ML Security PapersByzantine-Robust Federated Learning Framework with Post-Quantum Secure Aggregation for Real-Time Threat Intelligence Sharing in Critical IoT Infrastructure
Published on arXiv
2601.01053
Data Poisoning Attack
OWASP ML Top 10 — ML02
Key Finding
Achieves 96.8% threat detection accuracy while mitigating up to 40% Byzantine attackers with only 18% computational overhead and sub-second aggregation latency
The proliferation of Internet of Things devices in critical infrastructure has created unprecedented cybersecurity challenges, necessitating collaborative threat detection mechanisms that preserve data privacy while maintaining robustness against sophisticated attacks. Traditional federated learning approaches for IoT security suffer from two critical vulnerabilities: susceptibility to Byzantine attacks where malicious participants poison model updates, and inadequacy against future quantum computing threats that can compromise cryptographic aggregation protocols. This paper presents a novel Byzantine-robust federated learning framework integrated with post-quantum secure aggregation specifically designed for real-time threat intelligence sharing across critical IoT infrastructure. The proposed framework combines a adaptive weighted aggregation mechanism with lattice-based cryptographic protocols to simultaneously defend against model poisoning attacks and quantum adversaries. We introduce a reputation-based client selection algorithm that dynamically identifies and excludes Byzantine participants while maintaining differential privacy guarantees. The secure aggregation protocol employs CRYSTALS-Kyber for key encapsulation and homomorphic encryption to ensure confidentiality during parameter updates. Experimental evaluation on industrial IoT intrusion detection datasets demonstrates that our framework achieves 96.8% threat detection accuracy while successfully mitigating up to 40% Byzantine attackers, with only 18% computational overhead compared to non-secure federated approaches. The framework maintains sub-second aggregation latency suitable for real-time applications and provides 256-bit post-quantum security level.
Key Contributions
- Adaptive weighted aggregation mechanism combined with reputation-based client selection to identify and exclude Byzantine participants in FL
- Post-quantum secure aggregation protocol using CRYSTALS-Kyber key encapsulation and homomorphic encryption to protect model updates against quantum adversaries
- Integrated differential privacy guarantees, demonstrated to tolerate up to 40% Byzantine attackers with only 18% computational overhead on IoT intrusion detection datasets
🛡️ Threat Analysis
The primary ML security contribution is defending against Byzantine attacks where malicious FL participants send poisoned model updates to corrupt the global model — the reputation-based client selection and adaptive weighted aggregation are specifically designed to detect and exclude Byzantine participants, a canonical ML02 defense. The guidelines explicitly note that Byzantine-fault-tolerant FL protocols defending against malicious participants corrupting the model belong to ML02.