Ad Hoc Networks xxx (xxxx) 103320

Contents lists available at ScienceDirect

Ad Hoc Networks
journal homepage: www.elsevier.com/locate/adhoc

Survey paper

F
Blockchain and federated learning-based intrusion detection approaches for
edge-enabled industrial IoT networks: a survey

OO
Saqib Ali a, Qianmu Li b, c, Abdullah Yousafzai d, ⁎
a School of Computer Science and Technology, University of Science and Technology of China, Hefei 230027, China.
b School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094
c School of Intelligent Manufacturing, Wuyi University, Jiangmen 529020, PR China
d Distributed and Network Intelligence Laboratory, Faculty of Information Technology, University of Central Punjab, Lahore, Pakistan

ARTICLE INFO

Index Terms:
Intrusion detection
ABSTRACT PR
The industrial internet of things (IIoT) is an evolutionary extension of the traditional Internet of Things (IoT) into
processes and machines for applications in the industrial sector. The IIoT systems generate a large amount of pri-
Iiot vate and sensitive data i.e., stored and processed somewhere on the cloud-edge continuum. The IIoT devices, and
Federated learning
the IIoT networks are subject to security mechanisms such as intelligent Intrusion Detection and Prevention Sys-
Blockchain
D
tems (IDS/IPS) systems, that can detect and respond unseen malicious network attacks. The adoption of central-
ized machine learning methods for IDS has become impractical due to the high computational cost and privacy
concerns associated with storing large amounts of data on a single server along the cloud-edge continuum. The
combination of federated learning and Blockchain has emerged as a promising advancement in addressing the
TE

challenge. Federated learning distributes learning to individual IIoT devices without compromising data privacy,
while Blockchain enhances privacy and security. Many academic and industrial efforts outline IDS mechanisms
using machine learning, deep learning, federated learning, and Blockchain technologies. The utilization of feder-
ated learning-based IDS has become increasingly popular and is now being applied to various tasks including
IDS/IPS systems. However, existing intrusion detection systems (IDSs) survey are limited to the scope of classical
machine learning and deep learning. To address this limitation, we analyze the IIoT literature that integrates
Blockchain and federated learning to enhance IDSs and improve its threat detection capabilities. This survey ex-
EC

plores the role of Blockchain and federated learning in addressing security and privacy issues, particularly those
associated with IDS/IPS in IIoT networks. Insights on the possibilities of machine learning, federated learning,
and Blockchain in supporting IDS to monitor IIoT network traffic for anomaly detection are discussed in detail
through state of the art. Furthermore, we provide a set of recommendation based on our literature for the effec-
tive implementation of a Blockchain and federated learning-based network intrusion detection system. Finally,
we summarize the study and highlight challenges as future research directions for Blockchain and Federated
Learning-based technologies for cybersecurity and intrusion detection in IIoT.
RR

1. Introduction tensive computing capabilities of the cloud-edge continuum. The cloud-

edge continuum refers to the distribution and coordination of comput-
Industry 4.0 has emerged through the seamless integration of the in- ing resources and data processing between cloud computing infrastruc-
ternet of things (IoT) into industrial processes and infrastructure. This ture and edge devices, such as sensors, gateways, and edge servers. In
CO

integration has enabled the transformation and advancement of mod-
ern industries. This new era involves millions of intelligent industrial
devices interacting with or without human intervention. IoT and Indus-
trial IoT (IIoT) networks are leveraged to connect various electro-
mechanical devices, such as production equipment, instruments, sen-
sors, and actuators, present in real-world industrial setups [121]. These
connected devices enable real-time decision-making powered by the ex-
this continuum, computing resources are distributed across a spectrum,
ranging from centralized cloud data centers to the edge of the IIoT net-
work. This decentralized approach allows for efficient data collection,
processing, and storage of industrial big data generated by numerous
sensors. At the edge of the IIoT network, edge devices play a crucial role
in executing initial data filtering, analysis, and preprocessing. This es-
sential process effectively reduces the volume of data that must be

⁎ Corresponding authors.

https://doi.org/10.1016/j.adhoc.2023.103320
Received 1 February 2023; Received in revised form 25 July 2023; Accepted 30 September 2023
1570-8705/© 20XX

Note: Low-resolution images were used to create this PDF. The original images will be used in the final composition.
S. Ali et al.
transmitted to the cloud, leading to reduced latency and bandwidth re-
quirements. As a result, the IIoT system becomes more efficient and re-
sponsive. Consequently, real-time or near-real-time decision-making
becomes achievable at the edge, while more complex analytics, long-
term storage, and resource-intensive computations are offloaded to the
cloud. The cloud-edge continuum thus facilitates the implementation of
advanced technologies within Industry 4.0 and ensures efficient man-
agement of Industry 4.0 processes.
The Industrial Internet of Things (IIoT) significantly enhances in-
dustry productivity by integrating digital devices, services, Supervisory
F
Control and Data Acquisition (SCADA), and physical systems. This
seamless integration of technology and physical infrastructure has the
potential to revolutionize various industries, bringing forth increased
OO
efficiency and advanced capabilities. The IIoT framework brings nu-
merous advantages across various sectors, including automotive, trans-
portation, healthcare, and more [29,34]. In a comprehensive study, Pic-
cialli et al. [127] thoroughly explored the impact of IIoT on various in-
dustrial sectors, highlighting its potential to enhance services and prod-
ucts. The authors delve into specific areas where IIoT benefits will drive
organizational transformation and the emergence of novel business
models facilitated by IIoT solutions. Moreover, IIoT, empowered by the
cloud-edge continuum, has become the focus of new research trends for
industrial applications, aiming to improve the efficiency of industrial
processes [193]. The ongoing IIoT digital revolution leads to profound
PR
systemic changes from traditional to digital industrial operations. This
digitalization and cutting-edge technology using IIoT enable manage-
ment executives to monitor industrial processes and visualize the hid-
den trends embedded in the massive amounts of data generated by the
D
IIoT physical layer infrastructure. The goal of the IIoT is to enable intel-
ligent manufacturing, facilitating the establishment of smart factories
with effective communication between business partners and cus-
tomers. This entails leveraging interconnected devices and systems to
TE
create a highly efficient and collaborative industrial ecosystem [15].
IIoT integrates data, services, and people for intelligent operations
across various industries, such as smart electricity, smart cities, health-
care, the automation industry, agriculture, logistics, and transportation
[78]. However, the IIoT network requires additional specific security
EC
measures as it is vulnerable to attacks, and the compromise of even a
single device can have far-reaching effects due to the interconnected
nature of the system and the high value of the data it contains. The au-
thors in [119] have projected that the absence of effective intrusion de-
tection systems (IDS) in the near future could result in cyber threats
within the IIoT, incurring costs of up to $90 trillion by 2030. The pri-
mary peril within the IIoT lies in the prevalence of malware, where at-
RR
tackers exploit vulnerabilities in computers to carry out malicious ac-
tivities such as denial of service (DoS), decentralized DoS (DDoS), and
progressive determined risk (PDR) attacks. To detect and minimize in-
trusions, several security measures can be employed. An intrusion de-
tection system (IDS) is a cybersecurity monitoring system designed to
prevent unauthorised access to computer networks. An intrusion occurs
CO
when there is unauthorised access to a system, compromising its confi-
dentiality, integrity, and availability (collectively referred to as CIA). In
network security, intrusion detection plays a vital role in identifying
anomalies in network activity, ensuring the protection of the CIA triad.
As the IIoT system rapidly evolves, its widespread deployments present
a plethora of challenges, such as ensuring confidentiality, enhancing
data accountability, and ensuring availability [108].
Within the IIoT ecosystem, the intrusion detection system (IDS)
plays a crucial role in safeguarding sensitive information. Despite the
presence of security mechanisms like IDS and end-point protection, it is
important to note that they may not be fully effective against all poten-
tial attacks [6]. Several articles have presented IDS mechanisms for IIoT
systems, employing attack signatures stored in databases to identify at-
tackers [15,54]. To establish a comprehensive and robust security pos-
ture for IIoT scenarios, a diverse range of security countermeasures and
2
Ad Hoc Networks xxx (xxxx) 103320
technologies can be utilized. These include reactive, proactive, preven-
tative, remedial, forensic, and intelligence approaches. Such a multi-
layered and versatile approach is essential to effectively protect IIoT
systems from various threats and ensure their smooth operation and re-
silience against potential cyberattacks [167,7]. Despite such efforts,
IIoT remains susceptible to various threats, including distributed denial
of service (DDoS), Man-in-the-Middle, Ransomware, and others, posing
challenges in distinguishing between legitimate and malicious activities
[156,189]. In order to address these challenges, it is crucial to imple-
ment an adaptive IDS capable of identifying potential cyber-attacks
with minimal false positives and no disruptions to mission-critical ser-
vices. The research community is actively involved in the development
of reliable and robust intrusion detection tools tailored for IIoT scenar-
ios to enhance network security in the IIoT domain [110,171].
In recent times, there has been a notable surge of interest in address-
ing cybersecurity concerns within IIoT ecosystems, particularly focus-
ing on intrusion detection systems (IDSs) based on federated learning
(FL) [45]. FL endeavors to create a distributed machine-learning ap-
proach similar to incremental learning but without the need for explic-
itly sharing data samples. It emphasizes data heterogeneity, availabil-
ity, and preserving privacy while reducing model bias, making it a
promising machine learning paradigm for IIoT [66]. Additionally, FL
provides a distributed framework that ensures privacy protection and
promotes collaboration among numerous participants, enabling itera-
tive training of machine learning models tailored to IIoT applications.
However, FL-based IDS algorithms face several challenges in real-world
applications. Firstly, finding a device with sufficient capacity and re-
sources to serve as a central server can be challenging in certain IIoT
scenarios. Secondly, FL is vulnerable to central server failures, as any
malfunction or disconnection can disrupt collaborative training.
Thirdly, scalability issues arise, resulting in a communication bottle-
neck when the number of participating devices increases.
Blockchain technology most effectively conforms to an IIoT cyberse-
curity framework through the use of action research, which may be in-
terpreted as the collection of quantitative, qualitative, or mixed data.
From the security perspective, it is vital to incorporate Blockchain tech-
nology for the IIoT network and increase security. Blockchain has the
potential to address these needs and play a vital role by providing veri-
fiable and secure information exchange and storage options [173]. By
combining Blockchain with FL, intrusion detection can be significantly
improved, providing distinct advantages in terms of security and pri-
vacy protection [83]. Furthermore, Alruwaili et al. [199] highlighted
the fundamental role of intrusion detection in IIoT systems. The authors
in [199] presented a wide array of protocols, algorithms, and mecha-
nisms specifically designed for intrusion detection in the context of
IIoT. Moreover, they proposed the integration of machine learning
(ML) and Blockchain technology as an effective means to mitigate secu-
rity threats within the IIoT domain. This innovative approach holds
great promise in bolstering the security and resilience of IIoT systems
against potential cyber threats. Common needs in IIoT applications,
such as protecting the confidentiality of sensitive information and fos-
tering mutual trust among parties involved in different stages of the
supply chain, underscore the significance of leveraging these technolo-
gies. Existing state-of-the-art technology lacks the essential integration
of FL and Blockchain for IIDS in IIoT networks, compromising security
and privacy. This integration is crucial for robust cybersecurity solu-
tions. Combining Blockchain and FL for IDSs in IIoT networks offers en-
hanced security, privacy, real-time threat response, resilience, and
compliance capabilities. Given the susceptibility of IIoT systems to cy-
ber threats and attacks with potentially severe consequences for critical
infrastructure and industrial operations, integrating intrusion detection
mechanisms becomes imperative to bolster security and safeguard IIoT
devices, networks, and data. With its decentralized and immutable
ledger, Blockchain technology enhances trust and transparency in IIoT
systems, while FL enables collaborative model training without sharing
S. Ali et al.
sensitive data, preserving privacy and confidentiality. IDSs can analyze
network traffic, device logs, and system behavior to detect potential
threats or abnormal activities, enabling organizations to promptly de-
tect and respond to emerging threats through continuous monitoring of
IIoT networks and devices. Additionally, FL facilitates the rapid distrib-
ution of updated intrusion detection models across IIoT devices, en-
abling real-time threat mitigation without relying on centralized sys-
tems.
In our study, we followed a systematic approach presented in Fig. 1.
to gain valuable insights into prevailing trends and methodologies from
F
existing IIoT literature on IDS/IPS. Employing a structured approach,
we thoroughly explored and analyzed the literature, providing us with
a holistic understanding of the current state of research, identifying
OO
knowledge gaps, and proposing potential avenues for future investiga-
tions. Our primary objective is to offer a comprehensive overview of the
existing research landscape, identify areas requiring further explo-
ration, and propose promising directions for future studies. This article
presents a survey of research articles focused on IDS for the IIoT setup
that leverages Blockchain and distributed machine learning technolo-
gies. The key contributions of this survey are as follows:
• We provide a detailed analysis of survey articles related to
network intrusion detection for networked systems. It examinesPR
existing literature on intrusion detection techniques in the context
of IIoT and identifies trends and advancements in this field.
• We present an in-depth and extensive review of the diverse
array of attacks directed toward IIoT systems. This article delves
into the intricacies and nuances of these attacks, providing a
D
fluent and provides thorough exploration of IDS/IPS techniques
in IIoT .
• We conduct a comprehensive literature review of network
intrusion detection methods tailored explicitly for IIoT
TE
environments. Based on our understand from the literature we
provide a set of guidelines on the utilization of Blockchain and
federated learning techniques to enhance the security and
efficiency of intrusion detection systems for IIoT.
• This survey compares the various literature reviews based on
EC
different parameters. These parameters may include the types of
RR
CO
Fig. 1. Systematic mapping of the study.
3
Ad Hoc Networks xxx (xxxx) 103320
intrusion detection methods, the use of Blockchain and federated
learning, performance metrics, and application domains, among
others.
• We debate and engage in discussion about open issues and
propose potential directions for future research in intrusion
detection for IIoT. These discussions highlight areas requiring
further exploration and improvement, fostering advancements in
the IIoT scenario.
The remainder of the survey paper is structured as follows: Section II
presents an overview of the related survey papers. Section III presents
background on IDS in IIoT networks, considering Blockchain as an aux-
iliary cybersecurity technology and Federated learning privacy-
preserving distributed machine learning approach that fits the distrib-
uted IIoT networks. Section IV presents a discussion on the possible
threat to IIoT networks. Section V analyzes the current state-of-the-art
Blockchain and FL-based IDS techniques in IIoT Networks and com-
pares and contrasts them. Section VI presents the research challenges
and open issues for future exploration and improving IDS in IIoT net-
works. Finally, section VI concludes the manuscript.
2. Related survey papers
IDS systems have been widely studied in the context of computer
networks. This is clear from the number of survey studies published on
IDS in computer networks. Table I. summarizes and discusses these sur-
vey papers.
Many research efforts have been devoted to surveys and literature
covering machine learning (ML), FL, and Blockchain-based solutions
for IIoT networks. Table 1. presents the list of survey articles under the
scope of IoT/IIoT applications. According to a recent study by Zhao et
al. [192], Blockchain-based technology has several benefits from an
IIoT point of view. Additionally, they briefly described the IIoT net-
works powered by Blockchain and highlighted several fundamental
problems with the IIoT architecture. The authors in [148] addressed the
vulnerabilities and attacks targeting IoT and IIoT networks. To tackle
the security issues in IIoT, they conducted an in-depth analysis of a pri-
vacy solution based on Blockchain technology. In their research the au-
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

Table 1 Table 1 (continued)

Related Surveys on IDS in IIoT Networks. Reference Year Contribution IDS Blockchain FL ML
method focused focused focused
Reference Year Contribution IDS Blockchain FL ML
method focused focused focused
[172] 2021 This article combines
machine learning Traditional ✓ ✗ ✓
[62] 2022 This study focuses on
with Blockchain to IDS
a comprehensive N/A ✓ ✗ ✗
identify and mitigate
layered architecture
real-time IIoT
in an advanced
network attacks. The
research framework.
suggested state-of-
It provides an
the-art focuses on

F
overview of cyber-
standalone security
physical interaction,
solutions and does
identity resolution
not consider a
systems, artificial

OO
cohesive technique
intelligence, 5 G/
for monitoring IIoT
B5G, 6 G, and edge
networks and finding
computing. The
edge intruders.
architecture includes
[166] 2021 A detailed analysis
protocol, data,
discusses IIoT N/A ✗ ✗ ✗
consensus, and
security and four-
control layers,
layer security
aiming to establish a
architecture,
robust and efficient

[44]
system.
2022 The authors propose
Edge-IIoTset, a novel
dataset for assessing
cybersecurity in IoT
and IIoT. It
Hybrid ✗ ✓ ✓ PR examines deployed
countermeasures
based on CIA+
security criteria, and
gives insight into
today's industrial
countermeasures.
incorporates
The proposed
centralized,
research
federated learning,
D
development and the
and machine
persistent challenges
learning-based IDSs.
of the IIoT ecosystem
Generated using a
are also discussed.
custom-built IoT/
[107] 2021 Security concerns
TE

IIoT testbed, the

and issues are Hybrid ✗ ✗ ✓
dataset includes
notably widespread
various attack types
across various layers
using diverse IoT
of the IoT network
devices.
architecture,
[92] 2021 This review explores
including the
technologies for NIDS ✗ ✗ ✓
perception layer,
passively collecting
EC

network layer,
wireless signal
support layer,
patterns and network
application layer,
traffic traces to
and data layer.
identify IoT devices.
Particular attention
It discusses
is given to topics like
advancements in
anomaly detection,
machine learning
various IDS
RR

and deep learning

techniques, and the
techniques, including
growing threat of
intelligent, anomaly
DDoS attacks.
detection, and deep
[148] 2020 The study
unsupervised
categorizes and maps Centralized ✓ ✗ ✗
learning, focusing on
attacks, responses,
emerging
and vulnerabilities in
developments.
IoT/IIoT systems. It
CO

[73] 2021 Presented a review

further compares the
of recent works to Anomaly ✗ ✗ ✓
advantages of
improve intrusion
integrating
techniques,
Blockchain with IoT/
deployment strategy,
IIoT applications and
the taxonomy of
explores Blockchain-
attacks, and IDS
based IoT solutions.
strategy for IoT
Additionally, the
security.
practical aspects of
incorporating
Blockchain with IoT
are thoroughly
discussed.
(continued on next page)

4
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

Table 1 (continued) Table 1 (continued)

Reference Year Contribution IDS Blockchain FL ML Reference Year Contribution IDS Blockchain FL ML
method focused focused focused method focused focused focused

[109] 2020 Outlined how to [167] 2020 The systematic

solve security and N/A ✓ ✗ ✗ review on IIoT N/A ✗ ✗ ✗
privacy concerns security mainly
with IoT and focuses on the new
blockchain paradigm of Fog
technology computing to
integration. improve the security
Authenticated IoT requirements based

F
devices using on IIoT.
Ethereum and [149] 2020 A comprehensive
discussed the approach is Centralized ✗ ✗ ✗

OO
security analysis. recommended to
[21] 2020 The most cutting- safeguard the
edge uses of N/A ✓ ✗ ✗ growing IIoT domain
Blockchain during the transition
technology in several to Industry 4.0. It
Industry 4.0 and considers security
intelligent risks from consumer
applications are IoT and
inspected. However, acknowledges
it also detailed the
advantages and
disadvantages of
currently available
Blockchain-based
security solutions.
PR distinctions between
consumer and
industrial sectors,
addressing imminent
security challenges
in protecting IIoT
[49] 2020 The authors provide systems.
a comprehensive N/A ✗ ✗ ✗ [33]
overview of IIoT to 2019 The research N/A ✓ ✗ ✗
D
address security explored the
vulnerabilities. They integration of
propose a taxonomy Blockchain
for the underlying technology with IoT,
infrastructure, offer focusing on
TE

security guidelines, industrial

and analyze applications called
appropriate security Blockchain of Things
protocols across (BcoT). It introduced
different tiers to the convergence of
achieve secure Blockchain and
connectivity in the proposed an IoT
EC

IIoT. architecture for

[97] 2020 BcoT.
In this article, the N/A ✗ ✗ ✓ [192] 2019 The study focuses on
focus is on IIoT in the integration of N/A ✓ ✗ ✗
smart cities, with an Blockchain and IIoT
emphasis on the from an industrial
security challenges it perspective. It
poses. The authors presents a
RR

employ deep Blockchain-enabled

learning techniques, IIoT architecture that
such as utilizes IoT platforms
reinforcement and incorporates the
learning, recurrent use of Blockchain
neural networks, and technology.
convolutional neural (continued on next page)
networks, to enhance
CO

IoT security. The

paper delves into
security approaches
and future trends,
aiming to improve
IIoT security through
the implementation
of DL techniques.

5
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

Table 1 (continued) Table 1 (continued)

Reference Year Contribution IDS Blockchain FL ML Reference Year Contribution IDS Blockchain FL ML
method focused focused focused method focused focused focused

[14] 2018 The study discusses N/A ✓ ✗ ✗ [159]

challenges in 2018 The study shed light N/A ✗ ✗ ✗
decentralizing IoT on important
and explores the concepts and
incorporation of challenges in IoT/
Blockchain-based IIoT, particularly
solutions. It concerning energy
addresses privacy, efficiency, real-time

F
trust, security, performance,
identity cohabitation, and
management, data interoperability. It

OO
management, and also addresses
monetization issues security and privacy
in IoT, specifically concerns in the
focusing on current trend of
Blockchain automation and data
consensus interchange in
algorithms. Industry 4.0.
[43] 2018 [114]
The paper describes Traditional ✓ ✗ ✗ 2018 The proposed paper N/A ✗ ✗ ✗
various IoT
application areas and
threat models,
including
identification,
manipulation, and
IDS

PR outlines an
innovative security-
by-design approach
for IIoT,
encompassing the
design/modeling and
cryptanalysis. It also runtime/simulation
highlights recent stages. This
advancements in approach facilitates
D
Blockchain the analysis of
technologies that security
aim to enhance requirements,
security and privacy identification of
for users. potential attack
TE

[141] 2018 vectors, and their

Survey on N/A ✓ ✗ ✗ integration to
Blockchain effectively minimize
technology, security breaches.
identification and
analysis of several This 2022 We investigate the All ✓ ✓ ✓
approaches to Survey IDS/IPS security
EC

integrating IoT with solutions for IIoT

Blockchain, and systems that utilize
evaluating the Blockchain,
performance of Federated Learning
various Blockchains for the detection of
in IoT devices. malicious attacks on
[25] 2018 IIoT networks.
This review paper N/A ✗ ✗ ✗ Furthermore, we
RR

combines IIoT and provide a discussion

analyses the linkages on open issues and
of relevant IoT future research
taxonomies to directions for
concepts such as intrusion detection
cyber-physical in the IIoT scenario.
systems and Industry
4.0 security risks and
CO

vulnerabilities.
thors in [109] proposed a comprehensive examination of Ethereum-
based Blockchain for IoT networks.The authors in [138] examined the
significance of Blockchain technology in the context of IIoT applica-
tions. Moreover, methods are also presented in their Blockchain model
for the IIoT networks. The researcher in [21] presented a comprehen-
sive taxonomy of Blockchain-enabled IIoT networks along with a thor-
ough analysis of current centralized systems. Blockchain's potential
IIoT applications were also highlighted in this research. The study con-
ducted by Monrat et al. [112] presented a comparative analysis of vari-
ous Blockchain designs for the IoT. They considered a wide range of
consensus mechanisms and techniques to evaluate their applicability
and effectiveness in IoT scenarios.The research focused on evaluating
the effectiveness and suitability of various consensus techniques within
the context of IoT applications and examined how different Blockchain
designs perform. Furthermore, this paper also discusses the future

6
S. Ali et al.
scope and potential of Blockchain applications for IoT. The authors in
[33] highlighted a brief introduction of Blockchain protocols to identify
and address IoT network security challenges. The authors in [14]
delved into potential research challenges and future initiatives related
to Blockchain-based IoT systems. Additionally, they provided a brief
overview of the key characteristics associated with these systems. In
their proposal the authors in [43] presnted a thorough evaluation of the
current state of Blockchain and IoT technologies. The authors also
demonstrated the usefulness of Blockchain technology in intelligent
transportation and energy management, and they analyzed the many
F
forms of attack and threat models in IoT networks. Reyna et al. [141]
examined the critical issues plaguing IoT networks and explained in
depth how deploying Blockchain platforms in the cloud-edge contin-
OO
uum might boost the efficiency and effectiveness of the networks. The
work proposed in [62] offers a thorough and comprehensive assess-
ment, analyzing the use and integration of Blockchain in IIoT contexts,
while also providing a review of the significant concerns confronting
IIoT. However, the authors in [73] provided a thorough analysis of the
techniques, deployment, validation strategies, datasets, and technolo-
gies used in IoT intrusion detection systems, along with their benefits
cerns and looked at current models for IoT IDS performance enhance-
ment. The authors in [39] introduced an enhanced IDS that leveragesPR
and drawbacks. In this work, they also shed light on IoT security con-
gradient boosting (GB) and decision tree (DT) algorithms. They imple-
mented these algorithms using the open-source Catboost platform,
specifically targeting IoT security. The primary objectives of this ap-
proach are to improve classification performance, increase accuracy
and precision of the IDS, and reduce detection time. To handle the large
D
volume of data efficiently, the system incorporates multi-GPU imple-
mentation support, reducing both processing time and detection time.
The authors in [92] present a complete review of the technologies
now available for passively collecting wireless signal patterns and net-
TE
work traffic traces in order to detect and identify IoT devices. In addi-
tion, Machine Learning and deep learning for IoT device identification
have discussed many important emerging developments, including in-
cremental learning (IL), abnormality detection, and deep unsupervised
learning with an endowment. As a means of addressing the unique secu-
EC
rity challenges posed by IIoT, Tan et al. [166] provides a thorough as-
sessment of the relevant literature and focuses on how IIoT security ar-
chitecture differs from existing systems. Moreover, the IIoT architecture
has each layer subjected to a comprehensive end-to-end security re-
view. The devised model used in this survey covers the security needs
by using the CIA model, highlighting recent industry countermeasures
and flaws, discussing ongoing security difficulties, and discussing fu-
RR
ture security challenges, also includes using a Bottom-up method to cre-
ate a standardized architecture for protecting IIoT devices. The authors
in [107] conducted a review, analyzed the intrusion detection system,
and evaluated several models. Additionally, researchers have studied
the categorization of IDSs and several anomaly detection ap-
proaches,IDS models are constructed using datasets, machine learning,
CO
and deep learning techniques to preprocess data and effectively identify
malware. The author in [58] analyzed an IDS-SioEL, a new intrusion
detection framework for IoT-based smart environments that utilizes En-
semble Learning. The framework was evaluated using GPU processing
on three datasets (IoT-23, BoT-IoT, and Edge-IIoT). The researchers uti-
lized an efficient anomaly detection model, employing AdaBoost, and
integrated it with a range of feature selection techniques, such as
Boruta. The authors in [25] presented an analysis methodology for IIoT
devices, which offers a useful classification schema for security-related
issues in IIoT networks. Tange et al. [167] highlighted the current state
of knowledge about security for the IIoT and constructed methodologi-
cal search queries on several literature repositories. The study also
highlighted taking a fog computing viewpoint and outlining what con-
straints and problems need to be solved to achieve broad fog computing
adoption in the industrial environment. Using different techniques the
7
Ad Hoc Networks xxx (xxxx) 103320
authors in [49] provided an outline of IIoT's security and privacy mea-
sures concerning understanding where different security protocols are
at different layers, emphasizing and identifying to solve existing secu-
rity and privacy challenges. At the same time, the study conducted by
Sisinni et al. [159] gave an overview of the architecture and protocols
of emerging IIoT solutions provided in this research with a view to stan-
dardization. The study concentrated on the energy efficiency, real-time
performance, cohabitation, interoperability, security, availability, and
privacy; the research looked ahead to the future challenges that IIoT
would face. In [114], authors proposed a secure simulation method for
developing and designing a secure IIoT environment. The proposed ap-
proach by Serror et al. [149], the researchers outlines the distinct secu-
rity goals and difficulties of the IIoT, which primarily stem from pro-
ductivity and safety concerns in contrast to consumer deployments.
Some future directions are also provided for the automatic implementa-
tion of intrusion detection, such as security mechanisms for resource-
constrained devices in IIoT network time-based industrial processes
and secure configuration of long-lived industrial components. The au-
thors in [97] outlined the notion of IIoT application employed for smart
cities and smart homes; however, in contrast, they also presented the
existing issues in IIoT security. The advantages and disadvantages of se-
curity-related systems for IIoT in smart cities are discussed taking into
account the integration of machine learning and deep learning meth-
ods. Moreover, this article provides explanations for various deep learn-
ing methods, including Deep Reinforcement Learning, Recurrent
Neural Networks, and Convolutional Neural Networks. The authors in
[44] introduced an extensive cyber security dataset specifically de-
signed for ML and intrusion detection. This dataset is tailored to sup-
port federated learning in IoT and IIoT environments. The survey arti-
cle [172] integrated a Blockchain and ML-based integral technique for
IoT devices to identify the threat and activate secure information trans-
fer mechanisms to allow to modify the computational competencies of
IIoT networks. The proposed study also integrated to restraint intrusion
from the edge side.
3. Background
3.1. Intrusion detection systems
An Intrusion Detection System (IDS) is a way of detecting intrusions
for protecting and monitoring abnormal data and events happening
within a network or on a local computer from unauthorised access,
which breaches security. The authors in [111] introduced a cutting-
edge network intrusion detection model explicitly tailored to address
the unique challenges of IoT environments. The model effectively uti-
lizes the K-nearest neighbors (K-NN) classifier and incorporates feature
selection techniques to enhance its accuracy and efficiency. Further-
more, the main component is to enhance the accuracy (ACC) and detec-
tion rate (DR.) of the IDSs. The researchers employ a comprehensive ap-
proach to feature selection, utilizing principal component analysis
(PCA), univariate statistical tests, and genetic algorithms (GA) to en-
hance data quality. The proposed model's evaluation is conducted on
the Bot-IoT dataset, demonstrating its effectiveness and robustness. IDS
provides comprehensive solutions for mitigating and detecting mali-
cious activity by thwarting security breaches. We may categorize intru-
sion detection systems as either network-based, host-based, or hybrid.
The Hybrid-IDS monitors a single computer system for any indications
of malicious behavior. Simultaneously, the Network-IDS analyses the
traffic on the network in search of any suspicious payloads as intrusion
detection systems protect Fig. 2. Shows network hosts and external net-
works for monitoring any suspicious behavior by the intruder. Further-
more, IDS is classified into two distinct categories based on detection
techniques: signature-based and anomaly-based [106].
Developing a holistic environment for IDS is an exceedingly chal-
lenging task for IIoT using ML-based detection methods. IoT edge de-
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

false alerts before they become a catastrophe. Fig. 3 shows, the main
steps in IIoT ecosystem for IDS implementations. It is necessary to adopt
multilevel protocols for heterogeneous communication infrastructure.
A significant trust in defending IIoT Networks from Cyber Attacks is
complicated by a high trust boundary and limited upgrade opportuni-
ties [55]. With the goal of addressing ML-based IDS for associated IoT
and IIoT technologies [32,52,143], including wireless communication
networks [130], and cyber-physical systems, specific review articles
have been proposed.
Moreover, the architecture comprises three distinct parts of an IIoT

F
system: the network layer, the physical layer, and the application layer
Fig. 2. A network intrusion detection system. [194]. The physical or perception layer consists of IoT sensors and de-
vices. The network layer is responsible for transmitting sensing data

OO
vices have limited resources and cannot process large volume of data
and learn ML models. However, ensuring data security and privacy for
a vast amount of heterogeneous IIoT data poses significant challenge
that needs to be detected from potential security threats with a few
from the perception layer's IoT devices to the application layer through
Ethernet or Wi-Fi communication. Many applications on the applica-
tion layer utilize servers and databases [123]. However, ML/DL-based
approach for an IDS network architecture is shown in Fig. 4, where IIoT

PR
D
TE
EC
RR
CO

Fig. 3. Intrusion detection in IIoT.

8
S. Ali et al.
F
OO
PR
Fig. 4. An IDS network architecture with ML/DL and NGFW to detect, defend, and prevent known and new threats.
is vulnerable to attacks like DDoS, Man-in-the-Middle, Ransomware,
etc. In order to prevent unauthorised access, a firewall is set up in a se-
curity system against suspicious activity. Nevertheless, this approach
D
may not be the most effective way to secure a large system like IIoT. Ad-
ditionally, Fig. 5 shows three-tier architectures of the IIoT environment.
Hence, it is essential to offer a recent and comprehensive systematic
TE
overview of IDS-based cybersecurity for IIoT, emphasizing the chal-
lenges and considerations encountered by researchers when designing a
suitable security system for the IoT. Additionally, providing an up-to-
date systematic evaluation of cyber security for IIoT is of utmost impor-
tance.
EC
3.2. Blockchain
The inception of Blockchain was originally as a ledger for the Bit-
coin network. It operates as a decentralized and append-only register,
comprising a chain of blocks. The primary objective of Blockchain is to
uphold an unchangeable and consistent record of peer-to-peer transac-
RR
tions. Each block within the Blockchain contains transaction records,
collectively ensuring the system's integrity and security
[176,120,66,65]. In addition, Blockchain offers limitless potential for
IIoT applications due to its exceptional characteristics. Blockchain-
based IIoT systems leverage encryption and authentication procedures
to ensure user data privacy and protect industrial applications. Signifi-
cant progress has been made in studies on Blockchain-based privacy
CO
protection since 2020. The transparent nature of Blockchain and the
ability to trace and verify IDS activities can aid in regulatory compli-
Fig. 5. Three tier IIoT system architecture.
9
Ad Hoc Networks xxx (xxxx) 103320
ance and demonstrate due diligence. Accessing a block and its associ-
ated data records in a manner that is both sequentially and crypto-
graphically secure is the primary benefit offered by a Blockchain.
Furthermore, Blockchains are frequently employed as a public
record of transactions, although they are typically shared and synced
via a distributed system. Each Blockchain member can see, discard, or
check the record depending on the protocol. It also begins the consen-
sus mechanism and adds the new authenticated block to the Blockchain
[179]. Blockchains have a lot of potential to enhance current IIoT plat-
forms’ performance. Big data, IoT, artificial intelligence (AI), and smart
robotics are transforming industrial processes [72]. Blockchain-enabled
IIoT holds the potential to significantly benefit a diverse array of indus-
tries, including smart manufacturing, transportation, healthcare, en-
ergy, and various others. The integration of Blockchain with IIoT plat-
forms enhances the overall security of the entire IIoT system. Fig. 6
shows the smart industrial environment architecture.
Blockchain is widely assumed to be a novel distributed computing
and storage paradigm that merges multiple current technologies [188].
Using cryptographic proofs, participants communicate transactional
data over a vast network of untrusted nodes. Additionally, Blockchains
offer a computational infrastructure capable of running computer pro-
grams referred to as smart contracts.
There are three distinct kinds of Blockchains that can be classified as
Public, Private, and Consortium.
i Public Blockchain: The permission less or public Blockchain is
genuinely decentralized. The architecture allows any individual
S. Ali et al.
F
OO
PR
D
Fig. 6. The architecture for the IIoT using Blockchain technology.
or device to partake in operations and engage as a validator
TE
within the consensus process. In public Blockchain systems,
every block member can actively participate in block validation
and maintain a copy of the Blockchain. Bitcoin and Ethereum,
both open-source and smart contract Blockchain platforms, are
the most renowned examples of public Blockchain systems.
Public Blockchains, i.e., Ethereum and Bitcoin, are distributed
EC
public Blockchain platforms intended to serve many users [183].
The process of adding a new block to the Blockchain system
involves significant computational effort. Each transaction incurs
processing fees, which serve as rewards for peers. Miners utilize
a proof-of-work (PoW) algorithm to achieve a secure and tamper-
resistant consensus across all network nodes. This algorithm
RR
verifies blocks and adds them to the Blockchain . The Blockchain
is designed to be tamper-proof, making it extremely challenging
and costly to alter the contents of any block [122]. Each block
requires a particular quantity of gas, an Ethereum currency, to
execute and pays miners as a reward.
ii Private Blockchain: Permissioned Blockchain, commonly known as
the Private Blockchain, is another name for the Private Blockchain,
CO
each network connecting to a node belongs to a single
organization. In a permissioned Blockchain, the transactions on the
Blockchain must be approved by a consensus mechanism before
they can be written or retrieved; only authorized users/members
can join and publish the new block. This Blockchain is free of
transaction and token fees. Compared to the public Blockchain
network, in contrast to public Blockchains, private Blockchain
frameworks are not very resilient to temper-proof, and any
business can restore its Blockchain network at any time. The
Consortium Blockchains allow organizations to change their
business models and connect their operations because they can
share control over the network. In addition to providing trust and
scalability, a private Blockchain system removes the potential for a
single point of failure and detects various attacks [157,12]. A
Blockchain-based collaborative intrusion detection system (CIDs)
10
Ad Hoc Networks xxx (xxxx) 103320
is intended to secure Blockchain technology by enhancing
accountability, consensus, integrity, resilience, scalability, and
identity management to boost trust across numerous nodes.
iii Consortium Blockchain: A distributed database that is auditable
and constantly synced, known as a consortium Blockchain, is
utilized to maintain track of data transfers between the
consortium members. The consortium Blockchains are often
adopted in scenarios where a shared ledger is required among a
group of trusted entities, such as in supply chain management,
healthcare systems, or financial consortia. The collaborative
nature of consortium Blockchain allows for improved
transparency, data sharing, and efficiency while maintaining
control and privacy among the participating organizations. The
Blockchain consortium is not used for processing, similar to
private Blockchains. Furthermore, consortium Blockchains are
hybrid Blockchain that integrates public and private Blockchain
into a single operating system. For instance, Ripple [153] is a
form of practical byzantine fault tolerance (PBFT) frequently
utilized for Blockchains developed by consortiums. In contrast to
other types of Blockchains consortiums, Blockchains have better
scalability because they are managed by a single entity or a
collection of entities, and consensus can be reached rapidly.
3.3. Federated learning
Google introduced the concept of federated learning (FL) as a solu-
tion to address data privacy concerns by enabling collaborative learn-
ing across a diverse array of IoT devices [104]. The core concept of FL is
the secure construction of machine learning models from distributed
data sources and endpoints without allowing data leakage. In 2016, FL
was introduced as a collaborative learning approach to overcome the
limitations of traditional centralized ML methods. Unlike centralized
approaches, FL ensures privacy by allowing end devices, known as
clients or parties, to keep their data private. Instead of sharing raw data,
clients only communicate partial model updates to a central entity
S. Ali et al.
known as an aggregator or coordinator. The aggregator aggregates
these updates to create a global model, enabling collaborative learning
without compromising data privacy. Fig. 7 shows a comparison be-
tween FL approaches, i.e., Centralized, Distributed, and FL. This innov-
ative framework of FL has opened up new possibilities for secure and
privacy-preserving machine learning in distributed environments
[104]. In addition, to its application in cybersecurity for IoT, FL has
been investigated in various domains, including smart cities, vehicular
ad hoc networks, wireless communications [187], healthcare [181],
recommender systems [64], edge networks [71], electric grids [144],
F
and many others. One of the inherent advantages of the FL framework
is its support for security and privacy, which distinguishes it from the
centralized learning framework.
OO
In FL, data generated on an end device remains on itself, ensuring
enhanced security and privacy protection. At present, researchers are
integrating FL technology into IIoT to provide secure, accurate, re-
silient, and unbiased models [126]. FL allows different clusters to cre-
ate a trained model using local data and share only the local model for
aggregation. In contrast, the aggregated model is referred to as a global
model [81]. Many research studies are introducing Blockchain into
their FL methodology since federated learning relies on a centralized
and knowledge sharing, in model-driven development, instead of hav- PR
server, which is vulnerable to attack. Additionally, to protect privacy
ing clients send their data to a central server, the server sends models to
clients so they may train on their local copies of the data. The authors in
[79] comprehensively analyze FL-based IDSs. The study investigates
the implementation of FL-based IDSs in different domains, elucidates
architectural distinctions, and provides an overview of the current state
D
of the art in FL-based IDS from its inception in 2016 until 2021. The
study establishes a reference architecture and a taxonomy that can be
used as guidelines for comparing and designing FL-based IDSs. In their
study Aydogan et al. [18] observed that centralized Intrusion IDS ex-
TE
hibited superior performance in detecting attacks in a timely manner.
This advantage stems from their ability to collect and utilize a broader
range of information compared to individual IDS agent nodes. Addi-
tionally, the centralized IDS approach was found to be well-suited for
overcoming the resource limitations commonly encountered in IIoT set-
EC
tings. Fig. 8 present the general FL architecture.
RR
CO
Fig. 7. Comparison between federated learning approaches.
11
Ad Hoc Networks xxx (xxxx) 103320
Several studies have introduced FL-based approaches for IDS, as evi-
denced by existing works [139], [162]. IDS plays a vital role in modern
security but comes with distinct challenges. For example, detection sys-
tems must provide swift alerts to ensure timely responses [74]. They
also need to handle diverse network settings and devices while effec-
tively addressing unknown attacks [30]. Consequently, evaluating how
various federation settings influence detection performance is crucial.
Recent surveys have acknowledged the significance of FL-based IDSs in
the research community by recognizing the interconnectedness of FL
and IDS [26]. The authors in [51] proposed the study offers a compre-
hensive background and comparison of centralized learning, distrib-
uted on-site learning, and FL. Subsequently, it explores the application
of FL in the context of cybersecurity for the IoT. While the primary fo-
cus of this study is on security, it also explores various approaches that
tackle performance-related concerns (such as accuracy, latency, and re-
source constraints) associated with FL. These performance considera-
tions are crucial as they can impact IoT systems’ security and overall
performance. FL provides an efficient anomaly-based IDS for restricted
and distributed IIoT data, as well as decentralized IDS decision-making
for heterogeneous IIoT architecture [53,140]. While all data is stored
on the device, FL ensures the privacy of edge device data during the
training phase. Furthermore, Smart edge devices can concurrently cre-
ate mutual predictions with each other [147]. Blockchain is used to se-
cure the legitimacy of locally obtained data and learned models during
the FL process. By providing a distributed ledger, Blockchain has paved
the way for secure data sharing in IIoT [56]. However, FL faces many
challenges in IIoT, such as, security threats on the servers, sensor nodes,
and data breaches [11]. Considering this perspective, we believe it is
imperative to present an up-to-date systematic review specifically fo-
cusing on IDS-based cybersecurity for IIoT. This review will shed light
on the challenges and critical aspects that researchers must consider
while developing an effective security system for IIoT. Reviewing the
state-of-the-art to summarize existing knowledge is essential, and inte-
grating Blockchain with FL-enabled IDS in IIoT networks can meet
some challenges.
S. Ali et al.
F
OO
PR
D
Fig. 8. General federated learning architecture.
4. The threat to IIoT networks
TE
IoT/IIoT devices have vulnerabilities that malicious actors can ex-
ploit for financial gain, data theft, or sabotage due to their intercon-
nected nature and limited resources. Security attacks against IoT/IIoT
exploit weaknesses in authentication, encryption protocols, and
firmware vulnerabilities, leading to unauthorised access, device manip-
EC
ulation, data breaches, and network disruptions. Implementing robust
security measures and risk assessments and collaborating on standards
and best practices is vital to address these challenges. This approach
will mitigate risks and support IIoT technology's continued growth and
advancement.
There are two types of attacks that may happen to IIoT devices: ex-
RR
ternal attacks, in which an attacker from outside the IIoT network at-
tempts to compromise one of these devices, and insider attacks, in
which a device within the network is used to compromise another. In
threat modeling, STRIDE is typically used to classify and detect threat
vectors. The following categories apply to the internal threat sources:
• T1—An intruder can stealthily access and record all
CO
communications inside a network and use this information for
their ends [175].
• T2—An intruder can compromise a node. This vulnerability can
potentially expose the entire Blockchain, enabling attackers to
continuously access the complete transaction and Blockchain
history.
• T3—A malevolent attacker may attempt to exploit the
vulnerability in previously deployed smart contracts.
• T4—An adversary with malicious intent might discover certain
sensitive or secret information of the private credentials can be
exposed in transactions or smart contracts, making them
vulnerable to unauthorised access [180,177].
The majority of real-world attacks are highly targeted, trying to ex-
ploit specific vulnerabilities in IoT and IIoT devices and networks. Fig.
12
Ad Hoc Networks xxx (xxxx) 103320
9 shows a high-level perspective of potential dangers affecting various
parts of an IoT/IIoT system. This is critical since upgrading security fea-
tures on a large number of sensors in the field is impractical, error-
prone, and even damaging to users. Many attacks are aimed at exploit-
ing zero-day vulnerabilities.
IIoT threat modeling generates measurable data that includes
threats and associated risks. In order to counteract advanced persistent
threats that are able to circumvent conventional security measures, one
option is to implement a strong IDS throughout their lifecycle. We em-
ployed a risk model, STRIDE, which encompasses spoofing, tampering,
repudiation, information disclosure, denial of service (DoS), and eleva-
tion of privilege to assess potential threats. The attacks on IIoT systems
can be launched over an array of software sub-systems generally
stacked into a layered architecture. The following subsection opens the
discussion about such attacks using a layered-based taxonomy.
4.1. IoT attack taxonomy
This section specifically addresses the potential security threats that
may occur within each of the four layers of the IIoT system. Fig. 10 pro-
vides a taxonomy of security attacks in the IIoT network according to
these fours layers.
4.1.1. Security considerations in the perception layer
The Perception Layer consists of diverse smart IoT devices, includ-
ing sensors and actuators, responsible for sensing the surrounding envi-
ronment and collecting various types of environmental and industrial
data [77]. It leverages diverse sensing technologies like GPS, RFID,
WSN, and RSN. Addressing security challenges at this layer is crucial, as
any compromise could severely affect the entire system. However, this
layer is vulnerable to various attacks described below.
• Node capturing attacks: Node capturing attacks involve
infiltrating or substituting a node within an IoT network or
modifying hardware components. These nodes are susceptible to
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

F
OO
PR
Fig. 9. Example attacks IIoT systems.
D
TE
EC
RR
CO

Fig. 10. Security attacks in the IIoT network.

multiple cyber-attacks, presenting a significant risk to the overall
IoT system. One such threat involves attackers capturing or
substituting an IIoT system node with a malicious counterpart
[57]. This type of malicious node poses a grave risk to the integrity
and compromises the overall security of the entire IoT application.
• Side-channel attacks: The sensitive data within an IoT system is
vulnerable to exploitation through various side-channel attacks.
These attacks exploit the microarchitecture of processors,
information obtained from power consumption analysis, and
electromagnetic emanation to extract valuable information that
can be utilized by an attacker [170]. Modern chips incorporate
multiple security features to mitigate these risks and employ
diverse cryptographic techniques to prevent and defend against
potential side-channel attacks.
• False data injection attacks: In the IoT system, an IoT node can
be tampered with to introduce fabricated data, inaccurate results
or the malfunctioning of the IoT application [24]. Attackers may
exploit this method as a means of conducting a DoS attack as well.
• Eavesdropping and interference attacks: In IoT scenarios
involving the deployment of multiple nodes in open

13
S. Ali et al.
environments, there is an increased vulnerability to potential
eavesdropping risks [88]. Consequently, malicious actors expose
these applications to the potential interception of valuable data
during the transmission or authentication phases.
• Sleep deprivation attacks: In these attack scenarios, perpetrators
aim to deplete the power sources of edge devices; sleep deprivation
attacks bear a resemblance to DoS attacks as they deplete the
batteries of edge devices, conditions within the IoT nodes due to
the unavailability of power sources [151]. This attack is executed
by running malicious code in infinite loops on the edge devices,
F
artificially escalating their power consumption.
• Booting attacks: IoT edge devices are susceptible to attacks due
to the absence of security procedures during the boot stage [129].
OO
Attackers can exploit these vulnerabilities by capturing the device
during a reboot. In order to mitigate these attacks, it is crucial to
establish a secure boot process for these devices.
• Malicious code injection attacks: These attacks commonly
occur during over-the-air (OTA) software or firmware upgrades,
which entails injecting malicious code into the memory of IoT
nodes . It is a potential entry point for attackers to introduce
malicious nodes into the IoT system [185]. During scheduled
firmware updates, intruders may introduce Trojans into the
system when devices are in operation mode, requiring a reboot.
Addressing this security challenge involves two primary
categories: authenticating and identifying edge devices to
PR
enhance network security, it is essential to prevent the installation
of drivers or malware on peripheral devices under the pretense of
updates or upgrades [76].
D
• Jamming attacks: These attacks involve disrupting or
manipulating the tag reader air interface, which hinders or
modifies communications. Jamming can be achieved through the
use of a high-power, long-distance transmitter or through passive
TE
means such as shielding, taking advantage of the interface's
sensitivity. RFID systems are susceptible to jamming by
employing radio noise that matches the frequency of the system
[76].
• Replay attacks: This attack type entails replicating an
EC
authentication code utilized by an authorized individual. It can be
accomplished by cloning the authorized tag or intercepting and
retransmitting signals captured from a smart device equipped
through the communication antenna and signal card. The replay
attacks demand access to particular data during the
communication of the devices [76].
RR
4.1.2. Security considerations in the network layer
The central role of this layer is to transmit information from the per-
ception layer to computational units. Subsequently, we delve into the
core security concerns associated with the network layer.
• Dos/DDoS attacks: Denial-of-service (DoS) and distributed
CO
denial-of-service (DDoS) attacks involve the attacker inundating
the network with excessive unwanted requests, rendering
network servers inaccessible to legitimate users. DDoS attacks
specifically employ multiple sources to flood the network with
requests. While these attacks are not specific to IoT applications,
the weak configuration of numerous IoT devices within the
network can provide a vulnerable entry point for intruders to
orchestrate such attacks against servers [61].
• Data transit attacks: The vulnerability to data breaches
increases due to the diverse range of technologies used in data
processing within IoT applications. Data transmitted between IoT
devices becomes a prime target for intruders, while data stored in
both cloud, edge and local servers faces security challenges. IIoT
applications demand significant data processing and storage
capabilities.
14
Ad Hoc Networks xxx (xxxx) 103320
• Phishing site attacks: In such attacks, the strategy involves
targeting multiple IoT devices, with the expectation that the attack
will have an impact on at least some of them. The likelihood of
such attacks is heightened when users visit unauthorised web
pages. Once attackers access user accounts and passwords, the
entire IoT system becomes susceptible to cyber-attacks [61].
• Routing attacks: This form of attack manipulates the routing
paths within the IoT framework. During sinkhole attacks, nodes
are deceived by false advertisements of the shortest routing paths,
resulting in the redirection of traffic through the malicious path.
On the other hand, warm hole attacks create unauthorised out-of-
band connections between two nodes, facilitating the transfer of
unauthorised packets. Both routing attacks undermine the
fundamental security measures within an IIoT application.
• Access attacks: This attack is frequently referred to as an
advanced persistent threat (APT). During this attack, an
unauthorised intruder gains access to the IoT network and can
persist undetected for an extended period. The primary goal of
such attacks is to clandestinely steal valuable information from
IIoT applications. Due to the data-intensive nature of IIoT
applications, their data-processing activities are particularly
susceptible to these persistent attacks.
4.1.3. Security considerations in the middleware layer
The layer plays a pivotal role in enabling communication between
the application and network layers by acting as a mediator and offering
advanced computing and storage features [137]. The middleware layer
is susceptible to various attacks, especially concerning the security of
databases and cloud and edge environments.
Man-in-the-middle attacks: An attacker in an IIoT network may in-
tercept and alter the communication between two parties, which is
known as Man-in-the-Middle (MitM) attacks. This scenario may result
in unauthorised entry, data tampering, or the compromise of confiden-
tial information. In the context of the MQTT protocol, which utilizes a
publish-subscribe communication model, subscribers and clients are
decoupled from each other [3]. If an attacker successfully executes a
MitM attack, it can lead to unauthorised access, data manipulation, or
the extraction of sensitive information within the IoT system.
• Flooding attacks: This attack functions similarly to a Denial-of-
Service (DoS) attack and significantly impacts the quality of
service. The attacker continuously inundates a service with a large
number of unwanted requests, leading to an overload on cloud
servers and making the service inaccessible to legitimate users
[134].
• SQL injection attacks: The intruder has the ability to inject
malicious SQL statements into the main program, enabling
attackers to gain unauthorised access to private user data or
manipulate valuable data stored in the database [99]. According
to the open web security project (OWASP), SQL injection attacks
have been categorized as one of the most critical web security
threats.
• Signature wrapping attacks: Within the middleware layer, web
services utilize XML signatures. However, an intruder can
compromise the security mechanism and manipulate intercepted
messages by exploiting vulnerabilities in the object access
protocol [142].
• Cloud Malware injection attacks: These attacks involve an
intruder's injection of malicious code or virtual machines into
cloud servers. The attacker can gain access to sensitive user
information by impersonating a legitimate service using a virtual
machine [50].
S. Ali et al.
4.1.4. Security considerations in the application layer
The application layer plays a pivotal role in formating and present-
ing data while delivering a wide range of IoT applications to end-users.
These applications encompass various domains such as smart health,
homes, cities, industries, and transportation. In this layer, security
emerges as a central challenge, leading to recurrent concerns [16]. The
following section describes the primary security issues encountered in
this layer.
• Malicious code injection attacks: Adversaries tend to exploit the
F
most rudimentary and readily accessible methods to initiate
attacks on a system. In the absence of robust code validation
mechanisms, the system becomes susceptible to malicious scripts
OO
and potential vulnerabilities. Cross-site scripting (XSS) is a
common technique employed by intruders, where they inject
malicious scripts into trusted websites. An adeptly executed Cross-
Site Scripting (XSS) attack can lead to severe consequences, such as
the compromise of user accounts through hijacking or even
causing significant disruptions to the entire IoT system [161].
• Data theft attacks: In IIoT applications, the transmitted data is
more vulnerable to cyber-attacks than data at rest, given its
applications can have severe implications for registered users
[161]. To counteract these attacks effectively, robust security
measures can be implemented, encompassing advanced encryption
PR
vulnerability during transit. Exploiting data theft attacks in such
techniques, network authentication mechanisms, and data
isolation protocols.
• Access control attacks: Access control is a crucial
D
authentication mechanism that permits legitimate users to access
accounts and process data. In IIoT applications, compromising
access control poses a significant threat. Upon successful
compromise of access, the entire infrastructure becomes exposed
TE
to a myriad of potential threats, leaving it vulnerable to a wide
range of security risks [186].
• Sniffing attacks: Adversaries possess the capability to employ
sophisticated sniffer applications for the purpose of monitoring
network traffic in IoT systems. Therefore, it is imperative to
EC
establish and deploy resilient security measures within the IoT
infrastructure to effectively thwart any unauthorised access and
safeguard confidential user data [4].
• Service interruption attacks: These attacks, known as disruptive
interruption attacks, strategically disrupt the availability of
services to authorized users. Through intentional overloading of
servers, they incapacitate their responsiveness, ultimately leading
RR
to service unavailability [80].
• Reprogram attacks: If the programming process of IoT objects
lacks adequate protection, an attacker may attempt to reprogram
them. This can potentially result in the complete hijacking of the
IIoT network, giving adversaries significant control over its
operations and critical components [3].
CO
4.2. Threat to federated learning as IDS/IPS engine
The requirement to safeguard many devices from unauthorised ac-
cess while maintaining system stability and providing prompt responses
in real time has complicated the threat problem in the industrial set-
ting. The ability to identify threats in IIoT devices is crucial in this con-
text, as it allows for the elimination of potentially harmful factors such
as injection by rogue IIoT devices. The difficulty of threat modeling has
increased due to the proliferation of new threats and the various vari-
ants developed from existing ones. Effectively modeling traffic and pro-
viding a means of detecting both previously-known and as-yet-
undiscovered threats depends on having access to robust security mech-
anisms. The evident risk lies in the openness of a machine learning
model to manipulation, which can occur when a mere handful of edge
15
Ad Hoc Networks xxx (xxxx) 103320
devices function erroneously. The Attackers may take advantage of vul-
nerabilities in federated learning systems utilized in IoT networks for
the implementation of the IDS/IPS systems.
Following are the vulnerabilities an adversary can exploit in FL-
based systems in IoT/IIoT networks.
4.2.1. Poisoning attack
The main goal of adding false data into the aggregation process, poi-
soning attacks primarily aim to decrease a model's predictive power.
Nevertheless, according to the origins of the trained updates, the au-
thors in [165] classified poisoning attacks as either involving the poi-
soning of models or data. In data poisoning, the training data on com-
promised edge devices is altered, whereas in model poisoning, updates
to the poisoned model are generated using a set of predetermined rules.
Using trimmed optimization with multiple keys, the authors in [96]
suggested a secure federated learning process immune to numerous
common poisoning threats.
4.2.2. Information leakage
Hitaj et al. [60] outlined a novel approach involving the implemen-
tation of deep learning models, specifically a generative adversarial
network (GAN), to craft a set of specialized training patterns that are re-
silient against adversarial attacks. However, the process of training a
deep neural network across an extensive dataset might take a substan-
tial amount of time and resources. Based on an investigation of the pri-
vacy leakage the authors in [178,38] suggested a safe and resilient fed-
erated learning protocol for IoT networks called East Fly. In their pro-
posed framework, a local node receives parameters from the central
server at regular intervals during the training process. Utilizing its own
training dataset, the local node computes necessary modifications and
directly communicates these updates back to the server. Moreover, the
server modifies the parameters and then make changes to the overall
settings based on what it receives. Collaborative learning is vulnerable
to severe inference cyberattacks, as discovered by Melis et al. [105] be-
cause of the leaking of unwanted characteristics.
4.2.3. Denial-of-service (DoS) attack
DoS attacks aim to disrupt or overwhelm the availability of IIoT sys-
tems by flooding them with excessive traffic, requests, or malicious
data. This can lead to system downtime, causing operational disrup-
tions and financial losses.
4.2.4. Malware and ransomware attack
Malware and ransomware attacks involve installing malicious soft-
ware or code within IIoT systems. Malicious software, or malware, has
the capacity to cause operational disruptions, exfiltrate sensitive data,
and grant unauthorised access to attackers. In particular, ransomware
employs encryption to lock vital data, demanding a ransom in exchange
for its decryption, thus inflicting considerable disruptions and imposing
substantial financial consequences.
4.2.5. Byzantine attack
To subtly alter the max-model predictor's classification outcome, an
attacker can employ a byzantine attack to send out locally-modified
harmful models to other participants. The adversary can also corrupt
their local copy of the model update process. Using Blockchain technol-
ogy, the authors in [174] built a secure federated learning infrastruc-
ture that can withstand Byzantine attacks. It is a notion to use a digital
twin with adaptive federated learning proposed by [162]. Its founda-
tion is based on interaction records and educational efficacy; both rely
on deploying damaging updates to mitigate the threat posed by mali-
cious data.
S. Ali et al.
4.2.6. Jamming attack
A sophisticated jamming attack targeting FL-based security and pri-
vacy solutions endeavors to deliberately disrupt the normal functioning
and communication of the system. with or clash with the receiver to ob-
struct communication inside the victim network. Using federated learn-
ing, Mowla et al. [118] advocated a safety framework for detecting cog-
nitive jamming attacks. However, using the client group prioritizing
method, on the Dempster-Shafer theory as its foundation, detection
may be carried out on the device while accounting for the environmen-
t's uneven sensory data characteristics.
F
4.2.7. Shilling attack
In a shilling attack, an attacker tries to manipulate recommendation
OO
systems by creating a significant number of phony profiles. The ulti-
mate goal of a shilling attack is to manipulate a recommendation sys-
tem by artificially increasing or decreasing the popularity of a specific
product or service by creating a large number of fake user profiles and
giving those profiles unreasonable ratings. The authors in [67] pro-
vided a novel system for detecting fraudulent attackers by developing
four characteristics from gradient matrices; the proposed solution in-
volves training a semi-supervised Bayes classifier.
4.2.8. Zero-day exploits
Zero-day exploits capitalize on undisclosed and previously unknown
PR
vulnerabilities present within IIoT systems, for which no patch or reme-
diation is currently available. Attackers exploit these vulnerabilities be-
fore they are discovered or patched, potentially causing significant
damage and compromising system security.
D
4.2.9. Privacy leakage attack
Differential attacks allow an attacker to determine whether or not
an IIoT has participated in a mission based on local model modifica-
TE
tions. Some information about the training data can be leaked even af-
ter a distributed learning approach has been implemented, primarily
due to the presence of up-to-date local model parameters on IoT de-
vices. The authors in [174] introduced an innovative methodology that
leverages a combination of Blockchain technology, local differential
EC
privacy, and reinforcement learning as a formidable defense mecha-
nism against the data leakage. Data leakage attacks in federated learn-
ing expose participant data through a breach in the aggregate server
caused by malicious behavior. Additionally, ML models may be at-
tacked in numerous ways, including white-box, black-box, and gray-
box assaults. Flooding in a white box assumes the vulnerable target can
be easily accessed [191]. Adversaries employing black-box attacks can
RR
solely interact with the network through output queries, without any
substantial knowledge of the network's internal structure or parame-
ters. These three approaches may often be grouped under the umbrella
of adversarial attacking methods. The study provides proof of concept
for the efficacy of bolstering IIoT network cyber security by integrating
Blockchain and FL.
CO
5. State-of-the-Art IDS approaches for IIoT networks
5.1. Blockchain-based approaches for IIoT-ID
Blockchain is a decentralized, immutable ledger. It removes a vul-
nerable central server in an untrusted computer environment [46].
Blockchain provides an efficient method from a IDS perspective, which
is useful in designing security solutions for IIoT. Each node in a
Blockchain network operates as a peer-to-peer (P2P) node, and there is
no requirement for additional protocols for P2P communication be-
tween nodes [19]. The implementation of an IDS ranks among the fore-
most and cutting-edge embraced cybersecurity solutions, representing
a prevalent and extensively employed method for detecting and pre-
16
Ad Hoc Networks xxx (xxxx) 103320
emptively countering malicious activities that may arise within a net-
work infrastructure.
A primary function of an IDS is to monitor both inbound and out-
bound network traffic, audit data, and security logs; it will send an
alarm to the network management center if it detects any abnormal
data packets [101]. Notwithstanding, Blockchain stands as an adapt-
able technology that fosters trust and reliability in decentralized and
distributed systems. It has many potential applications, including those
in IoT, healthcare, and supply chain managemen [100]. Since
Blockchain can protect data integrity and ensure process integrity, it
can potentially be used in IIoT for intrusion detection [155]. The IDS is
designed to detect anomalous activity. In addition, IDS systems may
also be used to ensure a safe IIoT system [173].
Furthermore, known security threats that take advantage of zero-
day vulnerabilities are one of the threats that most frequently affect
IIoT networks. The attackers utilize a number of methods, such as de-
nial-of-service (DoS), decentralized DoS (DDoS), and Spoofing, to infect
and modify the behavior of targeted devices. Examples include the
2010 Stuxnet worm assault on Iran's nuclear program and the 2013 in-
trusion by Iranian hackers into the dam's industrial control system (ICS)
in New York. However, another example of a cyberattack took placed in
Ukraine, where over 80,000 blackouts in 2015 due to a passive black-
energy strike [41,17]. Signature analysis, anomaly detection, and speci-
fication-based analysis are the three primary types of detection used in
an IDS system. Intruder detection systems that use either signatures or
anomalies effectively thwart cyber assaults [195]. The increasing so-
phistication of cyberattacks renders the use of a single IDS insufficient
for protecting a network. Contrarily, CIDs are employed to provide a ro-
bust platform where isolated IDS nodes may communicate and share
data on harmful activity discovered within their subnetworks while
minimizing false positives [10],[101]. IIoT-based systems are vulnera-
ble to attack because centralized systems do not have adequate security
and insufficient trust amongst CIDs, making it difficult for IDS to suc-
cessfully thwart cyber-attacks in IIoT systems. Hence, securing IIoT en-
vironments against potential security risks involves creating a reliable
and holistic security monitoring system and an effective IDS to cope
with novel cyber-attacks in IIoT systems.
The distributed and verifiable nature of Blockchain technology
makes it possible for IIoT systems to link previously untrusted devices.
Fig. 11 shows the framework for Blockchain-based IIoT systems and its
components. The construction of a Blockchain comprises three primary
components; hash value, Hash Function/Timestamp, Block body, and
Merkel root.
• A hash value: The hash value is responsible for storing data from
the prior block.
• Hash function/Timestamp: The Blockchain data is stored in the
timestamp and hash function, which records the exact moment
new blocks are created together.
• Block body: During the block's creation, the block body retains
every single examined transaction. Construct a Blockchain, and
these individual blocks are connected by hash values.
• A Merkel root: This results in fewer transactions being processed
within each block, making it easier to verify the existence and
integrity of transaction data quickly.
The architecture of a Blockchain-enabled IIoT system, consists of the
six components listed below.
1) Blockchain-enabled Network: It uses a private, decentralized
network to store all the data in the systems.
2) IIoT Networks: The IIoT system is able to supply these various
resources to its users.
3) The Key management Servers: It generates the appropriate
cryptanalytic keys for node authentication and data encoding.
S. Ali et al.
F
OO
PR
D
Fig. 11. Blockchain-enabled IIoT architecture.
4) Management Hub: It focuses primarily on managing and
TE
maintaining the entire system.
5) Smart Contract: It supports IIoT-Blockchain system interfaces.
6) Clients: Users who make access requests to the IIoT resources fall
under this category.
IIoT modernizes smart industries by incorporating the newest tech-
EC
nologies. Integrating Blockchain technology into the IIoT platform
raises the level of security and attracts significant interest from acade-
mia and business.
5.2. Federated learning-based approaches for IIoT-ID
RR
While maintaining data privacy, the authors in [140] presented an
FL approach that relies on client and server interaction using a deep
neural network (DNN) to develop an IDS model. Similarly, the authors
in [59] developed an FL detection approach that emphasized commu-
nicating aspects such as specific threat information to each alert. With
IDS, machine learning (ML) and deep learning (DL) have gained
CO
tremendous momentum in achieving high accuracy and classification.
Additionally, IDS employing ML approaches learns from normal and
abnormal data traffic by executing the model's training process. Feder-
ated Learning was presented in 2016 to identify the malicious flow of
data. Through a series of iterative training sessions, a group of clients or
parties on the network's periphery train an AI algorithm, and then that
data is sent back into the network's core system to improve the global
model [104]. FL is a decentralized learning method that protects pri-
vacy and trains models locally before sending parameters to a central
server. The FL has recently come into consideration as a conceivable ap-
proach for learning a shared model collectively from patterns, dataset,
or environment distributed over a network [5].
Prior to distributing its up-to-date global model to clients for each it-
eration, the FL server strategically selects a subset of clients to engage
in the learning process [113]. Secondly, FL empowers devices to engage
in collaborative learning without necessitating centralized data ex-
17
Ad Hoc Networks xxx (xxxx) 103320
change. Moreover, various machines and servers can train ML/DL using
decentralized data in multiple rounds [164]. Next, the clients/users up-
date the FL server with the new model or learned parameters. Upon re-
ceiving an updated global model or learned parameters, each client or
user utilizes their data. The known model can be stored in the
Blockchain using the FL method to improve how well data is stored and
keep data private. To employ safe, accurate, resilient, and impartial
models, researchers have utilized FL technology in IIoT [23]. However,
FL still faces challenges, i.e., security risks, while implementing and us-
ing FL in IIoT, including data leakage and server and client-side attacks
[62]. On the other hand, integration of Blockchain-enabled with FL in
the IIoT system faces some adoption challenges. Furthermore, to give
additional privacy protection, decentralization, and security in IDS,
Blockchain-enabled FL can incorporate ML/DL with IIoT networks dur-
ing the classification and training phase.
FL's system architecture comprises three primary IDS deployment
architectures that can be used according to the system's needs. These ar-
chitectures are Centralized architecture, Decentralized architecture,
and Distributed architecture. IDS are typically deployed centrally for
small networks with limited scalability. The main reason behind the
success of FL is because of its collaborative machine learning model's
decentralized training process; FL is able to significantly reduce the
burden on the centralized server in terms of both computing and stor-
age costs, in addition to protecting the privacy of sensitive information
shared across several user interfaces and application frameworks. This
architecture requires data transmission to a central server to train the
ML model for IDS. More than one IDS actively identifies attacks in a de-
centralized and distributed architecture. To enhance the capabilities of
the IDS, the authors in [146] integrate inter-agent communication and
hierarchical decision-making mechanisms. However, the effectiveness
of these features is hindered by the restriction of data being stored lo-
cally. Fig. 12 shows the different IDS types that can be deployed in FL
architectures.
FL offers a server-client architecture that includes both server-side
computations, such as model aggregation, and client-side interaction,
S. Ali et al.
F
OO
Fig. 12. Different IDS architectures deployed in FL.
i.e., model training. The authors in [140], employed Multi-Layer Per-
ceptron (MLP) and auto-encoder models for IDS systems. They used sta-
based systems. Furthermore, IDS deployment can be adapted to cater to
both large-scale and small-scale networks, encompassing network-
PR
tistical analysis to compare results from centralized and distributed FL-
based IDS for broader monitoring, host-based IDS for individual system
protection, or protocol-based IDS targeting specific communication
protocols. These variations cater to the diverse needs of different appli-
cations and end-users. In a conventional FL system, both the central au-
D
thority and the trainees/participants have a high degree of autonomy.
Using the FL system, researchers in [62] have created models that are
safe, precise, robust, and impartial for IIoT use cases. When developing
large-scale distributed systems, FL is often used to build centralized
TE
models without compromising data privacy to enhance training perfor-
mance [22,46,160]. Consequently, IDS in IIoT networks would be more
trustworthy if combined with Blockchain and FL-enabled IDS to estab-
lish a robust line of defense against security and privacy attacks.
5.3. Hybrid IDS approaches
EC
Recently, with its billions of IIoT devices, highly dispersed data ex-
change, and decentralized data interaction, edge-based IoT presents
new issues in building an applicable IDS. To ensure the security of the
IIoT, IDS design is essential for IIoT networks. Building an effective IDS
for edge-based IIoT requires both the detection technique and the sys-
RR
tem architecture as fundamental building blocks. Generally, an IDS
helps prevent harmful traffic since it is used to identify network activ-
ity, notably to differentiate between normal and malicious traffic.
When creating detection methods and system architecture for IIoT de-
vices, resource utilization efficiency should be addressed due to each
small edge device's inadequate storage and computing ability. The hy-
CO
brid IDS approach combines the benefits of Blockchain and FL-enabled
in IIoT networks, using various detection techniques among lower- and
upper-layer network devices, respectively. Blockchain has become the
industry standard for securing data transfers between nodes in a distrib-
uted network [169]. Blockchain is utilized to enhance security in dis-
tributed IDS networks due to its immutability and the consensus proce-
dures followed by nodes. The majority of currently available security
applications share multimedia files and sensitive data using Blockchain
technology [20]. Several types of security applications employ
Blockchain technology to increase performance. Blockchain technology
has lately been utilized in a wide range of fields, including IoT, IIoT,
IDS, and financial services, as well as various other domains
[87,148,136]. Currently, there is a growing concern about the deploy-
ment of Blockchain in IIoT Networks [85], for example, to protect data
transfers by integrating Blockchain technology with FL, ML, and Deep
Reinforcement Learning (DRL), the sharing mechanisms of IDS are opti-
18
Ad Hoc Networks xxx (xxxx) 103320
mized, thereby enhancing data collection efficiency and overall efficacy
[90].
The implementation of FL for IDS paves the way for DL/ML to de-
liver individualized protection mechanisms across many devices. As a
security tool, federated learning has been proven effective. Convention-
ally, IDS have been considered crucial to keeping systems safe by spot-
ting possible security attacks/threats based on traffic monitoring and
analysis. IDS is responsible for identifying and detecting malicious net-
work flows to prevent the progress of network attacks and log the net-
work flow information for further research. Addressing core privacy,
data security, and digital rights management concerns, FL empowers
multiple participants to collaboratively build robust machine learning
models without the need for direct data exchange. The current state of
data-sharing systems that rely on a central curator increases the likeli-
hood of data leakage, especially when multiple parties are involved.
The demand for IDS is increasing since IPS-based network attack pre-
vention is no longer feasible owing to the emergence of fresh forms of
assaults in IIoT systems on a daily basis. The use of FL in various aspects
of anomaly detection is investigated together with different IDS models,
ML approaches, and related difficulties. In addition, there are numerous
approaches, including neural networks and clustering algorithms, now
being taken into consideration in recent years regarding its usein IDS
[91,28,40,184]. In the environoment of the IIoT, current initiatives
have been presented by taking into consideration various technologies
and devices related to the security in [32]. The authors in [48,47] as-
sess DL approaches for detecting network security threats. Despite the
recent major advancements in IDS for IIoT, there is still much potential
for improvement in developing effective IDS [6,158]. To this end, the
creation of cutting-edge distributed IDS systems is urgently required,
such as Blockchain and Federated Learning-enabled to be developed for
IIoT networks.
5.4. Intrusion detection datasets
Assessing an IDS's efficacy necessitates utilizing a dependable and
up-to-date dataset encompassing contemporary instances of legitimate
and anomalous activities. The dataset serves as a vital resource for ac-
curately evaluating the performance and effectiveness of the IDS in de-
tecting and distinguishing between normal and suspicious behaviors.
The datasets enable researchers and cybersecurity experts to train, vali-
date, and test IDS algorithms to distinguish between legitimate network
traffic and malicious intrusions accurately. Table 2. presents the sum-
mary of well-known datasets used in the literature for experimentation
of intrusion detection systems. Over time, numerous datasets have been
generated, and while many of them are kept private to address privacy
concerns, a subset has been made accessible to the public. Below, we
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

Table 2
An evaluation of recent IoT cybersecurity datasets available for intrusion detection.
Dataset
Year IoT Class Records Features Description Traffic
traffic percentage feature

IoT IIoT
KDD- 1999 Normal Normal 972, 19.85 % 41 The KDD99 dataset was derived from the DARPA 98 dataset to serve as an
CUP99 780 assessment tool for intrusion detection systems aimed at distinguishing between ✗✗
incoming attacks and regular network connections.

F
Attack Dos 3,883, 79.27 %
370
U2R 50 0.001 %
R2L 1126 0.02 %

OO
Probe 41,102 0.83 %
Total 4,898, 100 %
428

NSL-KDD 2009 Normal Normal 972, 19.85 % 41 NSL-KDD dataset, which is a widely used benchmark dataset in the field of intrusion
781 detection and network security. It is an improved version of the original KDD Cup ✗✗
1999 dataset, commonly used to evaluate IDSs.
Attack Dos 3,883,

Total
Probe
R2L
U2R
366
41,102
1126
52
4,898,
427
79.27 %
0.83 %
0.02 %
0.001 %
100 %
PR
UNSW_ 2015 Normal Normal 19,488 24.10 % 49 The dataset is derived from a synthetic environment created to generate attack
NB15 activities, serving to evaluate ensemble intrusion detection models. ✓✗
Attack Generic 39,496 48.84 %
D
Exploits 16,187 20.02 %
DoS 1791 2.21 %
Fuzzers 1731 2.14 %
Reconnaissance 1703 2.11 %
TE

Analysis 264 0.33 %

Worms 114 0.14 %
Backdoor 114 0.12 %
Total 80,873 100 %

Bot-IoT 2019 Normal Normal 9543 0.001 29 Bot-IoT incorporates legitimate and simulated IoT network traffic and various types
EC

of attacks used by botnets. ✓✗

Attack Dos
TCP 12,315, 1.672 %
997
UDP 20,659, 2.81 %
491
HTTP 29,706 0.004 %
RR

DDoS
TCP 19,547, 2.66 %
603
UDP 18,965, 2.58 %
106
HTTP 19,771 0.002 %
Reconnaissance
CO

OS Fingerprinting 358, 0.04 %

275
Service Scanning 1463, 0.19 %
364
Information Theft
Keylogging 1469 0.00 %
Data Exfiltration 118 0.00 %
Total 73,370, 100 %
443

TON_IOT 2020 Normal Normal 3086, 85.60 % 31 The dataset is employed to evaluate FL techniques in the context of intrusion
973 detection. ✓✗
Attack Backdoor 246, 6.83 %
136
DDoS 53,992 1.50 %
(continued on next page)

19
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

Table 2 (continued)
Dataset
Year IoT Class Records Features Description Traffic
traffic percentage feature

Injection 50,319 1.40 %

Password 142, 3.96 %
674
Ransomware 16,030 0.44 %
Scanning 3973 0.11 %
Xss 6037 0.17 %

F
Total 3606, 100 %
134

OO
X-IIOTID 2021 Normal Normal 4,211, 513.07 % 68 The dataset comprises device-agnostic data utilized in the context of ML/DL learning
417 based on IDS for both IoT and IIoT systems. ✓✓
Attack Generic Scanning 50,277 6.13 %
Scanning 52,852 6.44 %
Vulnerability
Discovering 23,148 2.82 %
Resources
Fuzzing 1313 0.16 %
Brute Force
Dictionary
Insider Malicious
Reverse Shell
Mitm
Modbus Register
47,241
2572
17,447
1016
117
5953
5.76
0.31
2.13
0.12
0.01
0.73
%
%
%
%
%
%
PR
MQTT 23,524 2.87 %
TCP Relay 2119 0.26 %
Command 2863 0.35 %
D
Control
Exfiltration 22,134 2.70 %
Ransomware 458 0.06 %
RDoS 141, 17.21 %
TE

261
Fake Notification 28 0.00 %
False Data 5094 0.62 %
Injection
Total 820, 100 %
834
EC

WUSTL- 2021 This dataset was developed by incorporating authentic data from diverse IIoT and
IIOT Normal Normal 797, 92.71 % 41 industrial devices, including both legitimate and malicious inputs; this application ✓✓
261 aims to simulate a real-world IIoT environment accurately.
Attack DoS 56,379 6.56%
Reconnaissance 5932 0.69 %
Command 185 0.31 %
Injection
RR

Backdoor 152 0.25 %

Total 859, 100 %
927

Edge- 2022 Normal Normal 1380, 71.65 % 61 A real-time testbed-based cyber security dataset for IoT and IIoT applications is
IIoTset 858 employed to assess intrusion detection systems. ✓✓
Attack DDoS_UDP 121, 6.31 %
CO

567
DDoS_ICMP 67,939 3.53 %
SQL_injection 50,82 2.64 %
DDoS_TCP 50,062 2.60 %
Vulnerability_ 50,026 2.60 %
scanner
Password 49,933 2.59 %
DDoS_HTTP 49,203 2.55 %
Uploading 36,915 1.92 %
Backdoor 24,026 1.25 %
Port_Scanning 19,983 1.04 %
XSS 15,066 0.78 %
Ransomware 9689 0.50 %
Fingerprinting 853 0.04 %
(continued on next page)

20
S. Ali et al.
Table 2 (continued)
Dataset
Year IoT Class Records Features Description
traffic percentage
MITM 358 0.02 %
Total 1927, 100 %
304
provide concise explanations of the commonly employed datasets in
F
IoT/IIoT settings.
5.4.1. KDD-Cup99
OO
The dataset used for the experiment was derived from the DARPA-
98 dataset, specifically designed for evaluating the performance of IDSs
that can effectively differentiate between inbound attacks and normal
network connections. The KDD-Cup99 [70,27] is widely acknowledged
and accepted as a benchmark dataset in the field. The dataset represents
a modified version of the DARPA-98 dataset, initially supported and
funded by the Defense Advanced Research Projects Agency (DARPA), as
PR
part of an IDS evaluation plan conducted at MIT's Lincoln Laboratory
[103]. The main purpose of this dataset was to assess the performance
of IDSs in distinguishing between inbound regular network activity and
malicious activities. The dataset contains 41 attributes similar to a Net
Flow dataset. However, KDD-Cup99 has numerous weaknesses, dis-
couraging its use in the current context [168].
5.4.2. NSL-KDD
D
The NSL-KDD dataset was introduced as an innovative remedy to
address the limitations identified in the KDD99 dataset. The develop-
ment of the NSL-KDD dataset was undertaken with the explicit objec-
tive of rectifying shortcomings and bolstering the efficacy of intrusion
TE
detection evaluations within the domain of cybersecurity [152]. The
dataset represents a balanced resampling approach to the KDD-99
dataset, focusing on examples likely to be overlooked by classifiers
trained on the original KDD-99 dataset. Nevertheless, the dataset ad-
dresses some of the limitations, and it is important to note the authors
themselves acknowledge specific weaknesses, such as the dataset's lack
EC
of illustration of low-footprint attacks [103,135]. In the IDS realm, di-
verse technologies and classification algorithms are employed to effec-
tively develop a robust IDS framework utilizing this particular data set
under consideration.
5.4.3. UNSW_NB15
RR
The UNSW – NB15 dataset [117], originating from the University of
New South Wales Australia's Defense Force Academy, is a pivotal re-
source within the domain of cybersecurity , has gained significant pop-
ularity in the research community as a prominent benchmark for IDS in
the context of IoT. With a total of 80,873 samples, the UNSW_NB15
dataset is a valuable resource for researching network intrusion detec-
CO
tion. Within this dataset, there are 19,488 instances of normal IoT traf-
fic with 49 features. Simultaneously, the remaining 61,385 entries en-
compass ten distinct categories of attacks, namely Analysis, Backdoor,
DoS, Exploit, Fizzers, Generic, Reconnaissance, Shellcode, and Worm.
The development of the UNSW-NB15 dataset was undertaken by the
Australian centre for Cyber Security (ACCS), representing a significant
advancement in the realm of cybersecurity aimed to address the limita-
tions of previous intrusion datasets and facilitate the detection of
emerging cyberattacks, including those with low footprints. Utilizing
the IXIA Perfect Storm tool, they generated a substantial 100 GB
dataset, incorporating a mix of modern network traffic and synthesized
data. This synthesis involved the inclusion of both normal and abnor-
mal traffic within a controlled laboratory environment [117].
21
Ad Hoc Networks xxx (xxxx) 103320
Traffic
feature
5.4.4. Bot-IoT
The BoT-IoT dataset [115] was meticulously curated within the Cy-
ber Range Lab at the center of UNSW Canberra Cyber, with a specific
emphasis on constructing a lifelike network environment that accu-
rately represents the intricate IoT ecosystem. This dataset offers an ex-
tensive collection of records featuring diverse network profiles. Re-
searchers also introduce a testbed configuration to address limitations
found in existing datasets, such as the absence of comprehensive net-
work information, accurate labeling, and coverage of the latest and
complex attack variations. They employ various machine learning and
statistical techniques for forensic purposes. The BoT-IoT dataset com-
prises an extensive collection of over 72 million network traffic records,
obtained from a simulated IoT environment. It encompasses a diverse
array of attacks, including OS and Service Scan, DoS, DDoS, Data exfil-
tration, and Keylogging. Furthermore, the author offers a downscaled
variant of the dataset, containing approximately 3.6 million records,
meticulously designed for the sole purpose of conducting comprehen-
sive evaluations and assessments. However, the labeling files are sys-
tematically arranged, categorizing attacks based on their respective at-
tack categories and subcategories. The dataset includes original pcap
files, generated argus files, and CSV files, each contributing to the com-
prehensive analysis and assessment of the data [75].
5.4.5. TON_IOT
The TON_IOT dataset [15], an advanced initiative of the IoT Lab at
UNSW Canberra Cyber, School of Engineering and Information Tech-
nology (SEIT), Canberra at the Australian defence Force Academy
(ADFA), offers a comprehensive and sophisticated compilation of data
from various sources, spanning the domains of both IoT and IIoT [15].
This dataset contains telemetry labeled IoT/IIoT data originating from
multiple virtual machines, implementing diverse operating systems fa-
cilitates the establishment of cross-layer connectivity, interconnecting
the IIoT, Cloud, and Edge/Fog systems in a comprehensive and ad-
vanced manner. The dataset involves a wide variety of nine major IoT
traffic types, providing a comprehensive representation of network ac-
tivity, operating system logs, and other IIoT service traces. The
TON_IOT dataset further includes several attack scenarios, such as Man
in the Middle, injection, DoS, DDoS, backdoor, password cracking at-
tacks (PWA), ransomware, scanning, Cross-Site Scripting (XSS), and
cross-site scripting attacks, enriching its utility for research and analysis
in the domain of IoT and IIoT security [116].
5.4.6. X-IIOTID
The X-IIoTID dataset was created at the University of New South
Wales in Canberra with the aim of simulating the tactics, techniques,
and procedures employed by emerging attackers within IIoT environ-
ments [8]. The dataset incorporates a wide range of IoT components,
including sensors, actuators, controllers, edge devices, mobile devices,
and cloud-based systems. The dataset covers a wide range of communi-
cation styles, including Machine-to-Human, Machine-to-Machine, and
Machine-to-Machine interactions, characterized by high network activ-
ity and numerous events. Additionally, various communication proto-
cols like CoAP, WebSocket, and MQTT are included. The dataset pro-
vides a comprehensive representation of the heterogeneous network
traffic and system activities encountered in IIoT environments, thus
holding significant value for cutting-edge security research. With 68 at-
tributes, it covers a wide spectrum of attack types, including reconnais-
S. Ali et al.
sance, weaponization, Ransom Denial of Service (RDoS), exfiltration,
crypto-ransomware, and tampering. The dataset comprises a total of
820,834 data records, of which 421,417 are labeled as normal instances
and 399,417 as attacks [15]. By providing network traffic data from di-
verse IIoT devices and protocols, the X-IIoTID dataset offers researchers
a prevailing tool to enhance the security of IIoT systems and devise ef-
fective defense mechanisms against emerging threats [37].
5.4.7. WUSTL-IIoT
In 2021, Maede Zolanvari from the University of Washington's McK-
F
elvey School of Engineering introduced the WUSTL-IIOT dataset, strate-
gically designed to bolster cybersecurity in IIoT environments [196].
This dataset was meticulously crafted by modeling and emulating real-
OO
world industrial systems, ensuring their relevance and practicality. The
WUSTL-IIOT dataset comprises authentic network traffic data captured
from diverse IIoT devices. It encompasses 1107,448 normal samples
and 87,016 samples with occurrences of DoS, Reconnaissance, Com-
mand Injection, and Command Injection attacks, spanning a total of 41
characteristics. The dataset's generation involved the implementation
of a supervisory control and data acquisition (SCADA) architecture
WUSTL-IIOT dataset is a valuable resource for researchers seeking to
develop and assess IDS algorithms and systems tailored explicitly for
IIoT applications. This dataset enables the evaluation of AI/ML-based
IDS, primarily employing binary classification to determine whether a
PR
within the IIoT testbed. With a specific focus on intrusion detection, the
given traffic sample indicates an attack or not, thus contributing to the
advancement of IIoT security measures [36,125].
D
5.4.8. Edge-IIoTset
The Edge-IIoTset is a state-of-the-art and comprehensive dataset
specifically designed for IoT/IIoT environments [44]. The dataset was
meticulously compiled through a rigorous seven-layer test that incorpo-
TE
rated over ten distinct types of IoT devices. These devices comprise
temperature and humidity sensors, ultrasonic sensors, water level de-
tection sensors, pH sensor meters, soil moisture sensors, heart rate sen-
sors, and flame sensors. These devices were incorporated into an IIoT-
based Modbus flow, covering a range of IoT/IIoT protocols. Tailored ex-
EC
plicitly for edge computing in IoT and IIoT settings, the Edge-IIoTset
dataset aims to analyze and categorize threats effectively. It encom-
passes 14 different attack types, including information gathering, injec-
tion attacks, man-in-the-middle attacks, and malware attacks. The
dataset comprises 1380,858 instances of normal IoT traffic and 546,446
recorded attacks, offering valuable insights for ML and DL-based IDS.
These systems can utilize the Edge-IIoTset dataset in two distinct
RR
modes: centralized and FL. To guarantee the dataset's relevance and ap-
plicability, a specialized IoT/IIoT testbed was employed. This testbed
incorporated a wide variety of devices, sensors, protocols, and cloud/
edge configurations, all of which were utilized to create the dataset.
This includes capturing data pertaining to alerts, system resources, logs,
and network traffic, with a novel addition of 61 new features demon-
CO
strating high correlations among the existing 1176 features [37].
6. Discussion
To deliver a reliable and trustworthy solution for the IIoT networks,
we integrated Intrusion Detection Systems using Blockchain and Feder-
ated Learning-enabled approaches in our survey. Table 3. summarizes
several state-of-the-art IDS techniques integrated with FL and
Blockchain in IIoT networks. The table presents a variety of intrusion
detection approaches, security threats, performance metrics, time com-
plexity, and deployment specifics, demonstrating how integrating FL
and Blockchain technologies enhances the security of IIoT networks.
Even though IDS is an essential component in the IIoT network security
stack to detect prevalent attacks but still poses a limitation on the detec-
tion of novel and newer network attacks; the research in IDS to address
22
Ad Hoc Networks xxx (xxxx) 103320
the limitation focused on dynamic approaches such as ML-based intru-
sion detection systems (ML-IDS) in IIoT. ML-IDS analyzes IIoT network
traffic for anomalies to discover new attack types by learning typical
network behavior from previously recorded data packets. However, we
argue that ML-IDS deployed today still weakens emerging new attack
types. The scope and scale of the system monitored by the ML-IDS do
not have the oracle knowledge of ever-changing anomalous network
data flows.
Furthermore, ML-IDS works by building previously recorded IoT de-
vices’ network traffic which cannot ensure prevention against attacks in
case of a cold start or new deployment. In addition, it is known that the
performance of ML-IDS varies for a particular network environment
due to the dynamics of the data captured by the IDS [95]. This variation
can be interpreted and visualized from the reported results of ML-IDS
techniques on different network traffic datasets. Thus, developing a
holistic, centralized ML-IDS is not trivial, and sharing (centralizing)
network flow information across other organizational networks poses
severe security and privacy concerns.
Recently, considerable research on ML for intrusion detection in in-
formation and communication system networks has been reported.
Many conventional centralized ML techniques, for instance, support
vector machine (SVM) [128,150], and ML (DL) [56,68,123], reinforce-
ment learning (RL) state reasonable achievements for detecting mali-
cious user activities in IoT and IIoT systems.
FL is an innovative paradigm for distributed collaborative learning
and computing explicitly designed for machine learning-based applica-
tions [45]. Recent research has shown that FL-based IDS might serve as
a viable security paradigm to address the requirements and problems in
IIoT security. Li et al [81] proposed an FL technique that uses GRU and
CNN for determining the presence of incursions in the CPS . In their
work participants gain knowledge from the experiences of their peers
through the transmission; the participants can fine-tune the perfor-
mance of the IDSs by sending local gradients to a distant server for
global gradient precomputation and sharing. In [89], unsupervised DL
models are used for attack detection to address a significant amount of
unlabeled data available in IoT and IIoT networks.
Similarly, to demonstrate an unsupervised FL architecture for de-
tecting Android malware is proposed in [164]; this architecture aims
for the collaborative training of a decentralized GAN network to miti-
gate and be resilient against anomalies in the data-gathering at a cen-
tral server. The authors in [133] proposed mechanisms for protecting
user data, preventing intrusion, and identifying attacks correlated to FL
are discussed. The study in [154] designed a collaborative intrusion de-
tection system (CIDS) for VANETs in which many SDN controllers work
together to train a unified IDS model for the whole network without
sharing details about the traffic patterns inside their individual seg-
ments. Moreover, an effective anomaly-based IDS against restricted and
dispersed IIoT data is one of the many benefits of FL's decentralized IDS
decision-making against limited and diverse IIoT infrastructure.
[42,140]. In contrast, the traditional IDS schemes may not apply to the
ever-changing landscape of the IIoT due to their inherent adaptability.
Blockchain solves most of IIoT's security and privacy issues by guar-
anteeing consensus, immutability, and provenance; Blockchain adds
credibility to IDS, wherein IDS nodes must be authorized before taking
part [101]. IDS has become necessary to ensure the safety of recent IIoT
networks and technologies. There are three widely acknowledged ap-
proaches for detection, signature-based, anomaly-based, and specifica-
tion-based, utilized by intrusion detection systems. Since breaches into
the IIoT nearly invariably include humans, expensive industrial goods
like chemicals, and machinery, early identification of incursions is es-
sential.
Considerable efforts have been devoted to developing new ML/FL
and Blockchain-based IDS/IPS systems. Our research indicates that a
federation of network intrusion detection systems that use Blockchain
as a fabric of the federation and the principles of federated learning for
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

Table 3
Comparison of different state-of-the-art intrusion detection methods.
Reference Year IDS approach Security threat ML/DL method Dataset Performance Time
FL- Blockchain Deployment metrics% complexity
Based IDS
IDS

[1]
2022 ✓ ✓ Cyberattack detection Cyber-attack detection Semi-Supervised, Decentralized ToN_IoT Acc = 95.89 —
using a temporal GAN LITNET-
convolutional generative 2020

F
network (TCGAN) trained
on partially annotated
data.
[98] 2022 ✓ FL, DL, Over-sampling Web spam detection, XGBoost Decentralized XIIoTID Acc = 99.79

OO
✗
approach with partially Metadata spoofing LightGBM —
homomorphic encryption, STM
Paillier Encryption CNN
[9] 2022 ✓ ✗ Deep-learning-based Reconnaissance, MLP, DeepIIoT NIDS WUSTL- Acc = 99
intrusion detection system Backdoors, DoS, and IIOT Pr = 99 Train Time
for industrial IoT command injection, Rc = 99 25.4487 s
pose serious threats to F1 = 99
system security and
integrity
[44]

[82]
2022 ✓

2021 ✓
✗

✗
A realistic testbed was
developed to evaluate the
efficacy of machine
learning-based IDSs in the
IoT/IIoT environment.
IMA-GRU protocol
PR
DoS/DDoS,
Information gathering,
Injection, Man in the
Middle, and Malware

DDoS Attack
SVM, DT,
RF, KNN, and
LSTM

GRU
Hybrid Edge-IIoT

Decentralized UNSW
Non-
IID = 99.98
IID = 100

Acc = 98
—

MR-Time
NB-15 1715.91 s/
1000bots
MD-Time
D
483.74s
[113] 2021 ✓ ✗ ✗ LSTM Decentralized Real-time Acc = 95
Implemented the LSTM and GRU Train Time
gated recurrent units 45.31 s
TE

(GRUs)
[8] 2021 ✗ ✗ Standard ML and DL Network attack, Brute NB, DT,SVM, Decentralized X-IIoTID Acc = 99.54
Algorithms force attack, Dictionary KNN, LR, GRU Pr = 97.20 R-Time
attack, Reverse shell, DNN Rc = 97.27 1049 ms
MitM attack F1 = 99.49
[63] 2021 ✓ ✗ Lock edge is a cloud-based DDoS (HTTP, TCP, NN, CNN, RNN, Hybrid BoT-IoT Acc = 99 CPU Usage
security system that UDP), DoS (HTTP, TCP, KNN, SVM, KNN, 400 to 2400/s
protects data at the UDP), server scanning, RF, DT,NN Attack Rate
EC

network's edge (Low- OS fingerprinting, 9.60 sample/s

Complexity Cyberattack keylogging, and data
Detection in IoT Edge espionage
Computing)
[198] 2021 ✗ ✗ Backdoor, Command AI, ML NIDS WUSTL- Acc = 99.98
Proposed a universal, injection IIOT, Acc – 99.24 T-Time
accurate, and well- NSL-KDD, Acc = 97.77 212.65s
RR

performing XAI model UNSW

called TRUST XAI, AI- NB-15
based trustworthy systems
for IIoT
[69] 2021 ✗ ✗ Proposed an IDS for IIoT Access control attacks, RF, LR, NB, DT, NIDS UNSW- Acc = 87.61 Test-Time
using the Genetic data corruption ET, XGB. NB15 VAC = 95.87 18.3 ms
Algorithm (GA) breaches, spoofing Rc = 98.34
attacks, DoS, DDoS, OS, Pr = 82.51
CO

Jamming attacks F1 = 89.73

Auc = 98
[92] 2021 ✗ ✗ Proposed a particle swarm Backdoor, Shellcode, LightGBM, NIDS UNSW- Acc = 86.68 Train Time
optimization-based and Worms OCSVM NB15 12.502 s
gradient descent (PSO- Test Time
LightGBM) for IDS. 0.048s
[164] 2020 ✓ ✗ The Federated Generative Poisoning Attacks Unsupervised Decentralized Drebin Acc = 97.96 —
Adversarial Network (F- GAN Genome,
GAN) and the Generative Contagio
Adversarial Network (GAN) (Android
malware)
(continued on next page)

23
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

Table 3 (continued)
Reference Year IDS approach Security threat ML/DL method Dataset Performance Time
FL- Blockchain Deployment metrics% complexity
Based IDS
IDS

[132] 2020 ✗ ✗ Create a collaborative IDS GPS spoofing attacks, DL, Bi-GAN, Hybrid KDD99 Acc = 96 – —
using deep learning and Sybil attacks, timing distributed SDN. NSL-KDD 98
SDN to detect abnormal attacks, wormhole Pr = 91- 95
network behaviors across attacks, DOS attacks, Rc = 91 – 96
the entire VANET hidden vehicle attacks F1 = 91 – 95
infrastructure. Auc = 97 –

F
98
[55] 2020 ✗ ✗ The study proposed an MitM attacks, Function DL-based Semi- NIDS Real-time Acc = 96.63 —
adaptive trust-boundary code injection, supervised Auc = 96

OO
protection model that uses Firmware modification Learning
deep-learning-based semi-
supervised approaches.
[15] 2020 ✗ ✗ ML and DL Methods in Scanning, DoS, DDoS, SVM, KNN, RF, Hybrid TON_IoT Acc = 88 Train Time
both binary and multi-class Ransomware, Backdoor, DT, LDA,NB,LR Pr = 90 6.308 s
classification problems for data injection, Cross-site Rc = 88 Test Time
intrusion detection Scripting (XSS), and F1 = 88 0.022
MitM
[123] 2019 ✓ ✗ Benign and Network Unsupervised Decentralized Private Acc = 98.2 T-Expr = 10

[197] 2019 ✗ ✗
FDL is used as autonomous
self-learning distributed
system for detecting
compromised IoT devices.

Carrying out the backdoor,

PR
Traffic Attacks

Buffer overflow, Code

injection, Improper
(FDL)
GRU

ML-based IDS NIDS

IoT
Smart
Home

Real-time Acc = 99.99

500/s
M-Time
7.0 ms

—
command injection, and input validation, SQL
SQL injection attacks on a injection attack,
system secured by an ML-
D
based anomaly detection
system.
[35] 2019 ✗ ✓ Random Subspace Learning Misrouting attacks, LSVM, Bayes Centralized Real-time Acc = 96.73 Training Time
(RSL), K-nearest neighbor Forged ICS commands, Network BN, NB- 3738 Instances
(KNN), and ensemble and SDN-related attacks K, KNN, KNN = 0.01–
TE

learning (EL) (KNN) AdaBoostM1, 0.01 s

Bagging, DT, RF Binary + M-
class
RSL-KNN=
0.05–0.5 s
Binary + M-
class
EC

[119] 2018 ✗ ✗ Feed-forward neural Network attacks, zero- Semi-Supervised Centralized NSL-KDD Acc =98.6 NSL-
network (FNN), semi- day attacks AE+FNN UNSW- Dr = 99 – 93 KDD = Train
supervised neural network NB15 Fpr = 1.8 – 0.13 s/100ep
(SNN), and auto-encoder 8.2 NSL-
(AE) (DFFNN) ROC = 98.4 – KDD = Test
92.5 0.06
UNSW-
15 = Train
RR

0.25–0.14 s/
100ep
UNSW-
15 = Test
0.01 s
[190] 2018 ✗ ✗ The proposed scheme MLP, DAE NIDS UNSW-NB Acc = 98.80
utilizes denoising F1 = 95 —
CO

autoencoders (DAE) Pr = 95.98

combined with a weighted Rc = 94.43
loss function and a
compact multilayer
perceptron (MLP) for
intrusion identification.

MR-Time: Mitigation Response Time, MD-Time: Mitigation Delay Time, R-Time: Response Time, T-Expr: Total Experiment, M-Time: Attack Mitigation Time, Bi-
nary + M-class: Binary and Multi-Class, Acc: Accuracy, PR: Precision, Rc: Recall, F1: F1-Score, Auc: Area Under Curve (ROC), s: Seconds,.
ms: Milliseconds.

network intrusion detection have to be considered for a robust, open,
and adaptive IDS ecosystem. In the following subsection, we present
our recommendation and guidelines recorded as a holistic research gap
from the literature for implementing a Blockchain-assisted federation of
intrusion detection systems (BF-NIDS).
6.1. Recommendation for blockchain and federated intrusion
detection systems
Based on our literature survey and the critical analysis of the re-
ported articles, we outlined the following pinnacle guidelines for
Blockchain and Federated Network Intrusion Detection System (BF-
NIDS):

24
S. Ali et al.
6.1.1. Define the objective and scope of the federation
Clearly define the objectives and scope of your NIDS, including the
types of network intrusions you aim to detect and the level of security
you want to achieve. This will help determine the system's appropriate
design and features [145]. Similarly, clearly define the scope of the fed-
eration, including the participating organizations, their roles, and the
level of information sharing and collaboration allowed. This step helps
establish trust and sets the foundation for effective communication and
cooperation.
F
6.1.2. Select a blockchain platform
Gain a solid understanding of blockchain technology, including its
underlying principles, consensus mechanisms, and smart contracts.
OO
This knowledge will help you design an effective and secure
blockchain-based NIDS. Furthermore, more importantly, choose a suit-
able blockchain platform that aligns with your requirements. Consider
factors such as scalability, consensus mechanism, security, develop-
ment community, and available smart contract capabilities. Popular
choices include Ethereum, Hyper ledger Fabric, and Corda [90].
6.1.3. Design of distributed NIDS architecture
nology in a federated learning setting. Consider the Sensor Nodes,
Blockchain Networks, Smart Contracts, Federated Learning Model Ag-
gregator, and User Interface [182].
PR
Develop a robust NIDS architecture that integrates blockchain tech-
6.1.4. Establish trust relationships
Establish trust relationships between participating organizations
D
and components of the architecture by defining policies, agreements,
and legal frameworks. It is important to ensure that the organizations
involved have a common understanding of security objectives, data
handling practices, and privacy concerns.
TE
6.1.5. Standardize data formats and protocols
To enable effective information sharing, standardize the data for-
mats, protocols, and interfaces used for communication between the
participating IDS systems. This allows for seamless integration and in-
EC
teroperability among different IDS platforms [131].
6.1.6. Define intrusion detection rules
Develop intrusion detection rules or signatures based on known at-
tack patterns, anomalies, or behavior-based techniques. These rules will
be used to detect and classify network intrusions.
RR
6.1.7. Data collection and storage
Determine how network traffic data will be collected and stored on
the blockchain. Consider the balance between data privacy and system
performance. You may choose to store aggregated metadata or
anonymized data while maintaining the original traffic details off-
chain.
CO
6.1.8. Feature selection and engineering
Identify relevant features that effectively differentiate between nor-
mal and malicious network traffic flows. Consider elements like desti-
nation and source IP addresses, port numbers, protocol types, payload
content, packet size, and packet header contents. If necessary, engineer
new features, such as calculating statistical properties or aggregating
information [145].
6.1.9. Model selection
In order to develop an effective network intrusion detection system,
it is crucial to select the most suitable machine learning algorithm.
There are several viable options available, including decision trees, ran-
dom forests, neural networks, deep neural networks, and deep rein-
forcement learning, among others. The selection of a model can also be
25
Ad Hoc Networks xxx (xxxx) 103320
influenced by the characteristics of your data capture available to the
federated clients, such as the number of features, sample size, and class
imbalance when selecting the model [2].
6.1.10. Integration and deployment
Integrate the trained model into your network infrastructure, ensur-
ing it can process incoming network traffic in real-time. Consider using
specialized hardware accelerators or distributed systems for efficient
processing in high-speed networks. Implement proper logging and
alerting mechanisms to notify security personnel in case of a detected
intrusion [115].
6.1.11. Define data sharing policies
Develop clear policies regarding what types of data will be shared,
at what level of detail, and with whom. Consider the sensitivity of the
data and privacy requirements, ensuring that personally identifiable in-
formation (PII) or sensitive data is appropriately protected [94].
6.1.12. Ensure data anonymization and privacy
Implement mechanisms to anonymize or pseudonymize sensitive
data before sharing it across the federation. This protects the privacy of
individuals and organizations while still allowing for effective analysis
and correlation of security events.
6.1.13. Establish a centralized management entity
Designate a central authority or management entity responsible for
coordinating the federation activities, managing the shared data, and
ensuring compliance with established policies and regulations. This en-
tity could also handle incident response coordination and facilitate par-
ticipant communication.
6.1.14. Share threat intelligence
Encourage the sharing of threat intelligence among participating or-
ganizations. This includes sharing information about emerging threats,
new attack vectors, and known indicators of compromise (IOCs).
Timely and effective sharing of threat intelligence improves the overall
security posture of the federation [102].
6.1.15. Collaborative analysis and response
Enable collaborative analysis and response capabilities among the
participating IDS systems. This can involve sharing aggregated analysis
results, collaborating on incident response efforts, and sharing remedia-
tion strategies and best practices [146].
6.1.16. Continuous monitoring and evaluation
Implement continuous monitoring and evaluation mechanisms to
assess the effectiveness of the individual component IDS and the whole
federation of network intrusion detection system. Regularly review the
federated system's performance, reliability, and security, and refine the
policies and procedures based on lessons learned and evolving threats
[146].
6.1.17. Compliance with legal and regulatory requirements
Ensure the federation of IDS meets all relevant legal and regulatory
requirements, it is essential to comply with data protection and privacy
laws, with GDPR (General Data Protection Regulation) being a crucial
consideration. Consider jurisdictional differences and cross-border
data-sharing restrictions while designing and operating the federation
[13]. Implementing a BF-NIDS requires careful planning, collaboration,
and adherence to established guidelines and best practices. By leverag-
ing multiple organizations' collective knowledge and resources, BF-
NIDS can significantly enhance the security and resilience of network
infrastructures.
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

6.1.18. Challenges and open issues
Developing a dependable detection system is one of the greatest
challenges regarding security in the IIoT. An important challenge is the
reliable and smooth IDS-based detection mechanism in the IIoT sys-
tems. The building previously recorded IIoT devices' network traffic
cannot ensure prevention against attacks in case of cold start or fresh
deployment. The literature discusses two primary solutions for prevent-
ing cyberattacks: IDS and IPS. Various intrusion detection models have
been assessed as part of the review work that has been conducted,
which analyses the IDS. We briefly review research challenges and open
data requires special attention in designing AI solutions to maintain ac-
ceptable performances.
6.4. Model heterogeneity
In traditional federated learning, , the success of training the global
machine learning model relies on participating mobile devices reaching
a consensus on a specific model. This enables the aggregation of model
weights obtained from mobile applications, contributing to effective
training. However, in practice, mobile devices and applications often

F
Blockchain and FL-enabled IDS issues in IIoT systems. customize their model architecture to suit their unique learning objec-
tives and application environments. Due to privacy concerns, mobile
6.2. Establishment of a trusted federation applications are hesitant to share the intricate details of their model ar-

OO
Generally, federated systems and networks are established under
the supervisory role of a centralized coordinator to manage the federa-
tion and its functions in a fairway. In other words, the centralized coor-
dinator work as a network fabric that interconnects all participating
nodes in the federation. However, the centralized network fabric has in-
trinsic issues such as single point failure, the privacy of the federation
chitectures. Consequently, the model architectures from various IDS ap-
plications exhibit diverse shapes and structures, posing challenges for
conventional federated learning's straightforward aggregation ap-
proach. The issue of model heterogeneity in distributed IDS has not re-
ceived significant attention so far. Nevertheless, based on our experi-
ence, we believe that investigating its practical implications is essential
for the development of intelligent federated IDS systems.

PR
participants' data available in the centralized coordinator, bias of the
centralized coordinator in conflict resolution among the federation par-
ticipants, and transparency of billing/incentives of the federation par-
ticipants.
Blockchain with the smart contract is a panacea to all the issues dis-
On the other hand, in a federated IDS setup with multiple IDS, each
IDS, as illustrated in Fig. 13 will be using a different type of machine
learning algorithm for network intrusion detection. Moreover, it is pos-
sible that each IDS may have its own preference for training its predic-
tive model using a distinct machine-learning algorithm. In this case, it
cussed owing to the fact that Blockchain possesses characteristics like is essential to adopt an ontology-driven autonomous interaction ap-
consensus, provenance, ownership, immutability, finality, and access proach between agents concerning intrusion detection and the machine
control of distributed ledgers. How to establish a trusted federation that learning algorithm selection.
D
employs Blockchain as a network fabric to establish, interconnect and
sustain distributed intrusion detection federation systems. 6.5. Ontologies for autonomous interaction of IDS agents
Volume of training data owned by participating intrusion de-
tection servers in the established federation. The IDS agents should utilize the ontological representation speci-
TE

In the best interest to better serve their customers and generate rev-
enue, security service providers are keen to gather and analyze the vast
amounts of network data generated by their users' devices and net-
works. However, there is a high cost in terms of central server process-
ing and storage for all of this collected data. Evidently, sharing and col-
EC
fied in ML-Schema [31] to represent and interchange information on
the ML/FL algorithms, datasets, and experiments that will be followed
in the IDS workflow. ML Schema is shown in Fig. 14 represents the ma-
chine learning algorithms, the machine learning tasks they address,
their implementations and executions, and inputs (e.g., data) and out-

lecting user data is limited due to the implementation of administrative puts (e.g., models) they specify. Representation of machine learning
and regulatory legislation, including the European General Data Protec- models through ontological schema enables the efficient discovery and
tion Regulation (GDPR), China's Cyber Security Law, and the United
States California Consumer Privacy Act. Due to the lack of available
training data, the performance of machine learning tasks for network
traffic categorization may be negatively impacted. In addition, the com-
mercial competition between different providers of security services is
RR

another factor that inhibits data sharing since it is also a fact that the
number of samples used for training would be insufficient to produce a
generalized model with these limitations in place.

6.3. Diversity in training data and models at industrial IoT

CO

The diversity results from taking into account how various machine
learning models that imply variety in the context of learning, activities
like classification, and regression that are subject to close supervision
are the primary focus. Contrarily, unsupervised activities include multi-
view learning tasks, online learning tasks, active learning tasks, rein-
forcement learning tasks, and semi-supervised or unsupervised tasks.
As a result, various learning activities necessitate distinct client/data
owner settings. Generally, another heterogeneity affects machine learn-
ing tasks, i.e., the data distribution of learning tasks. Due to the dynam-
ics of the federated IDS environment, the training data from varying in-
dustrial units and devices intrinsically exhibit the notion of statistical
heterogeneity, i.e., non-IID distributions. Nonetheless, there are a num-
ber of ways in which this data might be non-IID. One example is skew-
ness in the distribution of labels or features. Statistical heterogeneity in

Fig. 13. Model heterogeneity inherent in IDS.

26
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

F
OO
PR
D
TE

Fig. 14. ML Schema [31].

searching of potential participants of interest with the relevant dataset
and features for intrusion detection in the federation of intrusion detec-
tion systems governed through Blockchain. The ML-Schema published
by IDS in the federation is used as the characteristics for matchmaking
EC
firewall system need an hour to detect malicious and cyberattacks in
IIoT systems. We studied the new paradigm of integrated Blockchain
and Federated Learning-enabled approaches for Intrusion Detection in
IIoT Networks. We analyzed the IDS approaches, highlighting the diver-

and making trade decisions by the human seller agents behind the sity and complexity of approaches employed to tackle security threats
workers' mobile devices. in IoT and IIoT environments. Furthermore, we also presented a discus-
sion on the possible attacks on IIoT systems and recommendations for
6.6. Dynamic reconfiguration implementing Blockchain and FL-based IDS systems. In the future, we
plan to focus on a better cyberattack security solution considering the
Lack of adaptivity in automated systems has been a serious software recommendation and challenges outlined above for the IIoT IDS sys-
RR

industry problem over the years. Typical industrial applications such as tems to develop algorithms and methodologies to prevent attacks by us-
IDS consist of many lines of code, which are difficult to standardize the ing renewed datasets, i.e., NSLKDD, ToN_IoT, UNSWD, and X-IIoTID.
interfaces of IDS with other IDS servers in the federation. When a new
IDS system is started and IDS software is developed from scratch, Uncited references
knowledge about the data structures and control flow is sufficient to
build the working program. However, in-depth knowledge about the [84,86,93,124,163].
IDS software may fade away rapidly during the IDS program's lifetime.
CO

Particularly, the demand for IDS software changes may be high in a
changing environment. To fulfill the demand, developers often face a
difficult (if not impossible) task: to change incomprehensible lines of
code to maintain the IDS in the federations.
7. Conclusion
Integration of the internet of things (IoT) in the industrial internet of
things (IIoTs) has paved a tremendous way in the development and ad-
vancement of Industry 4.0. However, cybersecurity threats have
emerged as a significant stumbling block to the smooth implementation
of the industrial revolution brought on by the expanded and quick ex-
pansion of the smart industry throughout the world. A solid and holistic
system like Intrusion Detection & Intrusion Prevention and a traditional
Declaration of Competing Interest
The authors declare that they have no known competing financial
interests or personal relationships that could have appeared to influ-
ence the work reported in this paper.
The authors declare there is no conflict of interest whatsoever with
any party. Furthermore, our respective institutes are aware about the
submission of this work to the Journal of AdHoc Networks. Lastly, this
research does not involve any human subject.
Data availability
No data was used for the research described in the article.

27
S. Ali et al.
Supplementary materials
Supplementary material associated with this article can be found, in
the online version, at doi:10.1016/j.adhoc.2023.103320.
References
[1] M. Abdel-Basset, N. Moustafa, H. Hawash, Privacy-preserved cyberattack
detection in industrial edge of things (IEoT): a blockchain-orchestrated federated
learning approach, IEEE Transac. Industr. Inform (2022).
[2] G. Abdelmoumin, D.B. Rawat, A. Rahman, On the performance of machine
F
learning models for anomaly-based intelligent intrusion detection systems for the
internet of things, IEEE Internet Things J. 9 (6) (2021) 4280–4290.
[3] H.A. Abdul-Ghani, D. Konstantas, M. Mahyoub, A comprehensive IoT attacks
survey based on a building-blocked reference model, Int. J. Advanced. Computer
OO
Sci. Applic. 9 (3) (2018) 355–373.
[4] A. Abdullah, R. Hamad, M. Abdulrahman, H. Moala, S. Elkhediri,
CyberSecurity: a review of internet of things (IoT) security issues, challenges and
techniques, in: 2019 2nd International Conference on Computer Applications &
Information Security (ICCAIS), 2019.
[5] S. Agrawal, S. Sarkar, O. Aouedi, G. Yenduri, K. Piamrat, S. Bhattacharya,
P.K.R. Maddikunta, T.R. Gadekallu, Federated Learning For Intrusion Detection
system: Concepts, Challenges and Future Directions, arXiv preprint, 2021 arXiv:
2106.09527.
[6] A. Al-Abassi, H. Karimipour, A. Dehghantanha, R.M. Parizi, An ensemble deep
[7] M. Al-Hawawreh, F. Den Hartog, E. Sitnikova, Targeted ransomware: a new PR
learning-based cyber-attack detection in industrial control system, IEEE Access 8
(2020) 83965–83973.
cyber threat to edge system of brownfield industrial Internet of Things, IEEE
Internet Things J. 6 (4) (2019) 7137–7151.
[8] M. Al-Hawawreh, E. Sitnikova, N. Aboutorab, X-IIoTID: a connectivity-agnostic
and device-agnostic intrusion data set for industrial Internet of Things, IEEE
Internet Things J. 9 (5) (2021) 3962–3977.
[9] M.M. Alani, E. Damiani, U. Ghosh, DeepIIoT: an explainable deep learning
D
based intrusion detection system for industrial IOT, in: 2022 IEEE 42nd
International Conference on Distributed Computing Systems Workshops
(ICDCSW), 2022.
[10] A. Aldweesh, A. Derhab, A.Z. Emam, Deep learning approaches for anomaly-
based intrusion detection systems: a survey, taxonomy, and open issues, Knowl.
TE
Based Syst 189 (2020) 105124.
[11] M. Aledhari, R. Razzak, R.M. Parizi, F. Saeed, Federated learning: a survey on
enabling technologies, protocols, and applications, IEEE Access 8 (2020)
140699–140725.
[12] N. Alexopoulos, E. Vasilomanolakis, N.R. Ivánkó, M. Mühlhäuser, Towards
blockchain-based collaborative intrusion detection systems, in: International
Conference on Critical Information Infrastructures Security, 2017.
[13] M. Ali, H. Karimipour, M. Tariq, Integration of blockchain and federated
EC
learning for Internet of Things: recent advances and future challenges, Computers
Secur. 108 (2021) 102355.
[14] M.S. Ali, M. Vecchio, M. Pincheira, K. Dolui, F. Antonelli, M.H. Rehmani,
Applications of blockchains in the Internet of Things: a comprehensive survey,
IEEE Commun. Surveys Tutor. 21 (2) (2018) 1676–1717.
[15] A. Alsaedi, N. Moustafa, Z. Tari, A. Mahmood, A. Anwar, TON_IoT telemetry
dataset: a new generation dataset of IoT and IIoT for data-driven intrusion
detection systems, IEEE Access 8 (2020) 165130–165150.
RR
[16] J.J. Anthraper, J. Kotak, Security, privacy and forensic concern of MQTT
protocol, in: Proceedings of International Conference on Sustainable Computing
in Science, Technology and Management (SUSCOM), Amity University Rajasthan,
Jaipur-India, 2019.
[17] Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J.,
Durumeric, Z., Halderman, J.A., Invernizzi, L., & Kallitsis, M. (2017).
Understanding the mirai botnet. 26th USENIX security symposium (USENIX
Security 17),
[18] E. Aydogan, S. Yilmaz, S. Sen, I. Butun, S. Forsström, M. Gidlund, A central
CO
intrusion detection system for rpl-based industrial internet of things, in: 2019
15th IEEE International Workshop on Factory Communication Systems (WFCS),
2019.
[19] B. Bera, S. Saha, A.K. Das, A.V. Vasilakos, Designing blockchain-based access
control protocol in iot-enabled smart-grid system, IEEE Internet Things J. 8 (7)
(2020) 5744–5761.
[20] D. Berdik, S. Otoum, N. Schmidt, D. Porter, Y. Jararweh, A survey on blockchain
for information systems management and security, Inf. Process. Manag 58 (1)
(2021) 102397.
[21] U. Bodkhe, S. Tanwar, K. Parekh, P. Khanpara, S. Tyagi, N. Kumar, M. Alazab,
Blockchain for industry 4.0: a comprehensive review, IEEE Access 8 (2020)
79764–79800.
[22] K. Bonawitz, H. Eichner, W. Grieskamp, D. Huba, A. Ingerman, V. Ivanov, C.
Kiddon, J. Konečný, S. Mazzocchi, B. McMahan, Towards federated learning at
scale: system design, Proc. Mach. Learning Syst. 1 (2019) 374–388.
[23] P. Boopalan, S.P. Ramu, Q.-V. Pham, K. Dev, P.K.R. Maddikunta, T.R.
Gadekallu, T. Huynh-The, Fusion of Federated Learning and Industrial Internet of
Things: A survey, Computer Networks, 2022 109048.
[24] B. Bostami, M. Ahmed, S. Choudhury, False data injection attacks in internet of
things, in: Performability in internet of things, 2019, pp. 47–58.
28
Ad Hoc Networks xxx (xxxx) 103320
[25] H. Boyes, B. Hallaq, J. Cunningham, T. Watson, The industrial internet of things
(IIoT): an analysis framework, Comp. Industry 101 (2018) 1–12.
[26] E.M. Campos, P.F. Saura, A. González-Vidal, J.L. Hernández-Ramos, J.B.
Bernabé, G. Baldini, A. Skarmeta, Evaluating Federated Learning for intrusion
detection in Internet of Things: review and challenges, Comp. Networks 203
(2022) 108661.
[27] N. Chandolikar, V. Nandavadekar, Efficient algorithm for intrusion attack
classification by analyzing KDD Cup 99, in: 2012 Ninth International Conference
on Wireless and Optical Communications Networks (WOCN), 2012.
[28] R. Chapaneri, S. Shah, A comprehensive survey of machine learning-based
network intrusion detection, in: Smart Intelligent Computing and Applications,
2019, pp. 345–356.
[29] S. Chavhan, R.A. Kulkarni, A.R. Zilpe, Smart sensors for IIoT in autonomous
vehicles, in: Smart Sensors for Industrial Internet of Things: Challenges, Solutions
and Applications, 2021, pp. 51–61.
[30] Z. Chen, N. Lv, P. Liu, Y. Fang, K. Chen, W. Pan, Intrusion detection for wireless
edge networks based on federated learning, IEEE Access 8 (2020)
217463–217472.
[31] G. Correa Publio, D. Esteves, A. Ławrynowicz, P. Panov, L. Soldatova, T. Soru, J.
Vanschoren, H. Zafar, ML-Schema: Exposing the Semantics of Machine Learning
With Schemas and Ontologies, arXiv e-prints, 2018 arXiv: 1807.05351.
[32] K.A. da Costa, J.P. Papa, C.O. Lisboa, R. Munoz, V.H.C. de Albuquerque,
Internet of Things: a survey on machine learning-based intrusion detection
approaches, Comp. Networks 151 (2019) 147–157.
[33] H.-N. Dai, Z. Zheng, Y. Zhang, Blockchain for Internet of Things: a survey, IEEE
Internet Things J. 6 (5) (2019) 8076–8094.
[34] L.R. Darwish, M.M. Farag, M.T. El-Wakad, Towards reinforcing healthcare 4.0:
a green real-time iiot scheduling and nesting architecture for COVID-19 large-
scale 3d printing tasks, IEEE Access 8 (2020) 213916–213927.
[35] A. Derhab, M. Guerroumi, A. Gumaei, L. Maglaras, M.A. Ferrag, M. Mukherjee,
F.A. Khan, Blockchain and random subspace learning-based IDS for SDN-enabled
industrial IoT security, Sensors 19 (14) (2019) 3119.
[36] A.S. Dina, A. Siddique, D. Manivannan, A deep learning approach for intrusion
detection in Internet of Things using focal loss function, IoT 22 (2023) 100699.
[37] W. Ding, M. Abdel-Basset, R. Mohamed, DeepAK-IoT: an effective deep learning
model for cyberattack detection in IoT networks, Inf. Sci. 634 (2023) 157–171.
[38] Y. Dong, X. Chen, L. Shen, D. Wang, EaSTFLy: efficient and secure ternary
federated learning, Computers Secur. 94 (2020) 101824.
[39] M. Douiba, S. Benkirane, A. Guezzaz, M. Azrour, An improved anomaly
detection model for IoT security using decision tree and gradient boosting, J.
Supercomput 79 (3) (2023) 3392–3411.
[40] A. Drewek-Ossowicka, M. Pietrołaj, J. Rumiński, A survey of neural networks
usage for intrusion detection systems, J. Ambient. Intell. Humaniz. Comput 12 (1)
(2021) 497–514.
[41] G. Falco, C. Caldera, H. Shrobe, IIoT cybersecurity risk modeling for SCADA
systems, IEEE Internet Things J. 5 (6) (2018) 4486–4495.
[42] Y. Fan, Y. Li, M. Zhan, H. Cui, Y. Zhang, Iotdefender: a federated transfer
learning intrusion detection framework for 5 g IoT, in: 2020 IEEE 14th
International Conference on Big Data Science and Engineering (BigDataSE), 2020.
[43] M.A. Ferrag, M. Derdour, M. Mukherjee, A. Derhab, L. Maglaras, H. Janicke,
Blockchain technologies for the internet of things: research issues and challenges,
IEEE Internet Things J. 6 (2) (2018) 2188–2204.
[44] M.A. Ferrag, O. Friha, D. Hamouda, L. Maglaras, H. Janicke, Edge-IIoTset: a
new comprehensive realistic cyber security dataset of IoT and IIoT applications
for centralized and federated learning, IEEE Access 10 (2022) 40281–40306.
[45] M.A. Ferrag, O. Friha, L. Maglaras, H. Janicke, L. Shu, Federated deep learning
for cyber security in the internet of things: concepts, applications, and
experimental analysis, IEEE Access 9 (2021) 138509–138542.
[46] M.A. Ferrag, L. Shu, The performance evaluation of blockchain-based security
and privacy systems for the Internet of Things: a tutorial, IEEE Internet Things J. 8
(24) (2021) 17236–17260.
[47] N. Garcia, T. Alcaniz, A. González-Vidal, J.B. Bernabe, D. Rivera, A. Skarmeta,
Distributed real-time slowDoS attacks detection over encrypted traffic using
artificial intelligence, J. Network. Computer Applic. 173 (2021) 102871.
[48] M. Ge, N.F. Syed, X. Fu, Z. Baig, A. Robles-Kelly, Towards a deep learning-
driven intrusion detection approach for Internet of Things, Computer Networks
186 (2021) 107784.
[49] T. Gebremichael, L.P. Ledwaba, M.H. Eldefrawy, G.P. Hancke, N. Pereira, M.
Gidlund, J. Akerberg, Security and privacy in the industrial internet of things:
current standards and future challenges, IEEE Access 8 (2020) 152351–152366.
[50] R. Geetha, A. Suntheya, G.U. Srikanth, Cloud integrated iot enabled sensor
network security: research issues and solutions, Wireless. Personal Commun. 113
(2020) 747–771.
[51] B. Ghimire, D.B. Rawat, Recent advances on federated learning for
cybersecurity and cybersecurity for federated learning for internet of things, IEEE
Internet Things J. 9 (11) (2022) 8229–8249.
[52] S. Hajiheidari, K. Wakil, M. Badri, N.J. Navimipour, Intrusion detection systems
in the Internet of things: a comprehensive investigation, Comp. Networks 160
(2019) 165–191.
[53] D. Hamouda, M.A. Ferrag, N. Benhamida, H. Seridi, Intrusion detection systems
for Industrial Internet of Things: a Survey, in: 2021 International Conference on
Theoretical and Applicative Aspects of Computer Science (ICTAACS), 2021.
[54] M.M. Hasan, H.T. Mouftah, Optimal trust system placement in smart grid
SCADA networks, IEEE Access 4 (2016) 2907–2919.
[55] M.M. Hassan, S. Huda, S. Sharmeen, J. Abawajy, G. Fortino, An adaptive trust
boundary protection for IIoT networks using deep-learning feature-extraction-
S. Ali et al.
based semisupervised model, IEEE Transac. Industr. Inform. 17 (4) (2020)
2860–2870.
[56] M.U. Hassan, M.H. Rehmani, J. Chen, Privacy preservation in blockchain based
IoT systems: integration issues, prospects, challenges, and future research
directions, Future Generation Computer Syst. 97 (2019) 512–529.
[57] V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, B. Sikdar, A survey on IoT
security: application areas, security threats, and solution architectures, IEEE
Access 7 (2019) 82721–82743.
[58] C. Hazman, A. Guezzaz, S. Benkirane, M. Azrour, lIDS-SIoEL: Intrusion
Detection Framework For IoT-based smart Environments Security Using Ensemble
Learning, Cluster Computing, 2022, pp. 1–15.
[59] X. Hei, X. Yin, Y. Wang, J. Ren, L. Zhu, A trusted feature aggregator federated
learning for distributed malicious attack detection, Computers Secur. 99 (2020)
F
102033.
[60] B. Hitaj, G. Ateniese, F. Perez-Cruz, Deep models under the GAN: information
leakage from collaborative deep learning, in: Proceedings of the 2017 ACM
SIGSAC conference on computer and communications security, 2017.
OO
[61] Z.E. Huma, S. Latif, J. Ahmad, Z. Idrees, A. Ibrar, Z. Zou, F. Alqahtani, F.
Baothman, A Hybrid Deep Random Neural Network For Cyberattack Detection in
the Industrial Internet of Things, 9, IEEE Access, 2021, pp. 55595–55605.
[62] R. Huo, S. Zeng, Z. Wang, J. Shang, W. Chen, T. Huang, S. Wang, F.R. Yu, Y. Liu,
A Comprehensive Survey On Blockchain in Industrial Internet of things:
Motivations, Research progresses, and Future Challenges, IEEE Communications
Surveys & Tutorials, 2022.
[63] T.T. Huong, T.P. Bac, D.M. Long, B.D. Thang, N.T. Binh, T.D. Luong, T.K. Phuc,
Lockedge: Low-complexity cyberattack Detection in Iot Edge Computing, 9, IEEE
[64]
[65]
Access, 2021, pp. 29696–29710.
A. Jalalirad, M. Scavuzzo, C. Capota, M. Sprague, A simple and efficient
federated recommender system, in: Proceedings of the 6th IEEE/ACM
international conference on big data computing, applications and technologies,
2019.
B. Jia, Y. Liang, Anti-D chain: a lightweight DDoS attack detection scheme
based on heterogeneous ensemble learning in blockchain, China Commun. 17 (9)
PR
(2020) 11–24.
[66] B. Jia, X. Zhang, J. Liu, Y. Zhang, K. Huang, Y. Liang, Blockchain-enabled
federated learning data protection aggregation scheme with differential privacy
D
and homomorphic encryption in IIoT, IEEE Transac. Industr. Inform. 18 (6)
(2021) 4049–4058.
[67] Y. Jiang, Y. Zhou, D. Wu, C. Li, Y. Wang, On the detection of shilling attacks in
federated collaborative filtering, in: 2020 International Symposium on Reliable
Distributed Systems (SRDS), 2020.
TE
[68] P. Kairouz, H.B. McMahan, B. Avent, A. Bellet, M. Bennis, A.N. Bhagoji, K.
Bonawitz, Z. Charles, G. Cormode, R. Cummings, Advances and open problems in
federated learning, Found. Trends® Mach. Learning 14 (1–2) (2021) 1–210.
[69] S.M. Kasongo, An advanced intrusion detection system for IIoT based on GA and
tree based algorithms, IEEE Access 9 (2021) 113199–113212.
[70] H.G. Kayacik, A.N. Zincir-Heywood, M.I. Heywood, Selecting features for
intrusion detection: a feature relevance analysis on KDD 99 intrusion detection
datasets, in: Proceedings of the third annual conference on privacy, security and
EC
trust, 2005.
[71] L.U. Khan, S.R. Pandey, N.H. Tran, W. Saad, Z. Han, M.N. Nguyen, C.S. Hong,
Federated learning for edge networks: resource optimization and incentive
mechanism, IEEE Commun.. Magaz. 58 (10) (2020) 88–93.
[72] M.A. Khan, K. Salah, IoT security: review, blockchain solutions, and open
challenges, Future Generation Computer Syst. 82 (2018) 395–411.
[73] A. Khraisat, A. Alazab, A critical review of intrusion detection systems in the
internet of things: techniques, deployment strategy, validation strategy, attacks,
RR
public datasets and challenges, Cybersecurity 4 (1) (2021) 1–27.
[74] S. Kim, H. Cai, C. Hua, P. Gu, W. Xu, J. Park, Collaborative anomaly detection
for internet of things based on federated learning, in: 2020 IEEE/CIC International
Conference on Communications in China (ICCC), 2020.
[75] N. Koroniotis, N. Moustafa, E. Sitnikova, B. Turnbull, Towards the development
of realistic botnet dataset in the internet of things for network forensic analytics:
bot-iot dataset, Future Generation Computer Syst. 100 (2019) 779–796.
[76] S. Kumar, S. Sahoo, A. Mahapatra, A.K. Swain, K.K. Mahapatra, Security
enhancements to system on chip devices for IoT perception layer, in: 2017 IEEE
CO
International Symposium on Nanoelectronic and Information Systems, iNIS, 2017.
[77] Y. Lalle, M. Fourati, L.C. Fourati, J.P. Barraca, A Hierarchical Clustering
Federated Learning-Based Blockchain Scheme For Privacy-Preserving in Water
Demand Prediction, Available at SSRN, 2021 4108575.
[78] S. Latif, Z. Idrees, Z. Zou, J. Ahmad, DRaNN: a deep random neural network
model for intrusion detection in industrial IoT, in: 2020 International Conference
on UK-China Emerging Technologies (UCET), 2020.
[79] L. Lavaur, M.-O. Pahl, Y. Busnel, F. Autrel, The evolution of federated learning-
based intrusion detection and mitigation: a survey, IEEE Transact. Network
Service Manag. 19 (3) (2022) 2309–2332.
[80] S.-H. Lee, Y.-L. Shiue, C.-H. Cheng, Y.-H. Li, Y.-F. Huang, Detection and
prevention of DDoS attacks on the IoT, Appl. Sci. 12 (23) (2022) 12407.
[81] B. Li, Y. Wu, J. Song, R. Lu, T. Li, L. Zhao, DeepFed: federated deep learning for
intrusion detection in industrial cyber–physical systems, IEEE Transac. Industr.
Inform. 17 (8) (2020) 5615–5624.
[82] J. Li, L. Lyu, X. Liu, X. Zhang, X. Lyu, FLEAM: a federated learning empowered
architecture to mitigate DDoS in industrial IoT, IEEE Transac. Industr. Inform. 18
(6) (2021) 4059–4068.
[83] R. Li, T. Song, B. Mei, H. Li, X. Cheng, L. Sun, Blockchain for large-scale internet
of things data storage and protection, IEEE Transac. Services Comput. 12 (5)
29
Ad Hoc Networks xxx (xxxx) 103320
(2018) 762–771.
[84] T. Li, A.K. Sahu, A. Talwalkar, V. Smith, Federated learning: challenges,
methods, and future directions, IEEE Signal Process. Mag 37 (3) (2020) 50–60.
[85] W. Li, S. Tug, W. Meng, Y. Wang, Designing collaborative blockchained
signature-based intrusion detection in IoT environments, Future Generation
Computer Syst. 96 (2019) 481–489.
[86] Z. Li, J. Liu, J. Hao, H. Wang, M. Xian, CrowdSFL: a secure crowd computing
framework based on blockchain and federated learning, Electronics (5) (2020)
773.
[87] C. Liang, B. Shanmugam, S. Azam, A. Karim, A. Islam, M. Zamani, S.
Kavianpour, N.B. Idris, Intrusion detection system for the internet of things based
on blockchain and multi-agent systems, Electronics 9 (7) (2020) 1120.
[88] C.-H. Liao, H.-H. Shuai, L.-C. Wang, Eavesdropping prevention for
heterogeneous Internet of Things systems, in: 2018 15th IEEE Annual Consumer
Communications & Networking Conference, CCNC, 2018.
[89] W.Y.B. Lim, N.C. Luong, D.T. Hoang, Y. Jiao, Y.-C. Liang, Q. Yang, D. Niyato, C.
Miao, Federated learning in mobile edge networks: a comprehensive survey, IEEE
Commun. Surveys Tutor. 22 (3) (2020) 2031–2063.
[90] C.H. Liu, Q. Lin, S. Wen, Blockchain-enabled data collection and sharing for
industrial IoT with deep reinforcement learning, IEEE Transac. Industr. Inform. 15
(6) (2018) 3516–3526.
[91] H. Liu, B. Lang, Machine learning and deep learning methods for intrusion
detection systems: a survey, Appl. Sci. 9 (20) (2019) 4396.
[92] J. Liu, D. Yang, M. Lian, M. Li, Research on intrusion detection based on particle
swarm optimization in IoT, IEEE Access 9 (2021) 38254–38268.
[93] Y. Liu, J. Wang, J. Li, S. Niu, H. Song, Machine learning for the detection and
identification of internet of things devices: a survey, IEEE Internet Things J. 9 (1)
(2021) 298–320.
[94] Y. Lu, X. Huang, Y. Dai, S. Maharjan, Y. Zhang, Blockchain and federated
learning for privacy-preserved data sharing in industrial IoT, IEEE Transac.
Industr. Inform. 16 (6) (2019) 4177–4186.
[95] L. Lv, W. Wang, Z. Zhang, X. Liu, A novel intrusion detection system based on an
optimal hybrid kernel extreme learning machine, Knowl. Based Syst 195 (2020)
105648.
[96] Z. Ma, J. Ma, Y. Miao, X. Liu, K.-K.R. Choo, R. Deng, Pocket diagnosis: secure
federated learning against poisoning attack in the cloud, IEEE Transac. Services
Comput. (2021).
[97] N. Magaia, R. Fonseca, K. Muhammad, A.H.F.N. Segundo, A.V.L. Neto, V.H.C.
de Albuquerque, Industrial internet-of-things security enhanced with deep
learning approaches for smart cities, IEEE Internet Things J. 8 (8) (2020)
6393–6405.
[98] A. Makkar, T.W. Kim, A.K. Singh, J. Kang, J.H. Park, SecureIIoT Environment:
federated Learning empowered approach for Securing IIoT from Data Breach,
IEEE Transac. Industr. Inform. (2022).
[99] P. Mann, N. Tyagi, S. Gautam, A. Rana, Classification of various types of attacks
in IoT environment, in: 2020 12th International Conference on Computational
Intelligence and Communication Networks, CICN, 2020.
[100] R.F. Mansour, Blockchain assisted clustering with intrusion detection system for
Industrial Internet of Things environment, Expert. Syst. Appl 207 (2022) 117995.
[101] S.S. Mathew, K. Hayawi, N.A. Dawit, I. Taleb, Z. Trabelsi, Integration of
Blockchain and Collaborative Intrusion Detection For Secure Data Transactions in
Industrial IoT: a Survey, Cluster Computing, 2022, pp. 1–21.
[102] V. Mavroeidis, S. Bromander, Cyber threat intelligence model: an evaluation of
taxonomies, sharing standards, and ontologies within cyber threat intelligence, in:
2017 European Intelligence and Security Informatics Conference, EISIC, 2017.
[103] J. McHugh, Testing intrusion detection systems: a critique of the 1998 and 1999
darpa intrusion detection system evaluations as performed by lincoln laboratory,
ACM. TISSEC 3 (4) (2000) 262–294.
[104] B. McMahan, E. Moore, D. Ramage, S. Hampson, B.A. y Arcas, Communication-
efficient learning of deep networks from decentralized data, Artificial Intellig.
Statis. (2017).
[105] L. Melis, C. Song, E. De Cristofaro, V. Shmatikov, Exploiting unintended feature
leakage in collaborative learning, in: 2019 IEEE symposium on security and
privacy (SP), 2019.
[106] W. Meng, E.W. Tischhauser, Q. Wang, Y. Wang, J. Han, When intrusion
detection meets blockchain technology: a review, IEEE Access 6 (2018)
10179–10188.
[107] N. Mishra, S. Pandya, Internet of things applications, security challenges,
attacks, intrusion detection, and future visions: a systematic review, IEEE Access 9
(2021) 59353–59377.
[108] P. Mishra, S.K. Yadav, R.K. Sachdeva, A. Kishor, Novel lightweight interactive
IoT end device architecture with tight security intelligence confidentiality,
integrity, authenticity and availability, Int. J. Syst. Assurance Engin. Manag. 13
(1) (2022) 212–224 Suppl.
[109] B.K. Mohanta, D. Jena, S. Ramasubbareddy, M. Daneshmand, A.H. Gandomi,
Addressing security and privacy issues of IoT using blockchain technology, IEEE
Internet Things J. 8 (2) (2020) 881–888.
[110] M. Mohy-eddine, A. Guezzaz, S. Benkirane, M. Azrour, An effective intrusion
detection approach based on ensemble learning for IIoT edge computing, J.
Computer Virol. Hacking Techniq. (2022) 1–13.
[111] M. Mohy-eddine, A. Guezzaz, S. Benkirane, M. Azrour, An Efficient Network
Intrusion Detection Model For IoT Security Using K-NN Classifier and Feature
Selection, Multimedia Tools and Applications, 2023, pp. 1–19.
[112] A.A. Monrat, O. Schelén, K. Andersson, A survey of blockchain from the
perspectives of applications, challenges, and opportunities, IEEE Access 7 (2019)
117134–117151.
S. Ali et al.
[113] V. Mothukuri, P. Khare, R.M. Parizi, S. Pouriyeh, A. Dehghantanha, G.
Srivastava, Federated-Learning-Based Anomaly Detection for IoT Security
Attacks, IEEE Internet Things J. 9 (4) (2021) 2545–2554.
[114] H. Mouratidis, V. Diamantopoulou, A security analysis method for industrial
Internet of Things, IEEE Transac. Industr. Inform. 14 (9) (2018) 4093–4100.
[115] D. Mourtzis, J. Angelopoulos, N. Panopoulos, Blockchain integration in the era
of industrial metaverse, Appl. Sci. 13 (3) (2023) 1353.
[116] N. Moustafa, A new distributed architecture for evaluating AI-based security
systems at the edge: network TON_IoT datasets, Sustainable. Cities. and. Society
72 (2021) 102994.
[117] N. Moustafa, J. Slay, UNSW-NB15: a comprehensive data set for network
intrusion detection systems (UNSW-NB15 network data set), in: 2015 military
communications and information systems conference (MilCIS), 2015.
F
[118] N.I. Mowla, N.H. Tran, I. Doh, K. Chae, Federated learning-based cognitive
detection of jamming attack in flying ad-hoc network, IEEE Access 8 (2019)
4338–4350.
[119] A.-H. Muna, N. Moustafa, E. Sitnikova, Identification of malicious activities in
OO
industrial internet of things based on deep learning models, J. Inform. Secur.
Applic. 41 (2018) 1–11.
[120] S. Nakamoto, Bitcoin: a peer-to-peer electronic cash system, Decentral. Busin.
Rev. (2008) 21260.
[121] D.C. Nguyen, M. Ding, P.N. Pathirana, A. Seneviratne, J. Li, D. Niyato, H.V.
Poor, Federated Learning For Industrial Internet of Things in Future Industries,
28, IEEE Wireless Communications, 2021, pp. 192–199.
[122] D.C. Nguyen, M. Ding, Q.-V. Pham, P.N. Pathirana, L.B. Le, A. Seneviratne, J. Li,
D. Niyato, H.V. Poor, Federated learning meets blockchain in edge computing:
[123] T.D. Nguyen, S. Marchal, M. Miettinen, H. Fereidooni, N. Asokan, A.-R.
2019 IEEE 39th International conference on distributed computing systems
(ICDCS), 2019.
[124] T.G. Nguyen, T.V. Phan, B.T. Nguyen, C. So-In, Z.A. Baig, S. Sanguanpong,
PR
opportunities and challenges, IEEE Internet Things J. 8 (16) (2021) 12806–12825.
Sadeghi, DÏoT: a federated self-learning anomaly detection system for IoT, in:
Search: a collaborative and intelligent nids architecture for sdn-based cloud iot
networks, IEEE Access 7 (2019) 107678–107694.
[125] M. Nuaimi, L.C. Fourati, B.B. Hamed, Intelligent approaches toward intrusion
detection systems for Industrial Internet of Things: a systematic comprehensive
D
review, J. Network. Computer Applic. (2023) 103637.
[126] Q.-V. Pham, K. Dev, P.K.R. Maddikunta, T.R. Gadekallu, T. Huynh-The, Fusion
of Federated Learning and Industrial Internet of Things: A survey, arXiv preprint.,
2021 arXiv:2101.00798.
[127] F. Piccialli, N. Bessis, E. Cambria, Guest editorial: industrial internet of things:
TE
where are we and what is next? IEEE Transac. Industr. Inform. 17 (11) (2021)
7700–7703.
[128] D. Preuveneers, V. Rimmer, I. Tsingenopoulos, J. Spooren, W. Joosen, E. Ilie-
Zudor, Chained anomaly detection models for federated learning: an intrusion
detection case study, Appl. Sci. 8 (12) (2018) 2663.
[129] C. Profentzas, M. Günes, Y. Nikolakopoulos, O. Landsiedel, M. Almgren,
Performance of secure boot in embedded systems, in: 2019 15th International
Conference on Distributed Computing in Sensor Systems (DCOSS), 2019.
EC
[130] S. Pundir, M. Wazid, D.P. Singh, A.K. Das, J.J. Rodrigues, Y. Park, Intrusion
detection protocols in wireless sensor networks integrated to Internet of Things
deployment: survey and future challenges, IEEE Access 8 (2019) 3343–3363.
[131] Y. Qin, M. Kondo, Federated learning-based network intrusion detection with a
feature selection approach, in: 2021 International Conference on Electrical,
Communication, and Computer Engineering, ICECCE, 2021.
[132] S.A. Rahman, H. Tout, C. Talhi, A. Mourad, Internet of things intrusion
detection: centralized, on-device, or federated learning? IEEE Netw 34 (6) (2020)
RR
310–317.
[133] Raja, K., Karthikeyan, K., Abilash, B., Dev, K., & Raja, G. (2021). Deep learning
based attack detection in IIoT using two-level intrusion detection system.
[134] A. Rajan, J. Jithish, S. Sankaran, Sybil Attack in IOT: Modelling and defenses.
2017 International conference On Advances in computing, Communications and
Informatics, ICACCI, 2017.
[135] M.G. Raman, N. Somu, K. Kirthivasan, V.S. Sriram, A hypergraph and
arithmetic residue-based probabilistic neural network for classification in
intrusion detection systems, Neural. Networks 92 (2017) 89–97.
CO
[136] B.T. Rao, V.L. Narayana, V. Pavani, P. Anusha, Use of blockchain in malicious
activity detection for improving security, Int. J. Advanced. Sci. Technol. 29 (3)
(2020) 9135–9146.
[137] A. Raoof, A. Matrawy, C.-H. Lung, Routing attacks and mitigation methods for
RPL-based Internet of Things, IEEE Commun. Surveys Tutor. 21 (2) (2018)
1582–1606.
[138] G. Rathee, S.D. Gupta, N. Jaglan, A review on blockchain and its necessitate in
industrial IoT, Innov. Computer Sci. Engin. (2020) 207–214.
[139] S. Rathore, B.W. Kwon, J.H. Park, BlockSecIoTNet: blockchain-based
decentralized security architecture for IoT network, J. Network. Computer Applic.
143 (2019) 167–177.
[140] V. Rey, P.M.S. Sánchez, A.H. Celdrán, G. Bovet, Federated learning for malware
detection in iot devices, Comp. Networks 204 (2022) 108693.
[141] A. Reyna, C. Martín, J. Chen, E. Soler, M. Díaz, On blockchain and its
integration with IoT. Challenges and opportunities, Future Generation Computer
Syst. 88 (2018) 173–190.
[142] L. Santos, R. Gonçalves, C. Rabadao, J. Martins, A Flow-Based Intrusion
Detection Framework For Internet of Things Networks, Cluster Computing, 2021,
pp. 1–21.
[143] L. Santos, C. Rabadao, R. Gonçalves, Intrusion detection systems in Internet of
30
Ad Hoc Networks xxx (xxxx) 103320
Things: a literature review, in: 2018 13th Iberian Conference on Information
Systems and Technologies (CISTI), 2018.
[144] Y.M. Saputra, D.T. Hoang, D.N. Nguyen, E. Dutkiewicz, M.D. Mueck, S.
Srikanteswara, Energy demand prediction with federated learning for electric
vehicle networks, in: 2019 IEEE global communications conference
(GLOBECOM), 2019.
[145] M. Sarhan, S. Layeghy, M. Portmann, Feature Analysis For Machine Learning-
Based IoT Intrusion Detection, arXiv preprint., 2021 arXiv:2108.12732.
[146] M. Sarhan, W.W. Lo, S. Layeghy, M. Portmann, HBFL: a hierarchical
blockchain-based federated learning framework for collaborative IoT intrusion
detection, Computers Electr. Engin. 103 (2022) 108379.
[147] R.A. Sater, A.B. Hamza, A federated learning approach to anomaly detection in
smart buildings, ACM. Transac. Internet Things 2 (4) (2021) 1–23.
[148] J. Sengupta, S. Ruj, S.D. Bit, A comprehensive survey on attacks, security issues
and blockchain solutions for IoT and IIoT, J. Network. Computer Applic. 149
(2020) 102481.
[149] M. Serror, S. Hack, M. Henze, M. Schuba, K. Wehrle, Challenges and
opportunities in securing the industrial internet of things, IEEE Transac. Industr.
Inform. 17 (5) (2020) 2985–2996.
[150] K. Sethi, E. Sai Rupesh, R. Kumar, P. Bera, Y. Venu Madhav, A context-aware
robust intrusion detection system: a reinforcement learning-based approach, Int.
J. Inform. Secur. 19 (6) (2020) 657–678.
[151] S. Shapsough, F. Aloul, I.A. Zualkernan, Securing low-resource edge devices for
IoT systems, in: 2018 International Symposium in Sensing and Instrumentation in
IoT Era (ISSI), 2018.
[152] I. Sharafaldin, A.H. Lashkari, A.A. Ghorbani, Toward generating a new
[153]
[154]
intrusion detection dataset and intrusion traffic characterization, ICISS. p 1
(2018) 108–116.
B. Shen, J. Guo, Y. Yang, MedChain: efficient healthcare data sharing via
blockchain, Appl. Sci. 9 (6) (2019) 1207.
J. Shu, L. Zhou, W. Zhang, X. Du, M. Guizani, Collaborative intrusion detection
for VANETs: a deep learning-based distributed SDN approach, IEEE Transac.
Intell. Transpor. Syst. 22 (7) (2020) 4519–4530.
[155] M. Shuaib, N. Hafizah Hassan, S. Usman, S. Alam, S. Bhatia, D. Koundal, A.
Mashat, A. Belay, Identity Model For Blockchain-Based Land Registry system: A
comparison, Wireless Communications and Mobile Computing, 2022, p. 2022.
[156] S. Siboni, V. Sachidananda, Y. Meidan, M. Bohadana, Y. Mathov, S. Bhairav, A.
Shabtai, Y. Elovici, Security testbed for Internet-of-Things devices, IEEE Transac.
Reliab. 68 (1) (2019) 23–44.
[157] M. Signorini, M. Pontecorvi, W. Kanoun, R. Di Pietro, BAD: a blockchain
anomaly detection solution, IEEE Access 8 (2020) 173481–173490.
[158] S. Singh, H. Karimipour, H. HaddadPajouh, A. Dehghantanha, Artificial
Intelligence and Security of Industrial Control Systems, Handbook of Big Data
Privacy, 2020, pp. 121–164.
[159] E. Sisinni, A. Saifullah, S. Han, U. Jennehag, M. Gidlund, Industrial internet of
things: challenges, opportunities, and directions, IEEE Transac. Industr. Inform.
14 (11) (2018) 4724–4734.
[160] Y. Song, T. Liu, T. Wei, X. Wang, Z. Tao, M. Chen, FDA $^ 3$: federated defense
against adversarial attacks for cloud-based IIoT applications, IEEE Transac.
Industr. Inform. 17 (11) (2020) 7830–7838.
[161] S. Sultan, Q. Javaid, A.J. Malik, F. Al-Turjman, M. Attique, Collaborative-trust
approach toward malicious node detection in vehicular ad hoc networks,
Environ,. Develop. Sustain. (2022) 1–19.
[162] W. Sun, S. Lei, L. Wang, Z. Liu, Y. Zhang, Adaptive federated learning and
digital twin for industrial internet of things, IEEE Transac. Industr. Inform. 17 (8)
(2020) 5605–5614.
[163] Y. Sun, H. Esaki, H. Ochiai, Adaptive intrusion detection in the networking of
large-scale lans with segmented federated learning, IEEE Open. J. Commun.
Society 2 (2020) 102–112.
[164] R. Taheri, M. Shojafar, M. Alazab, R. Tafazolli, FED-IIoT: a robust federated
malware detection architecture in industrial IoT, IEEE Transac. Industr. Inform.
17 (12) (2020) 8442–8452.
[165] J. Tan, Y.-C. Liang, N.C. Luong, D. Niyato, Toward smart security enhancement
of federated learning networks, IEEE Netw 35 (1) (2020) 340–347.
[166] S.F. Tan, A. Samsudin, Recent technologies, security countermeasure and
ongoing challenges of industrial internet of things (IIoT): a survey, Sensors 21 (19)
(2021) 6647.
[167] K. Tange, M. De Donno, X. Fafoutis, N. Dragoni, A systematic survey of
industrial Internet of Things security: requirements and fog computing
opportunities, IEEE Commun. Surveys Tutor. 22 (4) (2020) 2489–2520.
[168] M. Tavallaee, E. Bagheri, W. Lu, A.A. Ghorbani, A detailed analysis of the KDD
CUP 99 data set, in: 2009 IEEE symposium on computational intelligence for
security and defense applications, 2009.
[169] P.J. Taylor, T. Dargahi, A. Dehghantanha, R.M. Parizi, K.-K.R. Choo, A
systematic literature review of blockchain cyber security, Digital Commun.
Networks 6 (2) (2020) 147–156.
[170] H.D. Tsague, B. Twala, Practical techniques for securing the internet of things
(IoT) against side channel attacks, in: Internet of things and big data analytics
toward next-generation intelligence, 2018, pp. 439–481.
[171] K. Tsiknas, D. Taketzis, K. Demertzis, C. Skianis, Cyber threats to industrial IoT:
a survey on attacks and countermeasures, IoT 2 (1) (2021) 163–186.
[172] H. Vargas, C. Lozano-Garzon, G.A. Montoya, Y. Donoso, Detection of security
attacks in industrial IoT Networks: a Blockchain and Machine Learning Approach,
Electronics 10 (21) (2021) 2662.
[173] S. Wadhwa, S. Rani, G. Kaur, D. Koundal, A. Zaguia, W. Enbeyle, HeteroFL
Blockchain Approach-Based Security For Cognitive Internet of Things, Wireless
S. Ali et al. Ad Hoc Networks xxx (xxxx) 103320

Communications and Mobile Computing, 2022, p. 2022.

[174] Q. Wang, Y. Guo, X. Wang, T. Ji, L. Yu, P. Li, AI at the edge: blockchain-
empowered secure multiparty learning with heterogeneous models, IEEE Internet
Things J. 7 (10) (2020) 9600–9610.
[175] W. Wang, M.H. Fida, Z. Lian, Z. Yin, Q.-V. Pham, T.R. Gadekallu, K. Dev, C. Su,
Secure-enhanced Federated Learning For Ai-Empowered Electric Vehicle Energy
Prediction, IEEE Consumer Electronics Magazine, 2021.
[176] W. Wang, H. Xu, M. Alazab, T.R. Gadekallu, Z. Han, C. Su, Blockchain-based
reliable and efficient certificateless signature for IIoT devices, IEEE Transac.
Industr. Inform. (2021).
[177] J. Wei, Q. Zhu, Q. Li, L. Nie, Z. Shen, K.-K.R. Choo, K. Yu, A redactable
Blockchain framework for secure federated learning in Industrial Internet-of-
Things, IEEE Internet Things J. (2022).

F
[178] W. Wen, C. Xu, F. Yan, C. Wu, Y. Wang, Y. Chen, H. Li, Terngrad: ternary
gradients to reduce communication in distributed deep learning, in: Advances in
Saqib Ali received a B.S. degree in information technology from the Sindh Agriculture
neural information processing systems, 2017, p. 30.
University, Tandojam, Pakistan, and an M.S. degree in computer science and technology
[179] Y. Wu, H.-N. Dai, H. Wang, Convergence of blockchain and edge computing for

OO
from the Nanjing University of Science and Technology (NJUST), Nanjing, China, in
secure and scalable IIoT critical infrastructures in industry 4.0, IEEE Internet
2011 and 2017, respectively. Currently, he is pursuing his Ph.D. in computer at the Nan-
Things J. 8 (4) (2020) 2300–2317.
jing University of Science and Technology (NJUST), Nanjing, China. His-research inter-
[180] X. Xiao, Z. Tang, C. Li, B. Xiao, K. Li, SCA: sybil-based Collusion Attacks of IIoT
ests include Information Security, Cyber Security, Machine learning, Internet of things,
Data Poisoning in Federated Learning, IEEE Transac. Industr. Inform. (2022).
Industrial IoT, Blockchain, and Federated learning.
[181] J. Xing, J. Tian, Z. Jiang, J. Cheng, H. Yin, Jupiter: a modern federated learning
platform for regional medical care, Sci. China Inform. Sci. 64 (2021) 1–14.
[182] X. Xu, Z. Zeng, S. Yang, H. Shao, A novel blockchain framework for industrial
IoT edge computing, Sensors 20 (7) (2020) 2061.
[183] R. Yang, F.R. Yu, P. Si, Z. Yang, Y. Zhang, Integrated blockchain and edge

Surveys Tutor. 21 (2) (2019) 1508–1532.

using recurrent neural networks, IEEE Access 5 (2017) 21954–21961. PR

computing systems: a survey, some research issues and challenges, IEEE Commun.

[184] C. Yin, Y. Zhu, J. Fei, X. He, A deep learning approach for intrusion detection

[185] B. Yong, X. Liu, Q. Yu, L. Huang, Q. Zhou, Malicious Web traffic detection for
Internet of Things environments, Computers. Electr. Engin. 77 (2019) 260–272.
[186] O. Yousuf, R.N. Mir, A survey on the Internet of Things security: state-of-art,
architecture, issues and countermeasures, Inform. Computer. Secur. 27 (2) (2019)
292–323.
[187] Z. Yu, J. Hu, G. Min, Z. Zhao, W. Miao, M.S. Hossain, Mobility-aware proactive
D
edge caching for connected vehicles using federated learning, IEEE Transac. Intell. Qianmu Li received the BSc and PhD degrees from Nanjing University of Science and
Transpor. Syst 22 (8) (2020) 5341–5351. Technology, China, in 2001 and 2005, respectively. He is a professor with the School of
[188] Y. Yuan, F.-Y. Wang, Blockchain: the state of the art and future trends, Acta. Cyber Science and Engineering, Nanjing University of Science and Technology, China.
Automatica. Sinica 42 (4) (2016) 481–494. His-research interests include information security, computing system management, and
[189] F. Zhang, H.A.D.E. Kodituwakku, J.W. Hines, J. Coble, Multilayer data-driven data mining. He received the China Network and Information Security Outstanding Tal-
TE

cyber-attack detection system for industrial control systems based on network, ent Award and multiple Education Ministry Science and Technology Awards
system, and process data, IEEE Transac. Industr. Inform. 15 (7) (2019)
4362–4369.
[190] H. Zhang, C.Q. Wu, S. Gao, Z. Wang, Y. Xu, Y. Liu, An effective deep learning
based scheme for network intrusion detection, in: 2018 24th International
Conference on Pattern Recognition (ICPR), 2018.
[191] Y. Zhang, Y. Song, J. Liang, K. Bai, Q. Yang, Two sides of the same coin: white-
box and black-box attacks for transfer learning, in: Proceedings of the 26th ACM
EC

SIGKDD International Conference on Knowledge Discovery & Data Mining, 2020.

[192] S. Zhao, S. Li, Y. Yao, Blockchain enabled industrial Internet of Things
technology, IEEE Transac. Comput. Social. Syst. 6 (6) (2019) 1442–1453.
[193] B. Zhou, C. Maines, S. Tang, Q. Shi, P. Yang, Q. Yang, J. Qi, A 3-D security
modeling platform for social IoT environments, IEEE Transac. Comput. Social.
Syst. 5 (4) (2018) 1174–1188.
[194] J. Zhou, Z. Cao, X. Dong, A.V. Vasilakos, Security and privacy for cloud-based
IoT: challenges, IEEE Commun. Magaz. 55 (1) (2017) 26–33.
RR

[195] L. Zhou, H. Guo, Anomaly detection methods for IIoT networks, in: 2018 IEEE
International Conference on Service Operations and Logistics, and Informatics
(SOLI), 2018.
[196] Zolanvari, M. (2021). Addressing Pragmatic Challenges in Utilizing AI for Security
of Industrial IoT Washington University in St. Louis].
[197] M. Zolanvari, M.A. Teixeira, L. Gupta, K.M. Khan, R. Jain, Machine learning-
based network vulnerability analysis of industrial Internet of Things, IEEE
Internet Things J. 6 (4) (2019) 6822–6834.
[198] M. Zolanvari, Z. Yang, K. Khan, R. Jain, N. Meskin, Trust xai: model-agnostic
CO
Abdullah Yousafzai is working as Assoc. Prof. of computer science at University of Cen-
tral Punjab, Lahore. Previously, he served as a postdoctoral research fellow under the
grant of NRF and Brain Korea 21st Century Plus at the department of computer science
and engineering, Kyung Hee University, Republic of Korea. Besides, he served as an assis-
tant professor with the department of computer science and engineering, HITEC Univer-
sity, Taxila, Pakistan. Before that, he worked as a brightspark's research assistant at C4M-
CCR University of Malaysia, and as a backend web developer in Pakistan. He received his
Ph.D. from the University of Malaya in 2017, MS (Computer Science) from Comsats Insti-
tute of Information Technology, Abbottabad in 2013, and BCS(Hons) from Hazara Uni-

explanations for ai with a case study on iiot security, IEEE Internet Things J. versity Mansehra, Pakistan in 2009. His-work mainly focuses on distributed computing
(2021). environments comprising cloud computing systems, edge computing, mobile cloud com-
[199] Fahad F. Alruwaili, Intrusion detection and prevention in Industrial IoT: A puting, blockchain systems, and the Internet of Things.
technological survey, IEEE, 2021.

31