With the proliferation of the Internet of Things (IoT) and the rising interconnectedness of devices, network security faces significant challenges, especially from anomalous activities. While traditional machine learning-based intrusion detection systems (ML-IDS) effectively employ supervised learning methods, they possess limitations such as the requirement for labeled data and challenges with high dimensionality. Recent unsupervised ML-IDS approaches such as AutoEncoders and Generative Adversarial Networks (GAN) offer alternative solutions but pose challenges in deployment onto resource-constrained IoT devices and in interpretability. To address these concerns, this paper proposes a novel federated unsupervised anomaly detection framework, FedPCA, that leverages Principal Component Analysis (PCA) and the Alternating Directions Method Multipliers (ADMM) to learn common representations of distributed non-i.i.d. datasets. Building on the FedPCA framework, we propose two algorithms, FEDPE in Euclidean space and FEDPG on Grassmann manifolds. Our approach enables real-time threat detection and mitigation at the device level, enhancing network resilience while ensuring privacy. Moreover, the proposed algorithms are accompanied by theoretical convergence rates even under a subsampling scheme, a novel result. Experimental results on the UNSW-NB15 and TON-IoT datasets show that our proposed methods offer performance in anomaly detection comparable to nonlinear baselines, while providing significant improvements in communication and memory efficiency, underscoring their potential for securing IoT networks.

翻译：随着物联网（IoT）的普及和设备互联性的日益增强，网络安全面临重大挑战，尤其是来自异常活动的威胁。虽然基于传统机器学习的入侵检测系统（ML-IDS）能有效运用监督学习方法，但其存在诸如需要标注数据和高维数据处理困难等局限性。近期无监督ML-IDS方法（如自编码器和生成对抗网络）提供了替代解决方案，但在部署到资源受限的IoT设备及可解释性方面仍存在挑战。为解决这些问题，本文提出一种新颖的联邦无监督异常检测框架FedPCA，该框架利用主成分分析（PCA）和交替方向乘子法（ADMM）来学习分布式非独立同分布数据集的共同表示。基于FedPCA框架，我们提出了两种算法：欧几里得空间中的FEDPE算法和Grassmann流形上的FEDPG算法。我们的方法支持设备级实时威胁检测与缓解，在确保隐私的同时增强网络韧性。此外，所提算法即使在子采样方案下仍具有理论收敛速率，这是一项创新性成果。在UNSW-NB15和TON-IoT数据集上的实验结果表明，我们提出的方法在异常检测性能上可与非线性基线方法相媲美，同时在通信和内存效率方面实现显著提升，凸显了其在保护IoT网络安全方面的潜力。