Abstract
This paper designs an efficient distributed intrusion detection system (DIDS) for Internet of Things (IoT) data traffic. The proposed DIDS has been implemented at IoT network gateways and edge sites to detect and alarm on anomalous traffic data. We implement different machine learning (ML) algorithms to classify the traffic as benign or malicious. We perform an in-depth parametric study of the models using multiple real-time IoT datasets to enable the model deployment to be consistent with the demands of the specific IoT network. Specifically, we develop a decentralized method using federated learning (FL) for collecting data from IoT sensor nodes to address the data privacy issues associated with centralizing data at the gateway DIDS. We propose two poisoning attacks on the perception layer of these IoT networks that use generative adversarial networks (GAN) to determine how the threats of unpredictable authenticity of the IoT sensors can be triggered. To address such attacks, we design an appropriate defence algorithm that is implemented at the gateways to help separate anomalous from benign data and preserve the system's robustness. The suggested defence algorithm successfully classifies anomalies with high accuracy, exhibiting the system's immunity against poisoning attacks. We confirm that the Random Forest classifier performs the best across all ML key performance indicators (KPIs) and can be implemented at the edge to reduce false alarm rates.