note

Correspondence Address: Wang, H.; RISE Research Institutes of SwedenSweden; email: han.wang@ri.se; Funding details: 830927; Funding details: 101020259; Funding text 1: This research is funded by the EU H2020 projects ARCADIAN-IoT (Grant ID. 101020259) and CONCORDIA (Grant ID: 830927).; Funding text 2: This research is funded by the EU H2020 projects ARCADIAN-IoT (Grant ID. 101020259) and CONCORDIA (Grant ID: 830927).

Available from: 2023-04-25 Created: 2023-04-25 Last updated: 2023-11-06Bibliographically approved
Iacovazzi, A., Wang, H., Butun, I. & Raza, S. (2023). Towards Cyber Threat Intelligence for the IoT. In: Proceedings - 19th International Conference on Distributed Computing in Smart Systems and the Internet of Things, DCOSS-IoT 2023: . Paper presented at 19th Annual International Conference on Distributed Computing in Smart Systems and the Internet of Things, DCOSS-IoT 2023. Pafos. 19 June 2023 through 21 June 2023 (pp. 483-490). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Towards Cyber Threat Intelligence for the IoT
2023 (English)In: Proceedings - 19th International Conference on Distributed Computing in Smart Systems and the Internet of Things, DCOSS-IoT 2023, Institute of Electrical and Electronics Engineers Inc. , 2023, p. 483-490Conference paper, Published paper (Refereed)
Abstract [en]

With the proliferation of digitization and its usage in critical sectors, it is necessary to include information about the occurrence and assessment of cyber threats in an organization’s threat mitigation strategy. This Cyber Threat Intelligence (CTI) is becoming increasingly important, or rather necessary, for critical national and industrial infrastructures. Current CTI solutions are rather federated and unsuitable for sharing threat information from low-power IoT devices. This paper presents a taxonomy and analysis of the CTI frameworks and CTI exchange platforms available today. It proposes a new CTI architecture relying on the MISP Threat Intelligence Sharing Platform customized and focusing on IoT environment. The paper also introduces a tailored version of STIX (which we call tinySTIX), one of the most prominent standards adopted for CTI data modeling, optimized for low-power IoT devices using the new lightweight encoding and cryptography solutions. The proposed CTI architecture will be very beneficial for securing IoT networks, especially the ones working in harsh and adversarial environments. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2023
Keywords
Internet of things; Cybe threat intelligence; Cyber threats; Digitisation; Indicator of compromize; Low Power; MISP; Mitigation strategy; National infrastructure; STIX; Threats mitigations; Network architecture
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-67676 (URN)10.1109/DCOSS-IoT58021.2023.00081 (DOI)2-s2.0-85174417452 (Scopus ID)
Conference
19th Annual International Conference on Distributed Computing in Smart Systems and the Internet of Things, DCOSS-IoT 2023. Pafos. 19 June 2023 through 21 June 2023
Note

This work has been supported by the H2020 projectARCADIAN-IoT (https://www.arcadian-iot.eu/) [G.A. No.101020259] 

Available from: 2023-11-14 Created: 2023-11-14 Last updated: 2023-11-14Bibliographically approved
Wang, H., Muñoz-González, L., Eklund, D. & Raza, S. (2021). Non-IID Data Re-Balancing at IoT Edge with Peer-to-Peer Federated Learning for Anomaly Detection. In: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks: . Paper presented at WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks.28 June 2021- 2 July 2021 (pp. 153-163). Association for Computing Machinery
Open this publication in new window or tab >>Non-IID Data Re-Balancing at IoT Edge with Peer-to-Peer Federated Learning for Anomaly Detection
2021 (English)In: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery , 2021, p. 153-163Conference paper, Published paper (Refereed)
Abstract [en]

The increase of the computational power in edge devices has enabled the penetration of distributed machine learning technologies such as federated learning, which allows to build collaborative models performing the training locally in the edge devices, improving the efficiency and the privacy for training of machine learning models, as the data remains in the edge devices. However, in some IoT networks the connectivity between devices and system components can be limited, which prevents the use of federated learning, as it requires a central node to orchestrate the training of the model. To sidestep this, peer-to-peer learning appears as a promising solution, as it does not require such an orchestrator. On the other side, the security challenges in IoT deployments have fostered the use of machine learning for attack and anomaly detection. In these problems, under supervised learning approaches, the training datasets are typically imbalanced, i.e. the number of anomalies is very small compared to the number of benign data points, which requires the use of re-balancing techniques to improve the algorithms’ performance. In this paper, we propose a novel peer-to-peer algorithm,P2PK-SMOTE, to train supervised anomaly detection machine learning models in non-IID scenarios, including mechanisms to locally re-balance the training datasets via synthetic generation of data points from the minority class. To improve the performance in non-IID scenarios, we also include a mechanism for sharing a small fraction of synthetic data from the minority class across devices, aiming to reduce the risk of data de-identification. Our experimental evaluation in real datasets for IoT anomaly detection across a different set of scenarios validates the benefits of our proposed approach.

Place, publisher, year, edition, pages
Association for Computing Machinery, 2021
Keywords
federated learning, anomaly detection, non-IID data, imbalanced data
National Category
Computer Sciences
Identifiers
urn:nbn:se:ri:diva-55437 (URN)10.1145/3448300.3467827 (DOI)978-1-4503-8349-3 (ISBN)
Conference
WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks.28 June 2021- 2 July 2021
Available from: 2021-07-08 Created: 2021-07-08 Last updated: 2023-11-06Bibliographically approved
Wang, H., Barriga, L. E., Vahidi, A. & Raza, S. (2019). Machine Learning for Security at the IoT Edge-A Feasibility Study. In: Proceedings - 2019 IEEE 16th International Conference on Mobile Ad Hoc and Smart Systems Workshops, MASSW 2019: . Paper presented at 16th IEEE International Conference on Mobile Ad Hoc and Smart Systems Workshops, MASSW 2019, 4 November 2019 through 7 November 2019 (pp. 7-12). Institute of Electrical and Electronics Engineers Inc.
Open this publication in new window or tab >>Machine Learning for Security at the IoT Edge-A Feasibility Study
2019 (English)In: Proceedings - 2019 IEEE 16th International Conference on Mobile Ad Hoc and Smart Systems Workshops, MASSW 2019, Institute of Electrical and Electronics Engineers Inc. , 2019, p. 7-12Conference paper, Published paper (Refereed)
Abstract [en]

Benefits of edge computing include reduced latency and bandwidth savings, privacy-by-default and by-design in compliance with new privacy regulations that encourage sharing only the minimal amount of data. This creates a need for processing data locally rather than sending everything to a cloud environment and performing machine learning there. However, most IoT edge devices are resource-constrained in comparison and it is not evident whether current machine learning methods are directly employable on IoT edge devices. In this paper, we analyze the state-of-the-art machine learning (ML) algorithms for solving security problems (e.g. intrusion detection) at the edge. Starting from the characteristics and limitations of edge devices in IoT networks, we assess a selected set of commonly used ML algorithms based on four metrics: computation complexity, memory footprint, storage requirement and accuracy. We also compare the suitability of ML algorithms to different cybersecurity problems and discuss the possibility of utilizing these methods for use cases.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers Inc., 2019
Keywords
Artificial Intelligence, Edge, IoT, Machine Learning, Security, Data Sharing, Digital storage, Internet of things, Intrusion detection, Privacy by design, Cloud environments, Computation complexity, Feasibility studies, Machine learning methods, Privacy regulation, Reduced latencies, Security problems, Storage requirements
National Category
Engineering and Technology
Identifiers
urn:nbn:se:ri:diva-45017 (URN)10.1109/MASSW.2019.00009 (DOI)2-s2.0-85084111495 (Scopus ID)9781728141213 (ISBN)
Conference
16th IEEE International Conference on Mobile Ad Hoc and Smart Systems Workshops, MASSW 2019, 4 November 2019 through 7 November 2019
Note

Conference code: 159126; Export Date: 25 May 2020; Conference Paper; Funding details: VINNOVA; Funding details: 830927; Funding text 1: This work has received partial funding from VINNOVA Sweden for the H2020 CONCORDIA (grant agreement No 830927), and partial from RISE Cybersecurity KP.

Available from: 2020-05-25 Created: 2020-05-25 Last updated: 2023-11-06Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-2772-4661

Search in DiVA

Show all publications