The rapid proliferation of Internet of Things (IoT) devices across domains such as smart homes, industrial control systems, and healthcare networks has significantly expanded the attack surface for cyber threats, including botnet-driven distributed denial-of-service (DDoS), malware injection, and data exfiltration. Conventional intrusion detec- tion systems (IDS) face critical challenges like privacy, scala- bility, and robustness when applied in such heterogeneous IoT environments. To address these issues, we propose SecureDyn- FL, a comprehensive and robust privacy-preserving federated learning (FL) framework tailored for intrusion detection in IoT networks. SecureDyn-FL is designed to simultaneously address multiple security dimensions in FL-based IDS: (1) poisoning detection through dynamic temporal gradient auditing, (2) privacy protection against inference and eavesdrop- ping attacks through secure aggregation, and (3) adaptation to heterogeneous non-IID data via personalized learning. The framework introduces three core contributions: (i) a dynamic temporal gradient auditing mechanism that leverages Gaussian mixture models (GMMs) and Mahalanobis distance (MD) to detect stealthy and adaptive poisoning attacks, (ii) an optimized privacy-preserving aggregation scheme based on transformed additive ElGamal encryption with adaptive pruning and quantization for secure and efficient communication, and (iii) a dual-objective personalized learning strategy that improves model adaptation under non-IID data using logit-adjusted loss. Extensive experiments on the N-BaIoT dataset under both IID and non-IID settings, including scenarios with up to 50% adversarial clients, demonstrate that SecureDyn- FL consistently outperforms state-of-the-art FL-based IDS defenses.

翻译：物联网设备在智能家居、工业控制系统和医疗网络等领域的快速普及，显著扩大了网络威胁的攻击面，包括僵尸网络驱动的分布式拒绝服务攻击、恶意软件注入和数据窃取。传统的入侵检测系统在此类异构物联网环境中应用时，面临着隐私、可扩展性和鲁棒性等关键挑战。为解决这些问题，我们提出了SecureDyn-FL，一个专为物联网网络入侵检测设计的全面且鲁棒的隐私保护联邦学习框架。SecureDyn-FL旨在同时解决基于联邦学习的入侵检测系统中的多个安全维度：（1）通过动态时序梯度审计实现投毒检测，（2）通过安全聚合抵御推理和窃听攻击以实现隐私保护，以及（3）通过个性化学习适应异构的非独立同分布数据。该框架引入了三个核心贡献：（i）一种动态时序梯度审计机制，利用高斯混合模型和马氏距离来检测隐蔽和自适应的投毒攻击；（ii）一种基于变换的加法ElGamal加密的优化隐私保护聚合方案，结合自适应剪枝和量化，以实现安全高效的通信；（iii）一种双目标个性化学习策略，使用对数调整损失函数来改善非独立同分布数据下的模型适应能力。在N-BaIoT数据集上，针对独立同分布和非独立同分布设置（包括对抗性客户端比例高达50%的场景）进行的广泛实验表明，SecureDyn-FL始终优于最先进的基于联邦学习的入侵检测系统防御方案。