<p>The rapid growth of Internet of Things (IoT) devices has significantly increased the cyber-attack surface, rendering traditional centralized Intrusion Detection Systems (IDSs) impractical due to privacy concerns and communication bottlenecks. Federated Learning (FL) has become a privacy-preserving alternative, but most FL-based IDSs function as “black boxes," relying on correlation-based explainability methods that do not reveal the underlying causal mechanisms of attacks. These limitations impede root-cause analysis and the creation of reliable security solutions. This paper introduces a new framework, Causal Explainable Federated Learning for IoT Intrusion Detection (Causal-FL-ID), which integrates causal reasoning directly into the FL process. In this setup, distributed IoT clients perform local causal discovery and send lightweight, privacy-preserving causal summaries to a central server. The server combines these summaries to create a global causal graph, providing deep insights into the causes of an intrusion. This method enables counterfactual reasoning, allowing security analysts to simulate interventions and assess their potential impact on threat mitigation. Extensive experiments on the IDSIoT2024 dataset demonstrate that the proposed framework achieves high prediction accuracy around <InlineEquation ID="IEq1"> <EquationSource Format="TEX">\(98.5\%\)</EquationSource> </InlineEquation> and scales effectively with 10, 25, and 50 clients. The results confirm that Causal-FL-ID not only delivers strong performance with manageable communication costs but also offers stable, transparent, and causally grounded explanations, marking a significant step toward more interpretable and resilient security systems for complex IoT environments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Explainable federated learning through causal reasoning for intrusion detection in IoT

  • Fatima Asiri

摘要

The rapid growth of Internet of Things (IoT) devices has significantly increased the cyber-attack surface, rendering traditional centralized Intrusion Detection Systems (IDSs) impractical due to privacy concerns and communication bottlenecks. Federated Learning (FL) has become a privacy-preserving alternative, but most FL-based IDSs function as “black boxes," relying on correlation-based explainability methods that do not reveal the underlying causal mechanisms of attacks. These limitations impede root-cause analysis and the creation of reliable security solutions. This paper introduces a new framework, Causal Explainable Federated Learning for IoT Intrusion Detection (Causal-FL-ID), which integrates causal reasoning directly into the FL process. In this setup, distributed IoT clients perform local causal discovery and send lightweight, privacy-preserving causal summaries to a central server. The server combines these summaries to create a global causal graph, providing deep insights into the causes of an intrusion. This method enables counterfactual reasoning, allowing security analysts to simulate interventions and assess their potential impact on threat mitigation. Extensive experiments on the IDSIoT2024 dataset demonstrate that the proposed framework achieves high prediction accuracy around \(98.5\%\) and scales effectively with 10, 25, and 50 clients. The results confirm that Causal-FL-ID not only delivers strong performance with manageable communication costs but also offers stable, transparent, and causally grounded explanations, marking a significant step toward more interpretable and resilient security systems for complex IoT environments.