The rise of heterogeneous Internet of Things (IoT) devices has raised security concerns due to their vulnerability to cyberattacks. Intrusion Detection Systems (IDS) are crucial in addressing these threats. Federated Learning (FL) offers a privacy-preserving solution, but IoT heterogeneity and limited computational resources cause increased latency and reduced performance. This paper introduces a novel approach Cluster-based federated intrusion detection with lightweight networks for heterogeneous IoT designed to address these limitations. The proposed framework utilizes a hierarchical IoT architecture that encompasses edge, fog, and cloud layers. Intrusion detection clients operate at the fog layer, leveraging federated learning to enhance data privacy and distributed processing efficiency. To enhance efficiency, the method employs the lightweight MobileNet model alongside a hybrid loss function that integrates Gumbel-SoftMax and SoftMax, optimizing resource consumption while maintaining high detection accuracy. A key feature of this approach is clustering IoT devices based on hardware similarities, enabling more efficient model training and aggregation tailored to each cluster's computational capacity. This strategy not only simplifies the complexity of managing heterogeneous data and devices but also improves scalability and overall system performance. To validate the effectiveness of the proposed method, extensive experiments were conducted using the ToN-IoT and CICDDoS2019 datasets. Results demonstrate that the proposed approach reduces end-to-end training time by 2.47x compared to traditional FL methods, achieves 2.16x lower testing latency, and maintains exceptionally high detection accuracy of 99.22% and 99.02% on the ToN-IoT and CICDDoS2019 datasets, respectively.

翻译：异构物联网设备的兴起因其易受网络攻击而引发了安全担忧。入侵检测系统在应对这些威胁中至关重要。联邦学习提供了一种隐私保护的解决方案，但物联网的异构性和有限的计算资源会导致延迟增加和性能下降。本文提出了一种新颖的方法——面向异构物联网的轻量级网络集群联邦入侵检测，旨在解决这些局限性。所提出的框架采用了一种包含边缘层、雾层和云层的分层物联网架构。入侵检测客户端在雾层运行，利用联邦学习来增强数据隐私和分布式处理效率。为了提高效率，该方法采用了轻量级的MobileNet模型以及一个融合了Gumbel-SoftMax和SoftMax的混合损失函数，从而在保持高检测精度的同时优化了资源消耗。该方法的一个关键特性是基于硬件相似性对物联网设备进行聚类，从而能够根据每个集群的计算能力进行更高效的模型训练和聚合。这一策略不仅简化了管理异构数据和设备的复杂性，还提高了可扩展性和整体系统性能。为了验证所提方法的有效性，使用ToN-IoT和CICDDoS2019数据集进行了大量实验。结果表明，与传统联邦学习方法相比，所提方法将端到端训练时间减少了2.47倍，测试延迟降低了2.16倍，并且在ToN-IoT和CICDDoS2019数据集上分别保持了99.22%和99.02%的极高检测精度。