Enhancing internet of things security against structured query language injection and brute force attacks through federated learning

Abstract

The internet of things (IoT) encompasses various devices for monitoring, data collection, tracking people and assets, and interacting with other gadgets without human intervention. Implementing a system for predicting the development and assessing the criticality of detected attacks is essential for ensuring security in IoT interactions. This work analyses existing methods for detecting attacks, including machine learning, deep learning, and ensemble methods, and explores the federated learning (FL) method. The aim is to study FL to enhance security, develop a methodology for predicting the development of attacks, and assess their criticality in real-time. FL enables devices and the aggregation server to jointly train a common global model while keeping the original data locally on each client. We demonstrate the performance of the proposed methodology against structured query language (SQL) injection and brute force attacks using the CICIOT2023 dataset. We used accuracy and F1 score metrics to evaluate the effectiveness of our proposed methodology. As a result, the accuracy in predicting SQL injection reached 100%, and for brute force attacks, it reached 98.25%. The high rates of experimental results clearly show that the proposed FL-based attack prediction methodology can be used to ensure security in IoT interactions.