0% found this document useful (0 votes)

5 views

Federated_Edge_Intelligence_for_Enhanced_Security_in_Consumer_Intermittent_Healthcare_Devices_Using_Adversarial_Examples(1)

The article discusses a novel approach to enhance the security of consumer intermittent healthcare devices through Federated Edge Intelligence and adversarial examples. It highlights the increasing cyber threats to healthcare devices and proposes a framework that utilizes Federated Learning to improve data security and privacy while maintaining device functionality. The proposed method demonstrates high detection accuracy using two datasets, showcasing its effectiveness against various cyberattacks.

Uploaded by

rhy20060225

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views

Federated_Edge_Intelligence_for_Enhanced_Security_in_Consumer_Intermittent_Healthcare_Devices_Using_Adversarial_Examples(1)

Uploaded by

rhy20060225

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 12

This article has been accepted for publication in IEEE Transactions on Consumer Electronics.

This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2024.3511615

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 1

Federated Edge Intelligence for Enhanced Security

in Consumer Intermittent Healthcare Devices using
Adversarial Examples
Farhan Ullah, Leonardo Mostarda, Diletta Cacciagrano, Mohammed J.F. Alenazi, Chien-Ming Chen, Saru
Kumari, Senior Member, IEEE

Abstract—Modern consumer electronics that integrate the devices have a variety of applications, including electronic
concept of connected personal medical devices are known as health record management, medicine administration systems,
Smart Healthcare Systems (SHS). The SHS utilized healthcare diagnostics, and patient monitoring. However, the interconnec-
devices and edge computing for data capture, transmission via
smart devices, analysis, and the delivery of healthcare services. tion of these devices poses significant security and privacy con-
Cyberattacks on consumer medical devices in the healthcare cerns. The potential implications of security flaws in healthcare
sector are becoming increasingly common. Technological frame- devices are severe, including unauthorized access to personal
works like edge computing can act as an intermediary layer patient information and tampering with life-threatening medi-
between the cloud and SHS, reducing the burden and enhancing cal equipment. Furthermore, the increasing sophistication of
data security and privacy. In this study, we proposed a novel edge
intelligence approach for improving medical device security that cyberattacks makes it harder to maintain the integrity and
employs Federated Learning (FL) and network traffic adversarial confidentiality of healthcare data. Medical devices can be
examples. First, we generated a distinctive dataset using image- vulnerable to various attacks, including ransomware, which
based features extracted from network traffic bytes. Secondly, encrypts data and demands payment to decrypt it. Unautho-
due to the intermittent behavior of clients, the dataset received rized access occurs when hackers acquire control, modify
from each client may be imbalanced, which can negatively
affect performance. Third, adversarial examples are generated to settings, or steal data. Data theft refers to getting sensitive
assess the robustness of datasets, utilizing four distinct types of patient information. Additional risks include exploiting soft-
adversarial attack methods that introduce perturbations into the ware or firmware flaws and changing features to cause harm or
input data. Finally, the cooperative FL architecture ensured data malfunction. Denial of service (DoS) attacks interrupt device
security, privacy, and edge intelligence. The proposed method functionality. Furthermore, adversaries can physically manip-
is analyzed using two standard datasets, CICIoMT2024 and
Edge-IIoT, achieving 97.45% and 96.7% detection accuracy, ulate devices, access manufacturing processes (also known
respectively. as supply chain assaults), and monitor communication using
man-in-the-middle attacks. Social engineering tactics can be
Index Terms—Consumer healthcare devices, Security and pri-
vacy, Edge computing, Federated Learning, Adversarial attacks, used to trick individuals into granting unauthorized access or
Network traffic distributing malware [1] [2] [3]. The need to analyze enormous
volumes of data collected daily to form inferences has led
to several advances in machine learning and deep learning.
I. I NTRODUCTION Nonetheless, due to the immense value of this information, it
is vital to safeguard the privacy and security of the examined
T HE healthcare industry is undergoing a paradigm shift
due to integrating modern consumer electronics and
technologies with medical devices to enhance patient care
data. In certain circumstances, regulatory compliance demands
adopting protections to protect sensitive information, such as
and outcomes. The Internet of Medical Things (IoMT), which the General Data Protection Regulation (GDPR) [1].
consists of a vast network of interconnected medical devices, Figure 1 depicts the purpose of an adversarial attack, which
has substantially revolutionized healthcare delivery. These is to disrupt or destroy a system, obtain unauthorized access,
or defeat security measures by leveraging vulnerabilities. The
F. Ullah is with the Division of Computer Science, University of Camerino, model training and prediction generation process requires
62032 Camerino, Italy. (e-mail:[email protected])
L. Mostarda is with the Department of Mathematics and Com- transmitting individual client data to a centralized server. The
puter Science, University of Perugia, Perugia, 06123, Italy. (e-mail: resulting models are then distributed to each client. The fun-
[email protected]) damental risk associated with this technique is the insufficient
D. Cacciagrano is with the Division of Computer Science, University of
Camerino, Camerino, 62032, Italy. (e-mail: [email protected]) security of confidential data. The interception of data trans-
M. Alenazi is with the Department of Computer Engineering, College of fers between consumers and the central server is a potential
Computer and Information Sciences (CCIS), King Saud University, Riyadh vulnerability. Furthermore, keeping massive amounts of data
11451, Saudi Arabia. (e-mail: [email protected])
C. Chen is with the School of Artificial Intelligence (School of Future requires high-bandwidth, low-latency communication to make
Technology), Nanjing University of Information Science and Technology, accurate forecasts. One possible solution to these concerns
China. (e-mail: [email protected]) would be to centrally train the machine learning model by
S. Kumari Saru Kumari is with the Department of Mathematics, Chaud-
hary Charan Singh University, Meerut 250004, India. (e-mail: saryusi- combining initial data from multiple clients. The trained model
[email protected]) is then replicated and disseminated to each client, removing the

Authorized licensed use limited to: Hong Kong University of Science and Technology. Downloaded on December 23,2024 at 09:34:06 UTC from IEEE Xplore. Restrictions apply.
© 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See https://www.ieee.org/publications/rights/index.html for more information.
This article has been accepted for publication in IEEE Transactions on Consumer Electronics. This is the author's version which has not been fully edited and
content may change prior to final publication. Citation information: DOI 10.1109/TCE.2024.3511615

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 2

versarial attacks on healthcare devices and demonstrate

intelligent edge data processing. Through the utilization
Training Training & Testing
Data of shared data, our approach enhances security by pre-
venting sensitive information from being disclosed.
Local Server
DL Models Parameters Tuning 4) Client numbers can vary dynamically, affecting classifi-
cation accuracy. Despite the use of decentralized data,
intermittent clients, and adversarial examples, the pro-
posed strategy is more robust than centralized solutions.
Request / Response

Adversarial Attacks
The remaining part of the paper is organized as follows:
Section II explains the related work, and Section III describes
the proposed method. Section IV presents the experimental
Understanding
Weaknesses results, and Section V concludes the work.
Medical Devices Adversarial Attacks
II. R ELATED W ORK
Intrusion detection in healthcare devices gradually shifts
Fig. 1. Adversarial attacks on conventional model training process
from traditional machine learning-based methods to edge-
based FL approaches [2] [7]. In this section, we discuss several
need to transmit data for periodic updates. This methodology methods involving machines and FL that detect and classify
has two significant advantages over the traditional approach. attacks on healthcare devices.
First, minimizing network dependencies and latency enables
clients to make predictions locally. Furthermore, it lowers A. Machine Learning
communication overhead. This method requires initial data Newaz et al. [8] demonstrated the susceptibility of personal
transfer from clients to the central server during training, medical device communications to several cyber threats. An
which may jeopardize sensitive information. Furthermore, data adversary with malicious intent can intercept sensitive health
privacy concerns may deteriorate due to large data transfers in data and execute denial-of-service, man-in-the-middle, replay,
scenarios such as IoT or Edge computing with low network and fraudulent data injection attacks. Moreover, they intro-
quality [4]. duced HEKA, which functions as an intrusion detection system
FL is gaining popularity because it stores data on each (IDS). HEKA uses an n-gram-based technique and machine
local server, which is important for healthcare applications. learning technologies to track and detect aberrant traffic trends
It tackles privacy problems with distributed data analysis by in portable medical device interactions. HEKA achieves an
storing confidential patient data on local computers and only F1-score of 98% and a detection accuracy of 98.4% when
exchanging updated models, not raw data. This decentralized examined on eight publicly available devices. Fan et al. [9]
strategy decreases the probability of adversarial attacks by explored the difficulty of constructing transferable adversarial
removing a central repository that attackers can target. FL scenarios for black-box assaults without relying on the re-
improves resilience by securely combining model weights placement model. This method used data-modal conversion to
from various sources, reducing the impact of adverse changes combine image-to-graph conversion, graph perturbation, and
[5] [6]. The use of iterative model updates with aggregated graph-to-image inversion. The solution outperforms the three
weights improves predictive model dependability and accuracy baseline approaches in experiments and applies to real-world
while maintaining data confidentiality. This makes FL an scenarios because it does not require prior knowledge of the
effective strategy for dealing with hostile threats and protecting victim model.
healthcare data and devices. The following are the main Zhang et al. [10] developed the DroidSIFT approach, which
contributions of this study. identifies malicious Android apps using relationship graphs
1) Image-based features are particularly useful for captur- and semantic information. The major goal of this system is
ing structural data types such as storage, processes, and to detect and prevent evolution attacks, emerging threats, and
headers. We generated a dataset by crawling large-scale harmful variants. After evaluating 13,500 benign samples and
network traffic bytes. Following this, we developed an 2,200 hazardous samples, DroidSIFT detected threats with
algorithm for converting network data into greyscale an amazing 93% accuracy. Gao et al. [11] designed apps
images. that use APIs for triggering connections and activities. These
2) To address overfitting and misclassification, we applied apps build a graph, which is then used in a network to
data augmentation techniques to balance images within produce embeddings for app categorization. GDroid employed
each class. To enhance our dataset against adversarial graph neural networks to detect fraudulent apps as a security
attacks, we used strategies such as FGSM, IGSM, PGD, solution. The system accurately identified 98.99% of Android
and a hybrid strategy that combined IGSM and PGD. malware instances with a false positive rate below 1%. An
This comprehensive approach increases the potential of efficient method for finding neural networks designed for
the dataset to detect and protect against such threats Multi-Target Classification (MTC) was proposed by Zhang et
while also improving data security. al. [12]. This method determined the optimal model topolo-
3) We present a cooperative FL framework for detecting ad- gies by analyzing real-world Android network traffic. This

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 3

method takes a distinctive search space and discrete design in the detection of errors and unauthorized use. Performance
components into account to solve the problem as a limited evaluation is enhanced by analyzing packet data to discover
optimization problem. This approach found appropriate MTC bottlenecks and latency concerns. Additionally, PCAP files
classification models by using the USTC-TFC2016 dataset. provide an audit record for regulatory compliance and se-
curity policy enforcement. They help with threat detection
B. Federated Learning analysis by highlighting unusual behaviors and significant security
threats. Moreover, PCAP is useful for debugging network
Several research studies [13] [14] used FL approaches
issues because it provides specific data flows. Considering
in the healthcare domain. Schneble et al. [15] described a
the continual upgrading of network traffic to avoid static and
massively distributed, machine learning-based IDS for Medical
dynamic classification, we investigated the usefulness of visual
Cyber-Physical Systems (MCPS). It explored FL to reduce
features in detecting malicious traffic. This method uses image
communication and compute costs in machine learning. Real
processing to transform network traffic patterns into textural
patient data and security risks like DoS are used to test. The
properties. It works without involving reverse engineering or
results showed a decrease in network communication costs and
traffic signatures. This solution successfully reduces the impact
a 99.0% accuracy. The system used mobile device resources
of anti-detection strategies including signature modification
to achieve scalability and manage anomalous data distribution.
and dynamic feature extraction evasion [19]. By examining
Rehman et al. [16] described an FL framework for detecting
the PCAP, a byte stream about each malicious variation is
side-channel threats on confidential medical data. Data was
obtained. We designed a bytes-to-image translation technique
acquired from ten Android smartphone soft keyboard users.
for extracting images from byte streams. Greyscale images are
The architecture trained a Deep Neural Network (DNN) model
produced by processing 8-bit vectors retrieved from network-
by training local models on two clients and then combining
based byte streams. Following that, each image is set to
their updates. The DNN model demonstrated an accuracy
256x256 pixels. Figure 3 depicts an example of 256x256
of 80.09% following three validations conducted by each
network traffic images for spoofing, Distributed Denial of Ser-
client. This result suggested that the model can detect side-
vice (DDoS), Message Queuing Telemetry Transport (MQTT),
channel attacks accurately. Wang et al. [17] used certificate-
and DoS. Smaller image sizes have been found to result in
less signatures in FL to hide where parameter updates come
a significant reduction in network traffic. For instance, the
from to protect medical devices from source inference attacks
picture converts megabytes of PCAP data into kilobytes. This
(SIAs). The proposed strategy incorporated an enhanced batch
has the potential to reduce computational power.
verification technique, which reduced the server’s workload.
Experimental results confirmed the efficacy of the suggested
approach in lowering SIA success rates and accelerating B. Data augmentation
signature verification. Mothukuri et al. [18] used an FL-based Data augmentation improves model performance and ad-
anomaly detection approach that uses data from individual dresses data imbalance in real-world datasets, especially when
devices to detect intrusions in IoT networks proactively. It identifying adverse network traffic on healthcare equipment
maintains local data, uses federated training cycles with GRUs, [20]. It involves transforming and modifying the training
and only communicates learned weights to the central server. dataset D to increase diversity and allow machine learning
The empirical findings indicate that decentralized systems models to learn from diverse network traffic patterns. To
exhibit better results in terms of privacy preservation and illustrate how data transmission and packet structure can vary,
accuracy. alternative orientations and sizes of network traffic images can
The main challenges in developing an FL technique are in- be simulated using random rotations (θ), flips, and scaling
termittent clients and imbalanced datasets. The primary focus (resize(x, y)). The following mathematical expressions de-
of this research is the intermittent connectivity of clients to a scribe these transformations using equations 1-2. - Rotating
variety of cybersecurity organizations. Furthermore, for local an image I by angle θ:
training, each client may have access to imbalanced malware
datasets. We developed a deep CNN-based FL approach to Irotated = rotate(I, θ). (1)
address the challenges of intermittent clients and imbalanced
datasets. - Resizing an image I to dimensions x × y:

III. P ROPOSED M ETHOD : F EDERATED E DGE Iresized = resize(I, x, y). (2)

I NTELLIGENCE FOR H EALTHCARE S ECURITY Additionally, adding random noise (ϵ) with mean µ and
A. Visual Features Extraction from Network Patterns standard deviation σ improves the model’s capacity to detect
Figure 2 shows the architectural framework of the proposed fragile network traffic anomalies. This noise enhancement is
approach. especially useful for medical devices since it mimics actual
PCAP files are critical to improving network security and changes and makes the model more resistant to chaotic
speed. They give detailed logs of network packets, which network conditions. Adding noise to an image I can be
aid in detecting irregularities and threats. These files are mathematically expressed using equation 3.
useful for investigating events by tracing breaches or network
difficulties. They also support protocol analysis, which aids Inoisy = I + ϵ, ϵ ∼ N (µ, σ). (3)

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 4

... GMU

FL Model
Local Training Local Training Local Training

Processing Traffic

Network Bytes

8-bit Conversion

Grayscale Image
Network Traffic Grayscale Images Crafted Adversarial

Attention ResNet: Local

Train Data Trained Model: LMU
Training

Adversarial Attacks
Federated Training with LMUs: Fed Avg GMUs
FGSM
IGSM
Targeted GSM Test Data GMU: Federated Testing and Generating Updates
PGD
.
Hybrid Intrusion ?, Class (DDoS, DoS, etc.)

Image

Fig. 2. Federated-based edge intelligence for healthcare devices using adversarial network traffic patterns

Data augmentation enhances machine learning models by

adding diverse transformations, helping them learn robust
features for better and more reliable detection of malicious
activity in healthcare devices [21]. To boost the performance
of our malware detection model, we applied data augmentation
techniques such as rotation, jitter, noise addition, cropping, and
Fig. 3. Image extraction from healthcare network traffic resizing. These strategies are critical in increasing the diversity
and variability of the training dataset, improving its robustness
and generalization. By simulating numerous real-world charac-
Additionally, the dataset is made more diverse by methods teristics such as evolving image orientation, position, and noise
like color jittering and cropping (crop(x, y)), which help levels, these augmentations enabled our model to handle a
the model acquire invariant properties across various spatial broader range of scenarios and reduce overfitting. This method
layouts and color distributions. The following can be used to is particularly helpful given the limited data available and
crop an image I to dimensions x × y using equation 4. the necessity for the model to work effectively in changing
scenarios.
Icropped = crop(I, x, y). (4)
C. Crafting Adversarial Examples
Color jittering, which alters brightness, contrast, saturation,
and hue, can be represented using equation 5. We used and evaluated four adversarial attack techniques:
PGD, FGSM, IGSM, and a novel hybrid strategy that com-
Ijittered = jitter(I, δbrightness , δcontrast , δsaturation , δhue ). (5) bined PGD and IGSM [22] [23]. As shown in Figure 4, we

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 5

Falsified Labels

Evasion Detection
Evasion Analysis

Perturbations
Traffic Flows
Evasion Attacks

Fig. 4. Overview of evasion attacks using abnormal network traffic flows

Algorithm 1: Generating images from network traffic for generating the adversarial example, x′ using equation 6.
Input: FP CAP : Folder containing PCAP files
Output: Images representing byte streams x′ = x + ϵ · sign(∇x J(θ, x, y)). (6)
Function GenerateImages(FP CAP ): The one-step simplicity of FGSM makes it excellent at
for each PCAP file pcap f ile ∈ FP CAP do producing adversarial samples rapidly, but it is typically in-
Open pcap f ile; effective against well-defended systems.
Initialize accumulated bytes ← {}; 2) Iterative Gradient Sign Method (IGSM): IGSM, which
Initialize total bytes ← 65536; stands for Basic Iterative Method (BIM), is an extension of
Initialize packet count ← 0; FGSM that uses iterative applications to achieve a cumulative
for each packet pi in pcap f ile do effect with fewer perturbations at each stage. The following is
byte stream: bytestreami ; how the technique improves the adverse effects after several
Accumulate byte streams iterations k using equations 7 and 8.
Pn
j=1 |bytestreamj | ≥ total bytes; (0)
Pk
if j=1 |accumulated bytesj | + x′ = x. (7)
n o
|bytestreami | ≥ total bytes then x′
(k+1) (k) (k)
= clipx,ϵ x′ + α · sign(∇x J(θ, x′ , y)) . (8)
Append bytestreami to
accumulated bytes; The step size is denoted by α, and perturbations are guar-
remaining
Pk bytes ← total bytes − anteed to be kept within a ϵ-ball surrounding the initial input
j=1 |accumulated bytesj |; x.
Truncate bytestreami to fit remaining 3) Projected Gradient Descent (PGD): PGD is an iterative
space; approach that functions as a resilient complement to IGSM.
Create image accumulated bytes; PGD employs FGSM at each iteration, then performs an
Save image; estimating step to guarantee perturbations stay within a defined
Increment packet count; ℓp norm ball. Here is the sequence of iterations using equations
Clear accumulated bytes; 9 and 10
Append bytestreami to
(0)
accumulated bytes; x′ = x. (9)

′ (k+1) ′ (k) ′ (k)
Save images to corresponding directories; x = Πx+Bp (ϵ) x + α · sign(∇x J(θ, x
, y)) .
(10)
The projection onto the norm ball of radius ϵ around x
is represented by Πx+Bp (ϵ) . It confirms that the adversarial
instances work as expected and remain within a reasonable
aim to assess how well these strategies generate adversarial perturbation bound.
examples that mislead a target model with few perturbations. 4) Hybrid Approach of PGD and IGSM): The hybrid
1) Fast Gradient Sign Method (FGSM): The FGSM algo- methodology leverages the distinctive features of both PGD
rithm perturbs input data x in the direction of the gradient of and IGSM. We utilize IGSM to generate adversarial instances
the loss function J(θ, x, y). It is simple and computationally and initiate the attack in this method. Then, it is imperative
efficient. The strength of the threat is regulated by the variable to optimize these examples further using PGD to ensure that
ϵ, which scales the perturbation. The following is the process they are within the intended perturbation limits and to enhance

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 6

their efficacy. The process can be described as follows using the global model w at time t can be expressed using
equations 11, 12 and 13. equation 14
• IGSM Initialization: wt+1 = wt − η · ∇f (wt ). (14)
′ (0)
x = x. (11) where η is the learning rate, ∇f (wt ) is the gradient of
(k+1)
n
(k) (k)
o the loss function concerning the model parameters w,
x′ = clipx,ϵ x′ + α · sign(∇x J(θ, x′ , y)) . computed based on the local data of each client. The
(12) healthcare devices, acting as clients, conduct mini-batch
• PGD Refinement: Stochastic Gradient Descent (SGD) on locally collected
(k+1)

(k) (k)
images using deep CNN. Our method employs sporadic
x′ = Πx+Bp (ϵ) x′ + α · sign(∇x J(θ, x′ , y)) . clients, represented by healthcare devices, sharing the
(13) same CNN framework and loss functions. Each device
This hybrid strategy combines the robust estimation of retrieves global model weights and computes a gradi-
PGD with the continuous refining of IGSM, leveraging the ent update after multiple SGD iterations, ensuring data
strengths of both techniques [24] [25]. The adversarial attack confidentiality. CNN, widely used for detection tasks,
generation technique that combines PGD and IGSM surpasses extracts information for deep training and potential gains
distinct methods such as FGSM, IGSM, and PGD. The ability in model capacity. Our deep CNN framework processes
of PGD to undertake significant gradient-based optimization, images on healthcare devices to produce LMU. It in-
along with the iterative improvement of IGSM, improves cludes three convolutional layers with filter sizes of 64,
the precision and effectiveness of adversarial instances. PGD 128, 256, and 512, respectively, followed by pooling
provides a strong starting estimation, and IGSM refines these layers, dropout layers, a fully connected layer, and
estimates to improve robustness and accuracy. Performance is a softmax layer. Batch normalization ensures training
greatly enhanced by this synergy, which guarantees that the stability, reducing overfitting risk [29] [30].
adversarial examples generated are both extremely effective 2) Global Training Process: Several causes can contribute
and resilient within the given limitations. to intermittent behavior among remote customers in FL,
including dropped connections, delayed data delivery,
and system failures. Existing methods often fail to ac-
D. Federated-based Edge Computing: Adversarial Attacks
count for this intermittency, resulting in a loss in model
Detection and Classification
accuracy. To solve this issue, we present a FL system
FL provides edge intelligence by processing data locally on capable of detecting adversarial attacks on a variety
each client device, reducing latency and enhancing privacy. of healthcare devices. It is critical to properly manage
This is particularly helpful as it allows for real-time detection clients’ inconsistent behavior, including their decision to
and classification of adversarial attacks directly on healthcare engage in or withdraw from training. The inclusion of
devices without sending sensitive data to a central server [26]. a new client and the removal of an existing one may
This research aims to leverage secure FL settings for detecting have an impact on the dataset balance. To accommodate
and classifying adversarial attacks on healthcare devices within irregular clients and unbalanced datasets, we suggest
the context of cybersecurity. McMahan et al. [27] introduced storing and using weights from paused clients for further
the FL approach for data-driven system design using dis- aggregations, or ignoring weights from departed clients
tributed data without relying on a centralized data center. in subsequent iterations. The best course of action is
This collaborative learning framework, which requires only the context-dependent; variables such as dataset imbalance
sharing of model updates, can significantly enhance security and client engagement influence the relative advantages
and privacy, particularly for healthcare devices more suscepti- of the two strategies.
ble to cyberattacks. A timely and comprehensive understand- In FL, the global server handles dynamic client behavior
ing of cyberattacks, such as spoofing, intrusion, anomaly, caused by network issues and delays by employing asyn-
and Denial of Service (DoS), is crucial for developing and chronous aggregation, which allows it to incorporate updates
improving cyber defense models and methods. Consequently, from clients at various times. It properly schedules clients,
FL has tremendous potential to secure cyberspace at device uses robust aggregation methods to handle delays and lost
and network levels. updates, and adjusts learning rates based on client behavior.
1) Localized Training Process: In a FL scenario, a soft Furthermore, despite fluctuations in client connectivity and
federation of distinct entities or machines, referred to as availability, the training process is made durable and success-
clients, is coordinated to train a model. In our case, these ful by employing appropriate communication protocols and
clients could be various medical institutions or devices fault recovery methods. To assess our method, we conducted
using adversarial network images generated on medical extensive experiments with intermittent clients and varied
devices [28]. Each client maintains local training data, adversarial attack image sizes. These studies give information
known as Local Model Update (LMU), which updates on the efficacy of various ways for minimizing the effects of
the current global model. Therefore, client data is never intermittent client behavior on FL systems. The heterogeneity
transmitted to the global server; only the latest model in network data samples often leads to a lack of generaliza-
update is shared. Mathematically, the update process for tion. Consequently, a model with high performance in one

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 7

network may be inefficient at detecting attacks in another.

This is due to each organizational network having its own
Standard Operating Environments (SOEs) [31] and various
potential attacks. The conditional distribution of the used data
reflects these threats. Machine learning models heavily rely
on mining useful features to differentiate between benign and
malicious samples. Therefore, training a threat detection model
necessitates a broad range of data samples. In ML-based
attack detection, data scarcity and heterogeneity are critical
considerations in each ML scenario [32] [33].

IV. R ESULTS AND D ISCUSSIONS

A. Dataset preparation Fig. 5. Dynamic local and global accuracy curves using 2 clients
We evaluated the proposed approach with two standard and
realistic datasets, such as CICIoMT2024 1 [34], and Edge-
IIoT 2 [35]. The CICIoMT2024 dataset includes healthcare (observedacc − expectedacc
equipment attack vectors. The dataset evaluates IoMT security Kappa = . (19)
(1 − expectedacc )
by analyzing attacks on 40 devices (25 real and 15 simulated)
using healthcare protocols such as Wi-Fi, Queuing Telemetry where, total = T P + T N + F P + F N, observedacc =
Transport (MQTT), and Bluetooth. There have been five (T P + T N )/total, a = (T P + F N ) ∗ (T P + F P )/total, b =
identified attacks: DDoS, DoS, recon, MQTT, and spoofing. A (F P + T N ) ∗ (F N + T N )/total, and expectedacc = (a +
network tap created a security and profiling dataset by replay- b)/total.
ing real-time packets between the switch and Wi-Fi/MQTT-
capable IoMT devices. Edge-IIoT, the second dataset, was C. Performance Analysis and Comparisons
developed using an IoT/IIoT testbed, which included devices,
sensors, protocols, and edge configurations. This compilation The proposed method is tested on various clients to examine
comprises data from over 10 IoT devices, including low- intermittent behavior. Figures 5-8 illustrate the local and global
cost digital temperature and humidity sensors. There are 14 accuracy curves used to study the dynamic behavior of the
attacks on IoT and IIoT communication protocols, including proposed system. The proposed method is tested with clients
DoS/DDoS, information gathering, man-in-the-middle, Injec- numbered 2, 3, 10, and 15. It is determined that expanding the
tion, and Malware. Alarms, system resources, logs, and net- number of clients yields the best improvements. Having more
work traffic datasets have 61 significantly related features from FL clients boosts performance due to the diversity of datasets,
1176. parallel processing, integrated knowledge, confidentiality, and
reliability. Figure 5 illustrates the two clients’ local and global
accuracy curves. The green and orange colors represent the
B. Performance indicators
clients, while the blue represents the global averaged accuracy
We selected various network traffic-based images and sev- values. Both clients start at around 63% accuracy, but the
eral clients to evaluate the proposed method comprehensively. global server starts at 58%. After a few epochs, client 1 has
The proposed method is evaluated using two publicly available worse performance than client 2. Client 1 has 70% accuracy,
standard datasets, CICIoMT2024 and Edge-IIoT. We measured whereas client 2 has 92% on the 22nd epoch. Furthermore, the
performance using precision, recall, F-measure, Kappa, and global accuracy curve performs similarly depending on client
accuracy. These metrics are calculated from True Positives 2. Overall, client 1 performs poorly because it frequently loses
(TP), False Positives (FP), True Negatives (TN), and False precision. Figure 6 illustrates three clients’ local and global
Negatives (FN) counts. The performance measures are pro- accuracy values. When compared to each other, their dynamic
vided by Equations 15-19. values vary greatly. Client 1 has the lowest performance, client
TP 3 has the highest, and client 2 is somewhat in the middle. The
P recision = . (15) global accuracy curve also performs roughly in the middle.
(T P + F P )
For instance, on epoch 20, client 1 has 65% accuracy, client
FP 3 has 99%, client 2 has 87%, and global accuracy is 77%.
Recall = . (16)
(F P + T N ) After the 30th epoch, the three clients and the global server
(2 ∗ T P ) are behaving similarly. Figure 7 depicts the local and global
F − measure = . (17) accuracy curves for ten clients. It demonstrates significant
(2T P + F P + F N )
variances in client performance, although the global server
(T P + T N ) performs better after the 23rd epoch. Our key goal is for the
Accuracy = . (18)
(T P + T N + F P + F N ) global server to perform better by averaging client weights and
1 https://www.unb.ca/cic/datasets/iomt-dataset-2024.html leveraging varied datasets. Similarly, 8 illustrates the dynamic
2 https://www.kaggle.com/datasets/mohamedamineferrag/ local and global accuracy curves with 15 clients. Overall, the
edgeiiotset-cyber-security-dataset-of-iot-iiot/code global server improves after the 28th epoch.

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 8

Fig. 6. Dynamic local and global accuracy curves using 3 clients Fig. 8. Dynamic local and global accuracy curves using 15 clients

Fig. 7. Dynamic local and global accuracy curves using 10 clients Fig. 9. Dynamic local and global loss curves using 2 clients

Figures 9-12 depict the dynamic local and global loss Table II compares the performance of several attack detec-
values. Figure 9 analyzes two clients with a global server. tion methods using the Edge-IIoT dataset. Similar to Table
The major purpose is to obtain the declining trend for each I, hybrid attacks are identified more effectively than other
epoch. For instance, client 1, client 2, and the global server methods. For the hybrid attack, the precision, recall, f1 score,
begin with a 70% loss and steadily reduce. Client 1 displays and accuracy are 98.9%, 100%, 98.8%, and 99.2%. Similarly,
slightly larger loss values than client 2 and the global server. the same performance measurements are lowest for FGSM,
At the 38th epoch, client 1 has a 10% loss, whereas client 2 but PGD is superior. Table III presents performance metrics,
has 2%. Figure 10 illustrates three clients’ local and global loss including precision, recall, and f1 score for classifying adver-
values. Client 1 has the biggest loss of over 100% on the 24th sarial attacks on the CICIOMT2024 dataset. There are five
epoch, while client 3 has the lowest loss of 2%. Client 2 and classes: DDoS, DoS, MQTT, Recon, and Spoofing. As can be
the global server both show slightly higher second-best losses. observed, hybrid adversarial attacks are accurately divided into
Figures 11 and 12 demonstrate loss values for ten and fifteen five distinct attacks. For instance, DDoS (94.7%, 96%, 96.1%),
clients, respectively. It can be observed that the global server DoS (97.6%, 98.1%, 97.6%), MQTT (95.8%, 98.7%, 98.3%),
always performs better with a larger number of clients after Recon (98.2%, 94%, 95.9%), and Spoofing (100%, 100%,
a few epochs, which is the primary purpose of the proposed 100%). Table IV shows the performance classification of sev-
approach. Table I compares the performance of several forms eral adversarial attacks on the Edge-IIoT dataset. We presented
of adversarial attack detection on the CICIOMT2024 dataset. adversarial examples for FGSM and hybrid to demonstrate
The FGSM attack is identified with reduced performance, the effectiveness of the proposed approach. The Edge-IIoT
whereas the hybrid is detected with maximum performance. dataset has 14 categories, and the suggested strategy is more
Although the hybrid attack is the most powerful feature attack accurate in classifying hybrid-based adversarial attacks. Table
due to the combination of IGSM and PGD. The proposed V presents classification accuracy utilizing four adversarial
method remains the most effective. For instance, the FGSM attacks for the suggested technique. The hybrid technique
attack has precision, recall, and f1-score, with accuracy of achieves the greatest classification rate of 97.45% utilizing
93.2%, 97.2%, 95.6%, and 95.2%. The performance measures the CICIoMT2024 dataset and 96.7% with the Edge-IIoTset
for hybrid attacks are 98.3%, 100%, 99%, and 99.34%. The dataset.
PGD attack is detected more than the other two approaches To provide deeper analysis, the confusion matrix can show
(FGSM and IGSM), but less than the hybrid strategy. For the correct and incorrect classification rates for each class
instance, the PGD has precision, recall, f1-score, and accuracy in the dataset. Figure 13 presents the confusion matrix
of 98.3%, 100%, 99%, and 99.34%, respectively. for FGSM-based adversarial attack detection with the CI-

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 9

Fig. 10. Dynamic local and global loss curves using 3 clients Fig. 12. Dynamic local and global loss curves using 15 clients

TABLE I
P ERFORMANCE COMPARISONS FOR ADVERSARIAL ATTACKS DETECTION
USING CICI O MT2024

Adversarial Traffic Precision Recall F1 Score Accuracy

FGSM Benign 96.0 94.3 95.0 95.2
Attack 93.2 97.2 95.6
IGSM Benign 99.0 95.0 97.2 96.73
Attack 95.7 99.1 97.5
PGD Benign 100 97.4 99.3 98.86
Attack 98.4 100 99.0
Hybrid Benign 100 98.0 99.2 99.34
Attack 98.3 100 99.0

Fig. 11. Dynamic local and global loss curves using 10 clients FL server. This approach improves global ML model accuracy
and offers superior privacy protection and attack detection,
achieving 95.6% accuracy. Zhang et al. [36] used GANs
CIoMT2024 dataset. The benign and attack are successfully to study poisoning threats in FL, where attackers simulate
identified at 92% and 97%, respectively. Figure 14 depicts the participants to generate poisoned updates from copied samples.
confusion matrix for hybrid-based adversarial attack detection Their method can produce samples with over 80% accuracy
using the CICIoMT2024 dataset. The benign and attack are for both poisoning and main activities. The proposed approach
appropriately identified at 98% and 100% respectively. Figure provides better performance, i.e., 97.45% as compared to the
15 depicts the confusion matrix for the hybrid adversarial related works.
approach with the Edge-IIoTset dataset. Figure 16 shows the
confusion matrix for FGSM-based adversarial attack classi- V. C ONCLUSION
fication on the CICIoMT2024 dataset. DDoS, DoS, MQTT,
Recon, and Spoofing are correctly characterized at 92%. 83%, SHS is a contemporary consumer electronics concept that
91%, 92%, and 100%. Figure 17 illustrates the confusion emerged from the integration of networked personal medical
matrix for hybrid adversarial attack classification. DDoS, DoS,
MQTT, Recon, and Spoofing are accurately identified at 96%.
98%, 99%, 94%, and 100%. Figure 18 presents the confusion
matrix for adversarial attack classification using the Edge-
IIoTset dataset.
Table VI presents a performance comparison with related
studies. Fan et al. [9] introduced a method for generating
adaptable adversarial instances without a replacement model,
achieving a 95.16% success rate. Their approach involves
image-to-graph transformation, perturbation on the graph, and
graph-to-image inversion. Le et al. [14] developed FedKC, a
personalized FL algorithm for resisting model poisoning in the
consumer health metaverse. FedKC provides tailored medical
treatments for new users and demonstrated 91.1% accuracy
in mitigating attacks and enhancing client customization in
experimental tests. Viraaji et al. [18] developed a method for
detecting FL anomalies in IoT networks using GRUs and de- Fig. 13. FGSM-based Adversarial attacks detection using CICIoMT2024
centralized on-device data, sending only learned weights to the dataset

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 10

TABLE II
P ERFORMANCE COMPARISONS FOR ADVERSARIAL ATTACKS DETECTION
USING E DGE -II OT SET

Adversarial Traffic Precision Recall F1 Score Accuracy

FGSM Benign 94.8 98.3 96.0 95.2
Attack 97.0 94.7 96.1
IGSM Benign 93.9 100 97.0 96.1
Attack 100 93.4 95.8
PGD Benign 98.8 99.0 99.0 99.1
Attack 99.2 99.4 98.7
Hybrid Benign 100 99.0 99.6 99.2
Attack 98.9 100 98.8

TABLE III
P ERFORMANCE COMPARISONS FOR ADVERSARIAL ATTACKS
CLASSIFICATION USING CICI O MT2024

Adversarial Attack Precision Recall F1 Score

FGSM DDoS 79.9 92.1 85.8
Fig. 14. Hybrid-based Adversarial attacks detection using CICIoMT2024 DoS 92.1 83.4 87.6
dataset MQTT 87.8 91.0 89.3
Recon 99.0 92.7 94.8
Spoofing 100 100 100
IGSM DDoS 85.0 91.1 87.0
DoS 89.8 88.3 88.9
MQTT 93.5 95.0 94.0
Recon 99.0 91.7 95.1
Spoofing 100 100 100
PGD DDoS 93.1 88.7 91.1
DoS 96.8 93.2 95.0
MQTT 94.5 98.4 97.6
Recon 91.0 94.4 93.7
Spoofing 100 100 100
Hybrid DDoS 94.7 96.0 96.1
DoS 97.6 98.1 97.6
MQTT 95.8 98.7 98.3
Recon 98.2 94.0 95.9
Spoofing 100 100 100

devices. These systems collected data, sent it to smart devices

for analysis, and delivered healthcare services using edge
computing and medical equipment. However, the possibility of
Fig. 15. Hybrid-based Adversarial attacks detection using Edge-IIoTset cyberattacks increased as a result of this interconnectedness,
dataset
especially in vital industries like healthcare, where attacks
on consumer medical equipment were common. Massive vol-
umes of data from medical devices also offered significant

Fig. 16. FGSM-based Adversarial attacks classification using CICIoMT2024

dataset
Fig. 17. Hybrid-based Adversarial attacks classification using CICIoMT2024
dataset

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 11

TABLE IV
P ERFORMANCE COMPARISONS FOR ADVERSARIAL ATTACKS CLASSIFICATION USING E DGE -II OT SET

Adversarial Attack Precision Recall F1-score

FGSM Backdoor 68.8 74.1 71.0
DDoS HTTP Flood 83.4 91.2 87.5
DDoS ICMP Flood 89.0 96.1 92.1
DDoS TCP SYN Flood 94.8 86.3 91.0
DDoS UDP Flood 98.0 99.0 99.1
MITM (ARP spoofing + DNS) 78.0 88.9 83.5
OS Fingerprinting 96.6 99.4 98.3
Password 90.7 57.4 70.1
Port Scanning 99.1 95.4 97.1
Ransomware 98.0 100 98.9
SQL injection 75.4 78.2 77.5
Uploading 91.3 90.2 90.0
Vulnerability scanner 0.99 99.3 998.7
XSS 0.99.0 98.4 98.8
Hybrid Backdoor 89.1 96.4 91.6
DDoS HTTP Flood 97.4 97.1 96.6
DDoS ICMP Flood 98.1 97.6 98.0
DDoS TCP SYN Flood 91.7 94.4 93.1
DDoS UDP Flood 99.8 100 100
MITM (ARP spoofing + DNS) 84.5 94.8 89.0
OS Fingerprinting 98.2 100 99.6
Password 96.1 80.6 0.88
Port Scanning 100 95.3 96.9
Ransomware 0.98 100 0.99
SQL injection 100 95.7 98.3
Uploading 98.4 99.0 99.0
Vulnerability scanner 100 99.1 98.6
XSS 99.3 100 99.0

TABLE VI
P ERFORMANCE COMPARISON WITH RECENT AND RELATED WORKS
TABLE V
C LASSIFICATION ACCURACY USING CICI O MT2024 AND E DGE -II OT SET Work Method Performance
Fan et al. [10] Graph-based Sampling 95.16
Datasets Adversarial Method Accuracy
Le et al. [13.2] Personalized FL 91.4
CICIoMT2024 FGSM 92.3 Viraaji et al. [17] GRUs with FL 95.65
IGSM 93.11 Zhang et al. [34] GANs-based FL 80.0
PGD 95.18 Our Method Adversarial examples with FL 97.45
Hybrid 97.45
Edge-IIoTset FGSM 90.14
IGSM 91.33
PGD 94.52 challenges in terms of storage and security. Utilizing edge
Hybrid 96.7
computing as a layer between the cloud and SHS is crucial to
overcoming these challenges. The proposed method enhanced
security and privacy while simplifying the processing of large
volumes of data. We used an edge intelligence approach that
included suspicious examples of network traffic and FL to
solve these issues and enhance the security of medical devices
in SHS. On standard datasets, CICIoMT2024 and Edge-IIoT
detect and mitigate adversarial attacks with 97.45% and 96.7%
accuracy, respectively. This emphasizes the crucial need for
creative solutions that improve healthcare data security while
assuring the continued delivery of essential healthcare ser-
vices. Our work protects sensitive healthcare data and strength-
ens SHSs against cyber-attacks, hence improving the security
of existing healthcare technology. FL protects medical data by
storing it on local devices and delivering only model updates
instead of raw data. Security and privacy can be enhanced by
the use of blockchain technology, homomorphic encryption,
safe aggregation, and differential privacy. While homomorphic
encryption allows computations on encrypted data, secure
Fig. 18. Hybrid-based Adversarial attacks classification using Edge-IIoTset aggregation uses cryptographic algorithms to protect updates,
dataset and blockchain ensures apparent process recording, differential
privacy adds noise to model updates. Data privacy is further

IEEE TRANSACTIONS ON CONSUMER ELECTRONICS, VOL. , NO. , AUGUST 2023 12

enhanced by regular security audits and regulatory compliance. [18] V. Mothukuri, P. Khare, R. M. Parizi, S. Pouriyeh, A. Dehghantanha,
and G. Srivastava, “Federated-learning-based anomaly detection for iot
security attacks,” IEEE Internet of Things Journal, vol. 9, no. 4, pp.
ACKNOWLEDGMENTS 2545–2554, 2021.
[19] S. Ni, Q. Qian, and R. Zhang, “Malware identification using visual-
The authors extend their appreciation to Researcher Sup- ization images and deep learning,” Computers & Security, vol. 77, pp.
871–885, 2018.
porting Project number (RSPD2024R582), King Saud Univer- [20] P. Chlap, H. Min, N. Vandenberg, J. Dowling, L. Holloway, and A. Ha-
sity, Riyadh, Saudi Arabia. worth, “A review of medical image data augmentation techniques for
deep learning applications,” Journal of Medical Imaging and Radiation
Oncology, vol. 65, no. 5, pp. 545–563, 2021.
R EFERENCES [21] E. Lashgari, D. Liang, and U. Maoz, “Data augmentation for deep-
learning-based electroencephalography,” Journal of Neuroscience Meth-
ods, vol. 346, p. 108885, 2020.
[1] A. Rahman, M. S. Hossain, N. A. Alrajeh, and F. Alsolami, “Adversarial
[22] A. Mustafa, S. Khan, M. Hayat, R. Goecke, J. Shen, and L. Shao,
examples—security threats to covid-19 deep learning systems in medical
“Adversarial defense by restricting the hidden space of deep neural
iot devices,” IEEE Internet of Things Journal, vol. 8, no. 12, pp. 9603–
networks,” in Proceedings of the IEEE/CVF International Conference
9610, 2020.
on Computer Vision, 2019, pp. 3385–3394.
[2] H. R. Chi, M. de Fátima Domingues, H. Zhu, C. Li, K. Kojima, and
[23] Y. Shi, Y. Han, Q. Hu, Y. Yang, and Q. Tian, “Query-efficient black-
A. Radwan, “Healthcare 5.0: In the perspective of consumer internet-
box adversarial attack with customized iteration and sampling,” IEEE
of-things-based fog/cloud computing,” IEEE Transactions on Consumer
Transactions on Pattern Analysis and Machine Intelligence, vol. 45,
Electronics, vol. 69, no. 4, pp. 745–755, Nov 2023.
no. 2, pp. 2226–2245, 2022.
[3] T. Yaqoob, H. Abbas, and M. Atiquzzaman, “Security vulnerabilities,
[24] Y. Zhao, K. Xu, H. Wang, B. Li, M. Qiao, and H. Shi, “Mec-
attacks, countermeasures, and regulations of networked medical de-
enabled hierarchical emotion recognition and perturbation-aware defense
vices—a review,” IEEE Communications Surveys & Tutorials, vol. 21,
in smart cities,” IEEE Internet of Things Journal, vol. 8, no. 23, pp.
no. 4, pp. 3723–3768, 2019.
16 933–16 945, 2021.
[4] D. Li, Q. Li, Y. Ye, and S. Xu, “A framework for enhancing deep neural
[25] F. Chen, J. Wang, H. Liu, W. Kong, Z. Zhao, L. Ma, H. Liao, and
networks against adversarial malware,” IEEE Transactions on Network
D. Zhang, “Frequency constraint-based adversarial attack on deep neural
Science and Engineering, vol. 8, no. 1, pp. 736–750, 2021.
networks for medical image classification,” Computers in Biology and
[5] L. Lyu, H. Yu, X. Ma, C. Chen, L. Sun, J. Zhao, Q. Yang, and Medicine, vol. 164, p. 107248, 2023.
S. Y. Philip, “Privacy and robustness in federated learning: Attacks and [26] E. Rabieinejad, A. Yazdinejad, A. Dehghantanha, and G. Srivastava,
defenses,” IEEE transactions on neural networks and learning systems, “Two-level privacy-preserving framework: Federated learning for attack
2022. detection in the consumer internet of things,” IEEE Transactions on
[6] F. Ullah, G. Srivastava, S. Ullah, and L. Mostarda, “Privacy-preserving Consumer Electronics, vol. 70, no. 1, pp. 4258–4265, Feb 2024.
federated learning approach for distributed malware attacks with in- [27] B. McMahan, E. Moore, D. Ramage, S. Hampson, and B. A. y. Arcas,
termittent clients and image representation,” IEEE Transactions on “Communication-efficient learning of deep networks from decentralized
Consumer Electronics, vol. 70, no. 1, pp. 4585–4596, Feb 2024. data,” in Artificial intelligence and statistics. PMLR, 2017, pp. 1273–
[7] A. I. Newaz, A. K. Sikder, M. A. Rahman, and A. S. Uluagac, “A survey 1282.
on security and privacy issues in modern healthcare systems: Attacks [28] N. Rieke, J. Hancox, W. Li, F. Milletari, H. R. Roth, S. Albarqouni,
and defenses,” ACM Transactions on Computing for Healthcare, vol. 2, S. Bakas, M. N. Galtier, B. A. Landman, K. Maier-Hein et al., “The
no. 3, pp. 1–44, 2021. future of digital health with federated learning,” NPJ digital medicine,
[8] A. I. Newaz, A. K. Sikder, L. Babun, and A. S. Uluagac, “Heka: A vol. 3, no. 1, pp. 1–7, 2020.
novel intrusion detection system for attacks to personal medical devices,” [29] A. Y. A. Amer, J.-M. Aerts, B. Vanrumste, and S. Luca, “A localized
in 2020 IEEE Conference on Communications and Network Security learning approach applied to human activity recognition,” IEEE Intelli-
(CNS). IEEE, 2020, pp. 1–9. gent Systems, vol. 36, no. 3, pp. 58–71, 2020.
[9] X. Fan et al., “Gcsa: A new adversarial example-generating scheme [30] R. Zuech, T. M. Khoshgoftaar, and R. Wald, “Intrusion detection and
toward black-box adversarial attacks,” IEEE Transactions on Consumer big heterogeneous data: a survey,” Journal of Big Data, vol. 2, pp. 1–41,
Electronics, vol. 70, no. 1, pp. 2038–2048, Feb 2024. 2015.
[10] M. Zhang, Y. Duan, H. Yin, and Z. Zhao, “Semantics-aware android mal- [31] T. R. Peltier, Information Security Policies, Procedures, and Standards:
ware classification using weighted contextual api dependency graphs,” guidelines for effective information security management. CRC press,
in Proceedings of the 2014 ACM SIGSAC Conference on Computer and 2016.
Communications Security, 2014, pp. 1105–1116. [32] E. Bagdasaryan, A. Veit, Y. Hua, D. Estrin, and V. Shmatikov, “How to
[11] H. Gao, S. Cheng, W. J. C. Zhang, and Security, “Gdroid: Android backdoor federated learning,” in International conference on artificial
malware detection and classification with graph convolutional network,” intelligence and statistics. PMLR, 2020, pp. 2938–2948.
Computers & Security, vol. 106, p. 102264, 2021. [33] V. Mothukuri, R. M. Parizi, S. Pouriyeh, Y. Huang, A. Dehghantanha,
[12] X. Zhang, L. Hao, G. Gui, Y. Wang, B. Adebisi, and H. Sari, “An and G. Srivastava, “A survey on security and privacy of federated
automatic and efficient malware traffic classification method for secure learning,” Future Generation Computer Systems, vol. 115, pp. 619–640,
internet of things,” IEEE Internet of Things Journal, 2023. 2021.
[13] R. Kumari, D. K. Sah, S. Gupta, K. Cengiz, and N. Ivković, “Advancing [34] S. e. a. Dadkhah, “Ciciomt2024: Attack vectors in healthcare devices-a
medical recommendations with federated learning on decentralized multi-protocol dataset for assessing iomt device security,” 2024.
data: A roadmap for implementation,” IEEE Transactions on Consumer [35] M. A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, and H. Janicke,
Electronics, vol. 70, no. 1, pp. 2666–2674, Feb 2024. “Edge-iiotset: A new comprehensive realistic cyber security dataset of
[14] M. Guduri, C. Chakraborty, U. Maheswari, and M. Margala, iot and iiot applications for centralized and federated learning,” IEEE
“Blockchain-based federated learning technique for privacy preservation Access, vol. 10, pp. 40 281–40 306, 2022.
and security of smart electronic health records,” IEEE Transactions on [36] J. Zhang, J. Chen, D. Wu, B. Chen, and S. Yu, “Poisoning attack in
Consumer Electronics, vol. 70, no. 1, pp. 2608–2617, Feb. 2024. federated learning using generative adversarial nets,” in 2019 18th IEEE
[15] W. Schneble and G. Thamilarasu, “Attack detection using federated international conference on trust, security and privacy in computing and
learning in medical cyber-physical systems,” in Proc. 28th Int. Conf. communications/13th IEEE international conference on big data science
Comput. Commun. Netw. (ICCCN), vol. 29, 2019, pp. 1–8. and engineering (TrustCom/BigDataSE). IEEE, 2019, pp. 374–380.
[16] A. Rehman, I. Razzak, and G. Xu, “Federated learning for privacy
preservation of healthcare data from smartphone-based side-channel
attacks,” IEEE Journal of Biomedical and Health Informatics, vol. 27,
no. 2, pp. 684–690, 2022.
[17] W. Wang, X. Li, X. Qiu, X. Zhang, V. Brusic, and J. Zhao, “A
privacy preserving framework for federated learning in smart healthcare
systems,” Information Processing & Management, vol. 60, no. 1, p.
103167, 2023.