Skip to content

karthik7129/FL-IoT-Threat_detection

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
Logs
Logs
 
 
RealTimeService
RealTimeService
 
 
Results
Results
 
 
SavedGlobalModel
SavedGlobalModel
 
 
__pycache__
__pycache__
 
 
detection_results
detection_results
 
 
frontend
frontend
 
 
pcaps
pcaps
 
 
samplePackets
samplePackets
 
 
usefulMaybe
usefulMaybe
 
 
.gitignore
.gitignore
 
 
analysis.ipynb
analysis.ipynb
 
 
api_server.py
api_server.py
 
 
client1.py
client1.py
 
 
client2.py
client2.py
 
 
client3.py
client3.py
 
 
devicewise_analysis.ipynb
devicewise_analysis.ipynb
 
 
diagrams.md
diagrams.md
 
 
extractData.py
extractData.py
 
 
federated_learning.py
federated_learning.py
 
 
iot_malware_analysis.ipynb
iot_malware_analysis.ipynb
 
 
model.py
model.py
 
 
readME.md
readME.md
 
 
reduucedTrain.ipynb
reduucedTrain.ipynb
 
 
requirements.txt
requirements.txt
 
 
server.py
server.py
 
 
start_dashboard.sh
start_dashboard.sh
 
 
test.py
test.py
 
 
test_simulator.py
test_simulator.py
 
 

Repository files navigation

FL-IoT-Threat Detection

A Federated Learning-based IoT Threat Detection System that uses distributed machine learning to detect malware and network attacks in IoT devices while preserving data privacy.

Overview

This project implements a federated learning framework for IoT threat detection using the N-BaIoT dataset. The system trains neural network models across multiple IoT devices without centralizing sensitive data, enabling collaborative threat detection while maintaining privacy.

Architecture

FL-IoT-Threat Detection/
├── Core Components
│   ├── server.py                    # Federated learning server (Flower)
│   ├── client1.py                   # FL client for device 1
│   ├── client2.py                   # FL client for device 2
│   ├── model.py                     # Neural network architecture
│   └── api_server.py                # REST API backend for dashboard
├── Frontend Dashboard
│   └── frontend/                    # Vue.js + TypeScript dashboard
│       ├── src/views/               # Dashboard pages
│       ├── src/services/            # API integration
│       └── src/components/          # Reusable UI components
├── Real-time Detection
│   └── RealTimeService/
│       ├── realtime_pipeline.py     # Real-time threat detection pipeline
│       ├── threat_predictor.py      # ML-based threat prediction
│       ├── feature_extractor.py     # Network feature extraction
│       └── monitor.py               # Continuous monitoring service
├── Analysis & Training
│   ├── analysis.ipynb               # Data analysis and exploration
│   ├── reduucedTrain.ipynb          # Training with reduced dataset
│   ├── devicewise_analysis.ipynb    # Device-specific analysis
│   └── federated_learning.py       # Custom FL implementation
├── Data Simulation
│   └── samplePackets/
│       └── packet_simulator.py      # IoT traffic simulation
└── Results & Models
    ├── SavedGlobalModel/            # Trained federated models
    ├── Results/                     # Performance metrics & plots
    └── Logs/                        # Training and evaluation logs

Features

Web Dashboard

  • Real-time Monitoring: Live dashboard with system metrics and status
  • Model Management: Track training progress and model versions
  • Metrics Visualization: Charts and graphs for performance analysis
  • Event Timeline: Comprehensive system event tracking
  • Logs Viewer: Filterable logs with error/warn/info levels
  • Configuration UI: Manage system settings through web interface

Federated Learning

  • Privacy-Preserving: Train models without sharing raw data
  • Distributed Training: Multiple IoT devices collaborate in learning
  • Flower Framework: Production-ready federated learning implementation

Threat Detection

  • Multi-class Classification: Detects various IoT malware types
  • Real-time Monitoring: Continuous network traffic analysis
  • Attack Types: Gafgyt, Mirai, and other IoT botnets

Advanced Analytics

  • Network Feature Extraction: 115+ statistical network features
  • Performance Visualization: Confusion matrices, ROC curves
  • Device-wise Analysis: Individual device behavior patterns

Real-time Pipeline

  • PCAP Processing: Live network packet analysis
  • Feature Engineering: Automated feature extraction from traffic
  • Threat Classification: ML-based real-time threat scoring

Quick Start

Prerequisites

# Python 3.8+ required
python --version

# Install dependencies
pip install -r requirements.txt

1. Web Dashboard

Install frontend dependencies:

cd frontend
npm install

Start the API server:

# From project root
pip install Flask Flask-CORS
python api_server.py

Start the dashboard (development):

cd frontend
npm run dev
# Access at http://localhost:5173

Build for production:

cd frontend
npm run build
# Serves at http://localhost:5000 via api_server.py

2. Federated Learning Setup

Start the FL Server:

python server.py

Run FL Clients (in separate terminals):

# Terminal 1
python client1.py

# Terminal 2  
python client2.py

3. Real-time Threat Detection

Setup the pipeline:

cd RealTimeService
python setup.py

Start monitoring:

python monitor.py --pcap-dir /path/to/pcap/files

4. Data Analysis

Explore the Jupyter notebooks:

jupyter notebook
# Open: analysis.ipynb, reduucedTrain.ipynb, devicewise_analysis.ipynb

Dataset

The project uses the N-BaIoT dataset containing network traffic from 9 IoT devices under various attack scenarios:

Attack Types:

  • Mirai: ack, scan, syn, udp, udpplain
  • Gafgyt: combo, junk, scan, tcp, udp
  • Benign: Normal IoT device traffic

IoT Devices:

  • Danmini Doorbell, Ecobee Thermostat, Ennio Doorbell
  • Philips Baby Monitor, Provision Security Camera
  • Samsung SNH Camera, SimpleHome Security Camera
  • And more...

Configuration

Model Configuration (model.py)

# Neural Network Architecture
- Input Layer: 115 features (network statistics)
- Hidden Layer 1: 128 neurons + ReLU
- Hidden Layer 2: 64 neurons + ReLU  
- Output Layer: 10 classes (attack types)

FL Server Configuration (server.py)

# Federated Learning Parameters
- Rounds: 4 (configurable)
- Min Clients: 2
- Strategy: FedAvg (Federated Averaging)
- Evaluation: Accuracy, Loss metrics

Performance Metrics

The system provides comprehensive evaluation metrics:

  • Accuracy: Overall classification performance
  • Precision/Recall: Per-class detection quality
  • F1-Score: Balanced performance measure
  • Confusion Matrix: Detailed classification breakdown
  • ROC Curves: True/False positive trade-offs

Advanced Usage

Custom Data Pipeline

# Generate synthetic IoT traffic
python test_simulator.py

# Extract features from PCAP files
cd RealTimeService
python feature_extractor.py --input traffic.pcap --output features.csv

Model Evaluation

# Comprehensive model testing
python test.py

# Generate evaluation reports
# Results saved to Results/ directory

Real-time Integration

# Example: Integrate with existing security systems
from RealTimeService.threat_predictor import IoTThreatPredictor

predictor = IoTThreatPredictor("SavedGlobalModel/final_model.pth")
threat_score = predictor.predict_pcap("network_traffic.pcap")

Research Applications

This project supports research in:

  • Federated Learning for IoT Security
  • Privacy-Preserving Machine Learning
  • Real-time Network Threat Detection
  • IoT Botnet Analysis
  • Distributed AI for Edge Computing

Contributing

New contributions are always welcome feel free to raise a issue or a PR for any bugs or new feature.

  1. Fork the repository
  2. Create a feature branch: git checkout -b feature/new-feature
  3. Commit changes: git commit -m 'Add new feature'
  4. Push to branch: git push origin feature/new-feature
  5. Submit a Pull Request

References

Contact

For questions, issues, or collaborations, please open an issue or contact the project maintainer.

Star this repository if you find it useful for your IoT security research!

About

This is the end to end Federated learning pipeline for Iot threat detection

Topics

machine-learning python3 iot-device federated-learning

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages