Explainable federated learning through causal reasoning for intrusion detection in IoT
摘要
The rapid growth of Internet of Things (IoT) devices has significantly increased the cyber-attack surface, rendering traditional centralized Intrusion Detection Systems (IDSs) impractical due to privacy concerns and communication bottlenecks. Federated Learning (FL) has become a privacy-preserving alternative, but most FL-based IDSs function as “black boxes," relying on correlation-based explainability methods that do not reveal the underlying causal mechanisms of attacks. These limitations impede root-cause analysis and the creation of reliable security solutions. This paper introduces a new framework, Causal Explainable Federated Learning for IoT Intrusion Detection (Causal-FL-ID), which integrates causal reasoning directly into the FL process. In this setup, distributed IoT clients perform local causal discovery and send lightweight, privacy-preserving causal summaries to a central server. The server combines these summaries to create a global causal graph, providing deep insights into the causes of an intrusion. This method enables counterfactual reasoning, allowing security analysts to simulate interventions and assess their potential impact on threat mitigation. Extensive experiments on the IDSIoT2024 dataset demonstrate that the proposed framework achieves high prediction accuracy around