Federated anomaly detection with Isolation Forest in the IoT network
With the advancement of modern technology, the utilization of various devices in daily life has become increasingly extensive. Particularly with the emergence of the Internet of Things (IoT), numerous devices are now interconnected within networks. However, alongside the convenience brought by IoT, attacks targeting these devices have also emerged as a major concern. These IoT devices continuously generate and transmit data containing crucial user information. Exploiting this characteristic, attackers initiate malicious attacks to compromise this valuable data. To safeguard users from such threats, timely detection and identification are essential before any damage occurs. In addressing this issue, this thesis initially reviews state-of-the-art anomaly detection methods and proposes a novel framework that combines Federated Learning with Isolation Forests based on identified gaps in existing approaches. The framework performs tree construction on the clients’ end and further uploads the encrypted data containing the nodes’ information of the trees to the central server for the forest construction, after multiple interactions, the abnormal behaviour in the clients could be able to be identified more effectively and ultimately improved the accuracy of the detection results while protecting the privacy of the client data.