ML Security PapersSecureDyn-FL: A Robust Privacy-Preserving Federated Learning Framework for Intrusion Detection in IoT Networks
Imtiaz Ali Soomro 1, Hamood Ur Rehman 2, S. Jawad Hussain ID 1, Adeel Iqbal 3, Waqas Khalid 4, Heejung Yu ID 5
Published on arXiv
2601.06466
Data Poisoning Attack
OWASP ML Top 10 — ML02
Model Inversion Attack
OWASP ML Top 10 — ML03
Key Finding
Achieves 99.01% detection accuracy and 98.9% F1-score under scenarios with up to 50% adversarial clients, outperforming state-of-the-art FL-based IDS defenses while maintaining privacy and computational efficiency.
SecureDyn-FL
Novel technique introduced
The rapid proliferation of Internet of Things (IoT) devices across domains such as smart homes, industrial control systems, and healthcare networks has significantly expanded the attack surface for cyber threats, including botnet-driven distributed denial-of-service (DDoS), malware injection, and data exfiltration. Conventional intrusion detection systems (IDS) face critical challenges like privacy, scalability, and robustness when applied in such heterogeneous IoT environments. To address these issues, we propose SecureDyn-FL, a comprehensive and robust privacy-preserving federated learning (FL) framework tailored for intrusion detection in IoT networks. SecureDyn-FL is designed to simultaneously address multiple security dimensions in FL-based IDS: (1) poisoning detection through dynamic temporal gradient auditing, (2) privacy protection against inference and eavesdropping attacks through secure aggregation, and (3) adaptation to heterogeneous non-IID data via personalized learning. The framework introduces three core contributions: (i) a dynamic temporal gradient auditing mechanism that leverages Gaussian mixture models (GMMs) and Mahalanobis distance (MD) to detect stealthy and adaptive poisoning attacks, (ii) an optimized privacy-preserving aggregation scheme based on transformed additive ElGamal encryption with adaptive pruning and quantization for secure and efficient communication, and (iii) a dual-objective personalized learning strategy that improves model adaptation under non-IID data using logit-adjusted loss. Extensive experiments on the N-BaIoT dataset under both IID and non-IID settings, including scenarios with up to 50% adversarial clients, demonstrate that SecureDyn-FL consistently outperforms state-of-the-art FL-based IDS defenses.
Key Contributions
- Dynamic temporal gradient auditing (GMM + Mahalanobis distance) that detects stealthy and adaptive poisoning attacks from up to 50% adversarial FL clients
- Privacy-preserving aggregation via transformed additive ElGamal encryption with adaptive pruning and quantization to block gradient reconstruction attacks while remaining efficient for IoT devices
- Dual-objective personalized learning with logit-adjusted loss to improve model utility under non-IID data distributions
🛡️ Threat Analysis
Core contribution (i) is a dynamic temporal gradient auditing mechanism using Gaussian mixture models and Mahalanobis distance to detect and filter malicious gradient updates injected by adversarial FL clients — a direct defense against Byzantine/data-poisoning attacks in federated learning, which the instructions explicitly mark as ML02.
Core contribution (ii) is a privacy-preserving aggregation scheme using transformed additive ElGamal encryption to protect FL gradient updates from eavesdroppers and MITM adversaries who would otherwise reconstruct participants' local training data — matching the instructions' example of secure aggregation defending against gradient leakage attacks.