This article has been accepted for publication in a future issue of this journal, but has not been

fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier 10.1109/ACCESS.2021.DOI

An Ensemble Multi-View Federated

Learning Intrusion Detection for IoT
DINESH CHOWDARY ATTOTA, VIRAAJI MOTHUKURI, REZA M. PARIZI, (Senior Member,
IEEE), SEYEDAMIN POURIYEH, (Associate Member, IEEE)
College of Computing and Software Engineering, Kennesaw State University, Marietta, GA 30060, USA, e-mails: [email protected],
[email protected], [email protected], [email protected]
Corresponding author: Reza M. Parizi (e-mail: [email protected]).
This research was supported by US SunTrust Fellow in Cybersecurity/Information Security Research Funding Program, No. ST20-01.

ABSTRACT
The rise in popularity of Internet of Things (IoT) devices has attracted hackers to develop IoT-specific
attacks. The microservice architecture of IoT devices relies on the internet to provide their intended services.
An unguarded IoT network makes inter-connected devices vulnerable to attacks. It will be a tedious and
ineffective process to manually detect the attacks in the network, as the attackers frequently upgrade
their attack strategies. Machine learning (ML)-assisted approaches have been proposed to build intrusion
detection for cybersecurity automation in IoT networks. However, most such approaches focus on training an
ML model using a single view of the dataset, which often fails to build insightful knowledge and understand
each feature’s impact on the ML model’s decision-making ability. As such, the model training with a single
view may result in an incomplete understanding of patterns in large feature-set datasets. Moreover, the
current approaches are mainly designed in a centralized manner in which the raw data is transferred from
the edge devices to the central server for training. This, in turn, may expose the data to all kinds of attacks
without adhering to the privacy-preserving of data security. Multi-view learning has gained popularity for
its ability to learn from different data views and deliver efficient performance with more distinguished
predictions. This paper proposes a federated learning-based intrusion detection approach, called MV-FLID,
that trains on multiple views of IoT network data in a decentralized format to detect, classify, and defend
against attacks. The multi-view ensemble learning aspect helps in maximizing the learning efficiency of
different classes of attacks. The Federated Learning (FL) aspect, wherein the device’s data is not shared
to the server, performs profile aggregation efficiently with the benefit of peer learning. Our evaluation
results show that our proposed approach has higher accuracy compared to the traditional non-FL centralized
approach.

INDEX TERMS Internet of Things, IoT Security, Federated Learning, Neural Networks, Multi-view
Classification, Intrusion Detection System.

I. INTRODUCTION
There has been a sharp growth in the usage of Internet
of Things (IoT) devices in recent years. They interconnect
with other digital and physical devices, which enables in-
formation exchange and service delivery [1]. Flexible IoT
devices are currently used for inter-connecting knowledge
of cyber-physical systems in healthcare [2] [3], transporta-
tion [4], smart homes [5], and smart cities [6], to name a
few. IoT-aided devices are very ubiquitous nowadays due
to their massive adoption in various sectors. Even though
these devices play a prominent role in our everyday lives,
many security complications are involved while using these
devices. The security measures [7] play a key role in the
trustworthiness of these IoT devices and their services. Poor
security measures will make these devices vulnerable to a
variety of cyber-attacks such as data leakage, Denial of Ser-
vice (DoS) [8], which may disrupt the normal functionality
of the end device. Several lightweight protocols have been
introduced [9] for effective communication within networks,
one such protocol is Message Queuing Telemetry Transfer
protocol (MQTT)[10]. MQTT protocol is mainly designed
for communication between devices with low bandwidth,
making it an ideal solution for communication between IoT
devices. The publish and subscribe communication style of

VOLUME 4, 2016 1

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access
the MQTT protocol helps to exchange information in client-
server communication through messaging. The network data
collected during information exchange from IoT devices
using MQTT protocol can be used to detect intruders in the
network.
Intrusion detection is crucial in an IoT network as the
intruders can attack and takeover, not just the IoT devices
but the other devices connected to the IoT network. Intrusion
Detection System (IDS) techniques can be classified into
main categories: Signature-based and Anomaly-based Intru-
sion Detection. In the signature-based intrusion detection,
there are a set of pre-defined malicious patterns of attacks,
the device detects an attack when it encounters any of the
known patterns, whereas the IDS using anomaly-based de-
pends on the deviations of normal behavior for detecting
malicious activity. Signature-based detection performs better
than anomaly-based in terms of efficiency due to known at-
tacks’ information availability but fails to detect new attacks.
While, anomaly-based detection is more capable of detecting
new attacks based on the traffic deviations compared to
normal behavior. Adapting machine learning algorithms for
anomaly-based detection techniques will increase the self-
learning process and help develop more intelligent systems
for detecting attacks in IoT environments.
Recent advancements in network intrusion detection have
shown that having knowledge on multiple view behavior of
an attack will achieve better performance rather than a single
view feature set [11]. Multi-View learning is a new paradigm
in which a distinct function is used to model a particular
view and combines all functions to exploit redundant views
of input data. In multi-view, the data is trained alternately
to increase mutual agreement on two distinct views of input
data. Learning tasks in a multi-view strategy are done with
abundant information. Learning from the training of multiple
views can be combined to have an efficient outcome. As we
can consider network data into multi-view form, the same
way the attack information can also be analyzed as multiple
views. The behavioral information of attacks can be varied
from one view to the other.
In the conventional ML-based approach, the entire data is
considered as a single feature set and it requires more amount
of training time to find any deflections in few features of
input data for detecting an attack. Whereas in the multi-view
approach, we consider a set of features in multiple views
rather than a single feature set. As the features set can be
reduced in multi-view, the training can be more efficient,
which leads to detection of attack with more accuracy. Hav-
ing such view-level intelligence can be helpful in the better
learning process of attacks and detect abnormal behavior in
any view of network data. Most of the existing works use
centralized ML techniques for intrusion detection [12] [13]
[14]. Typically, IoT devices in the real world are placed
far away from the location of the central server. The traffic
logs generated by these IoT devices are tremendous. Sharing
network logs data of IoT devices with the central server for
intrusion detection at every point of time is a cumbersome
2 VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
process and can be subjected to various attacks. Though the
centralized approach can detect attacks with good accuracy,
the main overhead is the cost associated with transmitting
IoT network data to the server. The process takes more time
because IoT devices and the central server (intrusion detec-
tion system) are geographically isolated. Moreover, there will
be instances where the data contains sensitive information
that needs to be secured; therefore, sharing such data over
the network will make data prone to various attacks, leading
to critical consequences. The centralized methodology does
not ensure user data privacy, and the latency cost is high in
this paradigm. The edge computing paradigm solves latency
by bringing the data and computational resources close to the
end device, but this does not provide any privacy-preserving
methods for data. Knowledge sharing is not supported in such
edge computing manner, i.e., information of new attacks or
change of behavioral information of existing attacks that any
device encounters is not shared with latter devices.
Federated Learning (FL) [15] is an ideal solution for
performing on-device training while maintaining privacy-
preserving methods using decentralized data. In recent years,
FL became a widely adopted solution for ensuring privacy
[16, 17, 18, 19] of the end-user data and updates with low
latency. This technology addresses the limitations of cen-
tralized and edge-computing paradigms and marking it as
an outstanding ML technique for maintaining data privacy
while providing knowledge sharing among peers. FL uses an
exceptional strategy [20] in which a trained ML model will be
shared between multiple devices in the network and devices
that download the shared base ML model will train it with
its local data and computational resources that are available
with that device. After training, the devices share the updated
local model parameters back to the server for performing
aggregation of their locally computed parameters. Consid-
ering privacy measures, the aggregation process is made so
that the server has no access to devices’ training data. Using
this paradigm, in this work, we are proposing an intrusion
detection technique called Multi-view Federated Learning
based Intrusion Detection (MV-FLID) that uses decentralized
data for performing training and inference procedures at the
device’s end. The device’s data is not being shared with
the central server or any other external devices, thereby
maintaining the security and privacy of the device’s data.
FL aggregation [21] [22] will be done at the server end by
collecting all trained models of devices that participate in the
FL process. Following is a list of contributions we made in
this research:
1) Proposing an intrusion detection approach with multi-
view information of IoT network data using federated
learning methodology.
2) Integrating Grey Wolves Optimization mechanism for
extracting optimized feature sets in the proposed ap-
proach.
3) Devising an ensemble-based method for detecting at-
tacks from multiple views in the proposed approach.
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access
4) Obtaining high accuracy results in detecting attacks
compared to traditional machine learning approaches
that use a single feature-set of attack information in a
non-decentralized manner.
The remaining of the paper is structured in the following
manner. Section II gives the related work. Section III presents
the proposed approach and illustrates the underlying archi-
tecture with implementation details. Section IV presents the
dataset, metrics, and evaluation results and summarizes our
findings. Finally, Section V concludes the paper.
II. RELATED WORK
Intrusion Detection has become a foremost thing to be
considered while utilizing IoT devices [13]. Many research
works have been carried out on Intrusion detection using ML
methodologies. In this section, we discuss some of the recent
advancements proposed for Intrusion detection techniques.
The researchers in [23] used a supervised artificial neural
network which is based on multi-level perceptron for training
and testing threat patterns in an IoT Network. They have
achieved 99.4% accuracy in detecting Denial of Service
(DoS) / Distributed denial of service (DDoS) attacks.
Similarly, authors in [24] proposed an intrusion detection
approach using Feed-forward neural networks and multi-
class classification for detecting attacks like DoS/DDoS, re-
connaissance, and information theft attacks in IoT networks.
This method involves collecting data from raw network
packets using an analyzer tool. The analyzer tool captures
all the generic features of the raw network traffic. The Pre-
processed data is then used to train a Deep Neural network,
which is used as a classifier for new incoming packet data.
The classifier then labels the malicious packet into a specific
category of attack.
Authors in [22] presented a comprehensive design of the
FL system. Unlike traditional ML architecture, FL utilizes a
decentralized approach. A variety of FL techniques have been
proposed in the field of cybersecurity and also for intrusion
detection in IoT networks.
For example, the authors in [25] proposed a Self-learning
anomaly detection system using an FL approach for detecting
compromised IoT devices in the network. It utilizes Long
Short Term Memory (LSTM) and Gated Recurrent Units
(GRU's) for building the proposed model. It constantly mon-
itors the devices’ network traffic and detects anomalous devi-
ations from given communication profiles of devices'without
human intervention. It has achieved an accuracy of 98.2%
and can detect 95.6% of attacks in 257ms with less false
alarm rate.
Likewise, research work in[26] presents a deep learning
model by combining NIDS and HIDS to detect cyberattacks.
They assessed multiple stages of attacks and evaluated ma-
chine and deep learning algorithms on various NIDS and
HIDS datasets. The best-performed algorithm is chosen for
the list, and it was further evaluated on other multiple datasets
for efficiency.
VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
Researchers in [27] presented an Intelligent Intrusion de-
tection using FL approach and Long Short Term Memory
(LSTM) recurrent neural network. LSTM networks have cell
state and memory state within to hold required information
on long inputs of data. This model does compare the effi-
ciency of the proposed algorithm with conventional neural
networks using Adam optimizer and achieves an accuracy
of 99.21% and an F1 score of 99.21. It used the supervised
learning mechanism while performing training procedures.
On the other hand, the authors in [28] put forward a deep
anomaly detection framework for sensing time series data us-
ing the FL approach on distributed edge devices for Industrial
IoT. It also incorporates a CNN-LSTM model for extract-
ing fine-grained features of historical observations sensing
time series data and uses LSTM modules for time-series
predictions, thereby preventing memory loss and gradient-
dispersion problems.
Most of the works were carried out using a single view
of network data for detecting attacks of the aforementioned
proposed approaches. There have been advancements in in-
trusion detection techniques using the multi-view informa-
tion of attacks. Authors in [11] proposed a semi-supervised
co-training approach using multi-view nature of attacks. In
this approach, attack behavior will be maintained in multiple
views, and attack detection will be done using the predictions
done by ML models of multiple views of an attack. They have
used a centralized approach for implementing their research
and had an active labeling procedure for labeling unknown
attacks by experts. Researchers in [10] have introduced
multi-view features of MQTT data and evaluated features
using centralized ML algorithms. Authors in these works
have proposed their methodologies in a centralized approach.
In our work, we proposed Federated Learning methodology
(MV-FLID) to train network data segmented into three views
in IoT devices. We used an ensembler at the end of deep
learners for detecting attacks based on their occurrence.
To abridge, most of the research works have been carried
out on a single feature set of data using a centralized mecha-
nism and lags in using decentralized approaches for effective
communication and intrusion detection in IoT environment.
Our approach considers the limitations of existing works and
proposes a multi-view decentralized approach for intrusion
detection.
III. PROPOSED APPROACH
This section presents our proposed approach called MV-
FLID, which integrates base classifiers trained on multiple
views of network data to detect various attacks in IoT de-
vices. The list of acronyms used is given in Table 1.
A. ARCHITECTURE
Our proposed approach is depicted in Figure 1 in which
multiple virtual IoT instances are connected to Security
Gateways, which are distributed at different sites. The MQTT
protocol in the session layer of these IoT devices will share
3
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

Figure 1: High Level Architecture of the Proposed Approach

Table 1: Acronyms network data of IoT devices participate in a server-based

Acronym Description aggregation process. The aggregation process creates a more
FL Federated Learning sophisticated intrusion detection model with aggregated and
ML Machine Learning
CSV Comma Separated Values optimized all device models’ parameters.
sigma/σ Sigmoid Sharing intrusion detection ML models with the server and
tanh Tangent hyperbolic
rfc Random forest classifier aggregation of the ML models enable generating a model
IDS Intrusion Detection System with global intelligence perception that helps in the detection
GWO Grey Wolves Optimization
MQTT Message Queuing Telemetry Transfer Protocol
of attacks with higher amounts of accuracy. The server shares
TCP Transmission Control Protocol a global optimized model back to security gateways and
ANN Artificial Neural Networks assists in increasing knowledge among gateways. Sharing
the aggregated model to security gateways leads to a better
learning process. It empowers devices to detect intrusion
network data with the security gateway (middle agent) for based on behavior learned by other devices participating in
further processing. Published traffic data of these devices will the aggregation process.
be monitored by an intrusion detector installed on the security
gateway. Having such on-site intelligence will make gate-
ways independent from the traditional server-device mech- 1) Data Pre-Processing
anism, in which the traffic data will be shared with the The network connection between the source and destination
server every time for detecting intrusions. Such on-site in- consists of a sequence of TCP packets, which have a n
telligence will also expedite detection time by performing number of features for each packet. As the packets contain
analysis on shared network data. The gateways are placed IoT device network logs information, in this module, based
in the federated setup. For every selected amount of time, on their nature we consider packet information into three
the ML models of multiple views that get trained on local views such as Bi-Directional Features (Bi-flow view), Uni-
4 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access
Directional Features (Uniflow view), and Packet-Features
(Packet view). The multi-view features of packet are listed
in Table 2.
2) Grey Wolves Optimization
Feature Selection using Grey Wolves Optimization (GWO)
[29] technique is a hunting kind of mechanism which can
be implemented for generating optimal feature set from the
given list of features in the training data. This heuristic
approach attains the best feature set based on the accuracy of
the features obtained at multiple iterations of the features list.
Therefore, the final features set obtained after implementing
the GWO mechanism will have more accuracy. The GWO
mechanism works on a strategy that has four different cate-
gories of wolves called alpha, beta, gamma, and delta. The
wolves have a strict dominance hierarchy wherein Alpha(α)
is considered as the leader of the group who is conscientious
and responsible for making decisions. The next category of a
wolf in the hierarchy is the beta (β) wolf which is subordinate
to the Alpha (α). Sometimes beta (β) wolves will find the
best fitness and acknowledge αabout the positions. The other
lower-ranking wolves are called omega (ω) and delta (δ).
α is considered as the best fitness solution. β and δ are
considered as the next fitness for the sub-optimal solution.
All these categories of wolves will be scattered into n number
of dimensions and collectively tries to find the best solution
for the given features on multiple iterations.
The wolves hunting process at a given point of time can be
described in the below equations.
G = |C.Fprey (t) − Fwolf (t)|
F (t + 1) = Fp (t) − A.G
A = 2ar1 − a
C = 2r2
In Equations 1 and 2 G is the wolves current position
for the current time iteration t, whereas F represents the
position vector and Fprey denotes current position vector of
the prey(target). A & C are the coefficients calculated using
variable in Equations 3 and 4. r1, r2 are random vectors that
lie in the interval [-1.28, 1.28] and a is an arbitrary variable
that linearly decreases from 2 to 0.
3) View Specific ML Models
Referring to the architecture, in this module, a feed-forward
Artificial Neural Network based on a back-propagation train-
ing algorithm is used for training procedures. The structure
of the proposed neural network consists of an input layer,
hidden layers, and an output layer. The number of inputs was
determined by the input features set. As we are dealing with
the multiple views of the network data, in this module, we
VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
design neural network ML models for the three views, i.e.,
for Uniflow features, Biflow features, and Packet features
of data shared by MQTT protocol. The ML models will be
trained on the patterns of different kinds of attacks and a
soft-max function is employed at the end of the network to
classify network traffic into attack categories. The feature
sets extracted in the pre-processing data phase were given
as input to the classification models wherein the ML models
will learn the temporal information of these feature sets, and
the ML models get trained on the given knowledge.
We consider this set of ML models as the base ML models
of the corresponding views, and the trained ML models will
be shared with IoT devices for inference of the attacks on the
real-time network data of the device.
4) FL Training Process
The FL process is implemented with the available number
of virtual instances. Each instance has its training data using
which the shared view specific ML models get trained, and
shares updated parameters with the central server for aggre-
gation purposes. The information presents in network data
of IoT devices is segmented into three views and segmented
data is considered for training. In our work, we used three
deep learning ML models for training data present in three
views. The communication rounds in the FL process are
the number of times the aggregation procedure is being
implemented for locally trained ML models of three views in
IoT devices. The steps underlying this process are as follows:
Step 1: The initial ML models of three views are shared
with the virtual IoT devices.
(1) Step 2: After getting base ML models of three views from
the server, the ML models will undergo a re-training process
using local network data of the device.
(2)
Step 3: View-specific features information of network data
is given as input to Biflow, Uniflow, and Packet View ML
(3) models to predict the class of an attack. All three classifi-
cation ML models will predict the attack class based on the
training parameters set in the initial model.
(4)
Step 4: From the list of different probabilities of attack
classes by output layer, the ML model gives an attack class
that has the highest probability from the list of predicted
attacks as output.
Step 5: After training the ML models for several epochs
locally on the device data, view-classification models of all
IoT devices are sent to the server for performing FL Aggre-
gation of the corresponding view-classification ML models.
All the parameters of the view-classification ML models of
multiple IoT devices are aggregated, and a Global ML model
is created for a corresponding view-classification model.
Step 6: After completion of FL Aggregation, Global mod-
els are shared back to IoT devices, and the current classifica-
tion models in the IoT devices are replaced with shared global
models, and the training and inference procedure continues
on local data.
5
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

Step 7: An ensembler is engaged and the attack predictions Next, followed by the Averaging of computed param-
of all view-classification models are sent to the ensembler for eters of models using F Laverage function. Finally, the
selecting the class based on the majority predicted class from EnsemblerLogic function consists of logic for predicting
the trained classifiers. the attack using test data of views that are passed to corre-
sponding trained view models.
5) FL Aggregation
Federated Aggregation is a computation algorithm in which Algorithm 1: FL Process
a group of devices connected to a network hold private net- Input: T rain and T est Data of M QT T Dataset
work data and collaborate in computing an aggregated model Output: Intrusion Detection in M ulti −
without revealing any sensitive information of the device view N etwork Data
and sharing only the locally-computed parameters of the Data: mqtt_dataset
device models for performing aggregation. Each device trains 1 mb , mu , mp /* ML models for three Views */
its models of three views locally for a selected number of 2 Reading Input data of three views
epochs before sharing its updated parameters with the central 3 V iews = Db , Du , Dp /* data for three views */
server. This process limits the communication overhead of 4 d = d1 , d2 ...d10 /* Initiating Virtual Devices
the device because of sharing only the trained models of
*/
views rather than view specific information of local data. 5 Function featureEngineering_GWO(V iews):
1 X 6 for view in V iews do
Fk (w) = fi (w) (5) 7 while max_iterations do
nk
i∈Pk /* Set Random Positions of Wolves
K */
X nk 8 α, β, γ, δ = random_positions
f (w) = Fk (w) (6)
n update(current position of wolves)
k=1

In Equation 5 K denotes total number of clients, k is index 9 calculate f itness of α, β, γ, δ

of client, nk is the number of data samples that are available 10 update(α, β, δ)
during training of client k, taking fi (w) = l(xi , yi w) which 11 return α EndF unction
is Loss of prediction of sample (xi , yi ) and Pk is set of 12 Function f lT raining(communication_rounds):
indices of data samples on client k. Equation 5 estimates 13 while di in d do
the weight parameters of all devices based on the loss values 14 mwb = train(data in Db )
that encountered across data points they have trained with. 15 mwp = train(data in Dp )
Equation 6 performs scaling of the parameters and adding up 16 mwu = train(data in Du )
all in a component-wise manner.
17 return mwb ,mwp ,mwu
18 EndF unction
6) Ensembler
We have used an ensemble-based technique in our work to 19 Function f lAverage():
predict the attack based on the predicted values of classifi- 20 Mwb = F Laverage (mwb ) /* Averaging
cation models of three views. For achieving better accuracy parameters of Biflow view models of all
rates, we used Random Forest Classifier [30] to perform an devices */
ensemble process on the model’s outcomes. For the given 21 Mwp = F Laverage (mwp ) /* Averaging
input of network data, the models of three views will pre- parameters of Packet view models of all
dict the probabilities of a possible attack. The outcomes of devices */
these models will be sent to ensembler, which combines the 22 Mwu = F Laverage (mwu ) /* Averaging
predictions of three views and gives a single attack based on parameters of Uniflow view models of all
its probability and its occurrence. The process of ensembler devices */
is outlined in Figure 2 and its functionality is illustrated in 23 Function ensemblerLogic(Mwb ,Mwu ,Mwp ):
Algorithm 1. 24 bif low_viewdata ,
The Algorithm 1 formalizes the whole procedure of packet_viewdata ,unif low_viewdata
our proposed approach. Splitting the dataset into train set predictions = Mwb (bif low_viewdata ),
for training procedures and test set for evaluation pur- Mwp (packet_viewdata ),
poses. The order of functions in the algorithm speci- Mwu (unif low_viewdata ) Attackprediction =
fies the functioning of our approach. Starting with Fea- Ensembler(predictions)
ture Engineering(f eatureEngineering_GW O) of data,
that presents in views, using Grey Wolves Optimization
technique and resultant data is being forwarded to training The following steps will elucidate more about the working
procedure(f lT raining) for a selected number of rounds. procedure of our architecture.
6 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

1) The features extraction using Grey Wolves Optimiza- Table 2: Dataset Features
tion (GWO) [31] method for extracting the optimal View Description Total
feature set from the list of available features for three ’ip_src’, ’ip_dst’, ’prt_src’, ’prt_dst’, ’proto’,
’fwd_num_pkts’,’bwd_num_pkts’, ’fwd_mean_iat’,
views i.e., Uniflow, Biflow, and Packet features. Bi-Flow
’bwd_mean_iat’, ’fwd_std_iat’,’bwd_std_iat’,
27
2) The server initializes the base Artificial Neural Net- ’fwd_min_iat’,’num_psh_flags’, and so on
work models for these three views using the optimal ’timestamp’, ’src_ip’, ’dst_ip’, ’protocol’, ’ttl’,
’ip_len’, ’ip_flag_df’,’ip_flag_mf’, ’ip_flag_rb’,
feature sets obtained for corresponding views in the Packet ’src_port’, ’dst_port’, ’tcp_flag_res’, ’tcp_flag_ack’, 17
feature extraction process. The structure of these ML ’tcp_flag_push’, ’tcp_flag_reset’, ’tcp_flag_syn’,
models and their hyper-parameters are defined at this ’tcp_flag_fin’
’ip_src’, ’ip_dst’, ’prt_src’, ’prt_dst’, ’proto’,
stage. The defined neural network models perform an ’num_pkts’, ’mean_iat’,’std_iat’, ’min_iat’,
initial training round with available training data with Uni-Flow ’max_iat’, ’mean_pkt_len’, ’num_bytes’, 18
different categories of attacks. ’num_psh_flags’, ’num_rst_flags, ’num_urg_flags’,
’std_pkt_len’, ’min_pkt_len’, ’max_pkt_len’
3) The ML models produced in step (2) are shared with
Security gateways that are participating in the FL pro-
cess. B. DATASET
4) Once the security gateways download intrusion detec- To evaluate our approach, we have used a lightweight MQTT
tion models of the server’s corresponding view, the protocol dataset[10], which simulates realistic IoT device
learning parameters of the ML models are enhanced communication. The MQTT dataset consists of five recorded
based on IoT devices’ local network data. scenarios of 1 normal operation and 4 attack scenarios. It
5) As the ML models were trained with a certain number has both common network scanning attacks and brute-force
of attacks at the server, they will detect and identify attacks. MQTT protocol communication datasets are widely
the abnormal behavior in network traffic of IoT devices adopted [33] [34] for building an effective Intrusion Detec-
that assists in detecting attacks. tion model for IoT devices.
6) Only parameters of updated models are shared to the The processed features of the MQTT dataset can be cate-
server for aggregation process instead of sharing sen- gorized into Unidirectional, bi-directional, and packet-based
sitive information of network traffic data and creating features. The features of corresponding groups are listed
scope for data theft. in Table 2. The distribution of attacks in each view are
7) The server aggregates the weights obtained from dif- illustrated in Figure 3
ferent gateway models and creates new sophisticated
and updated models for corresponding views, which C. EVALUATION METRICS
are communicated back to security gateways after suc- In our approach, we use Accuracy, Precision, Recall, and
cessful aggregation. F1-score as our metrics for measuring the performance of
8) Each security gateway uses an updated model on new classification models.
upcoming traffic data. True Positive (TP) : The total number of attack records that
The above steps (5), (6), and 7 will be repeated to enhance were correctly classified as an attack.
the learning process, improve models’ accuracy and keep the True Negative (TN) :Total number of normal records that
global ML up-to-date with the latest data. are accurately classified as normal.
False Positive (FP): Total number of normal records that
were incorrectly classified as an attack.
IV. EVALUATION RESULTS False Negative (FN): Total number of attack records that
In this section, we discuss the environment setup , the were incorrectly classified as benign.
dataset, and its views segmentation used for implementing Performance Metrics:
our proposed approach. Then we walk through the evaluation
metrics used for analyzing the performance of our proposed Accuracy: It is defined as ratio of correctly classified
approach. In the final part, we present our experimental records to the total number of records.
results and provide discussion. TN + TP
Accuracy =
TN + FP + TP + FN
A. EXPERIMENTAL SETUP F1-Score: It is the Harmonic mean of Precision and Re-
For evaluating our proposed approach MV-FLID, we have call.
used Tesla V100-SXM2-16GB GPU(Graphics Processing Recall ∗ P recision
F 1 − score = 2 ∗
Unit) server that was hosted as a backend for the Google Recall + P recision
Colab Pro environment. We have implemented FL approach Precision: The ratio of Truly Positive to the Total number
using PySyft [32] deep learning framework which is based of results predicted positive.
on Pytorch deep learning framework. TP
P recision =
FP + TP
VOLUME 4, 2016 7

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

Figure 2: Prediction using Ensembled method

Figure 3: Distribution of attacks data in multiple views

Figure 4: Evaluation metrics of training rounds in Proposed Approach

8 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

Figure 5: Training results for individual models in non-FL setup

Recall: It is the percentage of predicted positive to the total

positive. It is also called as True Positive Rate (TPR)

TP
Recall =
FN + TP

D. RESULTS
We have conducted our experiments using the Pysyft deep
learning framework with 10 virtual IoT devices in a Feder-
ated setting to evaluate our approach. We have implemented
ten rounds of aggregation of models that are trained using
local data of the corresponding device. Figure 4 shows the
device’s accuracy trends after every round of Federated Ag-
gregation. We have distributed training and test data with
devices to enable a self-learning process. We have achieved
significant accuracy (as shown in Figure 4) after each round
of communication while preserving the privacy of the data.
Federated Learning methodology has spurred the efficiency
of the knowledge-sharing process regards to diverse behavior
of attacks among devices. The deep learning models in these
devices get trained with much information of attacks in
every round of communication, leading to an increase in our
accuracy.
1) Comparison with Non-FL Approach
We implemented the non-FL version of our proposed ap-
proach using the Pytorch deep learning framework to com-
pare its evaluated results with the FL version.
In the FL method, there are ten rounds of communication
has been carried out. In every round of communication,
any change in behavior of attack information encountered
by any device during training is being shared with latter
devices at the time of aggregation. Whereas in the Non-
FL implementation, knowledge sharing is not happening.
Also, the amount of data used for training in a centralized
approach is huge compared to the amount of data used in the
decentralized methodology. The procedure of implementing
Non-FL version are as follows:
1) We performed Data Pre-Processing techniques on view
datasets and extraction of valuable features set.
VOLUME 4, 2016
Figure 6: Evaluation metrics comparison of our proposed
approach and non-FL approach
2) We have defined attack classification models for three
views i.e., Biflow View, Packet View, and Uniflow
View.
3) Next, we carried out training procedures for three-view
for a given number of epochs.
4) As this procedure comes under a centralized approach,
there is a single round of training for view classification
models.
The results of the training round are shown in Figure 5. As
can be seen from the figure, the Biflow and Uniflow view
deep learners yielded more accuracy than that of the packet
flow view. The same tendency continues with the loss values
of models. The packet view deep learner has taken more steps
for reaching an optimal minimum. The training accuracy in
packet view is less in the Non-FL approach and required
more information to identify abnormal behavior in packet
view. Improving parameters of packet view deep learners
by knowledge sharing technique enhances its efficiency in
detecting abnormal behaviors in packet view.
In a side-by-side fashion, we compared the evaluation
metrics of trained models of multiple views from the non-
FL setup with the metrics of trained view-model instances
after completing the 10th round of FL averaging process of
the proposed approach. Figure 6 illustrates the comparison
9

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

Figure 7: Accuracy trends of proposed approach with adversary nodes

more efficiently.

Figure 8: Evaluation metrics results of proposed approach
with adversary nodes
of the evaluation metrics for FL and non-FL implementa-
tions. Compared to the results of the non-FL approach, our
proposed approach using FL has achieved a higher amount
of accuracy in detecting attack behavior in network data.
The proposed approach has maintained a good amount of
accuracy than the Non-FL approach. Using Federated Learn-
ing methodology, the network data of IoT devices will get
trained after every round of aggregation process. As the
aggregation includes merging of Deep Learning models of
multiple views, the knowledge of attack behavior across
multiple devices is being shared, which leads to an increase
in the efficiency of detection of attacks. Whereas, In the
Non-FL methodology, training procedure is implemented
at the server end and a variety of attack behavior of IoT
devices is not being shared to the server for global perception.
Knowledge sharing, which the FL method supports, plays the
most significant role in increasing the detection of attacks
10
2) Security Analysis
The previous results (presented in Figure 4) were measured
with the premise that devices and their traffic data be le-
gitimate. To further evaluate the security of our proposed
approach in the presence of adversary/malicious traffic in the
network, we considered three devices with malicious traffic
for this analysis. In Figure 7, we have the accuracy trends of
devices that contain legitimate and malicious traffic. We used
devices 8, 9, and 10 with malicious traffic data. We imple-
mented a poison attack by flipping the training data labels for
infected nodes to analyze the efficiency of our approach. As
shown in Figure 7, the accuracy trends of infected devices
are low compared to other devices with legitimate traffic.
The training models of infected devices were also considered
while performing the aggregation process. In the federated
learning mechanism, parameters of on-device trained models
of multiple devices will be combined in the aggregation
process. It promotes knowledge sharing by averaging the
parameters of trained models from all participating devices,
thereby reducing the negative impact of adversary samples
and generating a global optimized model as an outcome.
Though the accuracy trends of infected devices are less, the
global model that we generate after the federated aggre-
gation process has maintained optimal performance. Figure
8 shows the evaluation metrics of our proposed approach
with malicious traffic data. Our results show that the global
model obtained after the 10th round of aggregation has
maintained optimal accuracy by the use of federated learning
in detecting attacks. To strengthen our approach, we are
focusing on a mechanism that can forestall poisoning attacks
by implementing an outlier detection filtering technique.
VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access
This method would perform analysis on retrained models of
multiple gateways and eliminates malicious/outlier models
from participating in the aggregation process. Using this
technique, we could identify the compromised devices in the
network, and an alert can be made for intrusion.
E. DISCUSSION
In this part, we discuss the computation capability of nodes
used in the experiment and whether using the proposed
approach with IoT devices in real-time may introduce any
significant overhead interrupting their normal operations.
Second, we discuss the possible application scenarios of our
approach concerning device type and data.
1) Computation overhead
We have created virtual device instances using the Pysyft
deep learning framework to demonstrate the functionality
of our proposed approach. As these devices are virtual, the
computational ability of these devices is the same as the
runtime we used for executing our approach. On-device
monitoring is hardly feasible in real-time IoT devices due
to their resource limitation concerning Computational ability,
Memory, and Energy. Our proposed approach is based on the
assumption that an intrusion detection system is installed on
the security gateways and these gateways monitor the traffic
of IoT devices that are connected to them. This approach
supports most IoT devices as it is not required by the devices
to be equipped with computational power and the work
relying on computation power will be carried out at the
security gateways. Thus, normal operations of IoT devices
will be unlikely get affected in real-time scenarios.
2) Applications
In this paper, we have provided a practical use case of multi-
view learning in the IoT network domain. This approach can
be implemented in the network architectures where MQTT
protocol is used for communication with IoT devices and
other communication protocols such as TCP and Modbus.
This method can be applied to different types of devices
rather than a single type because the device traffic is consid-
ered for performing intrusion detection rather than its spec-
ifications. As different devices have different functionality,
the data associated with the device and attacks corresponding
to a device will also be different. The ideology of multi-
view learning can be followed for most of the protocols.
The network data of IoT devices that use any protocol for
communication can be segmented based on the nature of
features that corresponds to an attack. This approach can
be implemented using the security service models that are
available with service providers. FL helps in maximizing the
training process with less data. It can be used irrespective
of the communication protocol and end devices. Federated
learning fosters the idea of Secure Multiparty computation.
It prevents the end device data from being exposed to other
parties and promotes differential privacy of data.
VOLUME 4, 2016
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
V. CONCLUSION
In this paper, we proposed a federated learning-based intru-
sion detection approach with multi-view ensemble learning.
Our approach enhances the capability of identifying intru-
sions with a higher accuracy rate. Enhanced security and
privacy levels are ensured as the data stays intact on the end
devices. Multi-view learning enables the thorough analysis
and understanding of attack patterns from multiple perspec-
tives. The trained ML models learnings from multiple views
are fused with an ensembler which increases the prediction
accuracy of our approach. Our future research will focus
on exploring unsupervised and reinforcement ML algorithms
that can further enhance intrusion detection by identifying
the untrained attacks. In addition, we will focus on a mech-
anism that can forestall poisoning attacks by implementing
an outlier detection filtering technique. This method would
perform analysis on retrained models of multiple gateways
and eliminates malicious/outlier models from participating in
the aggregation process.
References
[1] Surapon Kraijak and Panwit Tuwanut. A survey on internet of things
architecture, protocols, possible applications, security, privacy, real-
world implementation and future trends. In 2015 IEEE 16th Interna-
tional Conference on Communication Technology (ICCT), pages 26–
31, 2015.
[2] Ravi Kishore Kodali, Govinda Swamy, and Boppana Lakshmi. An
implementation of iot for healthcare. In 2015 IEEE Recent Advances
in Intelligent Computational Systems (RAICS), pages 411–416. IEEE,
2015.
[3] B Sobhan Babu, K Srikanth, T Ramanjaneyulu, and I Lakshmi
Narayana. Iot for healthcare. International Journal of Science and
Research, 5(2):322–326, 2016.
[4] Nallapaneni Manoj Kumar and Archana Dash. Internet of things:
an opportunity for transportation and logistics. In Proceedings of
the International Conference on Inventive Computing and Informatics
(ICICI 2017), 23rd to, pages 194–197, 2017.
[5] Timothy Malche and Priti Maheshwary. Internet of things (iot) for
building smart home system. In 2017 International conference on I-
SMAC (IoT in social, mobile, analytics and cloud)(I-SMAC), pages
65–70. IEEE, 2017.
[6] Hamidreza Arasteh, Vahid Hosseinnezhad, Vincenzo Loia, Aurelio
Tommasetti, Orlando Troisi, Miadreza Shafie-khah, and Pierluigi
Siano. Iot-based smart cities: A survey. In 2016 IEEE 16th In-
ternational Conference on Environment and Electrical Engineering
(EEEIC), pages 1–6. IEEE, 2016.
[7] Rwan Mahmoud, Tasneem Yousuf, Fadi Aloul, and Imran Zualker-
nan. Internet of things (iot) security: Current status, challenges and
prospective measures. In 2015 10th International Conference for
Internet Technology and Secured Transactions (ICITST), pages 336–
341. IEEE, 2015.
[8] Ahmet ArÄśŧ, Sema F. Oktuħ, and SÄśddÄśka Berna ÃŰrs
YalÃğÄśn. Internet-of-things security: Denial of service attacks.
In 2015 23nd Signal Processing and Communications Applications
Conference (SIU), pages 903–906, 2015.
[9] Nitin Naik. Choice of effective messaging protocols for iot systems:
Mqtt, coap, amqp and http. In 2017 IEEE International Systems
Engineering Symposium (ISSE), pages 1–7, 2017.
[10] Hanan Hindy, Ethan Bayne, Miroslav Bures, Robert C. Atkinson,
Christos Tachtatzis, and Xavier J. A. Bellekens. Machine learning
based iot intrusion detection system: An MQTT case study. CoRR,
abs/2006.15340, 2020.
[11] Ching-Hao Mao, Hahn-Ming Lee, Devi Parikh, Tsuhan Chen, and Si-
Yu Huang. Semi-supervised co-training and active learning based
approach for multi-view intrusion detection. In Proceedings of the
2009 ACM symposium on Applied Computing, pages 2042–2048,
2009.
11
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

[12] Bruno Bogaz Zarpelão, Rodrigo Sanches Miani, Cláudio Toshio Szymkow, Bobby Wagner, Emma Bluemke, Jean-Mickael Nounahon,
Kawakani, and Sean Carlisto de Alvarenga. A survey of intrusion Jonathan Passerat-Palmbach, Kritika Prakash, Nick Rose, Théo Ryffel,
detection in internet of things. Journal of Network and Computer Zarreen Naowal Reza, and Georgios Kaissis. PySyft: A Library
Applications, 84:25–37, 2017. for Easy Federated Learning, pages 111–139. Springer International
[13] N. Chaabouni, M. Mosbah, A. Zemmari, C. Sauvignac, and P. Faruki. Publishing, Cham, 2021.
Network intrusion detection for iot security based on learning tech- [33] Hector Alaiz-Moreton, Jose Aveleira-Mata, Jorge Ondicol-Garcia, An-
niques. IEEE Communications Surveys Tutorials, 21(3):2671–2701, gel Luis Muñoz-Castañeda, Isaías García, and Carmen Benavides.
2019. Multiclass classification procedure for detecting attacks on mqtt-iot
[14] Shahid Raza, Linus Wallgren, and Thiemo Voigt. Svelte: Real- protocol. Complexity, 2019, 2019.
time intrusion detection in the internet of things. Ad hoc networks, [34] Ivan Vaccari, Giovanni Chiola, Maurizio Aiello, Maurizio Mongelli,
11(8):2661–2674, 2013. and Enrico Cambiaso. Mqttset, a new dataset for machine learning
[15] Mohammed Aledhari, Rehma Razzak, Reza M. Parizi, and Fahad techniques on mqtt. Sensors, 20(22):6578, 2020.
Saeed. Federated learning: A survey on enabling technologies, pro-
tocols, and applications. IEEE Access, 8:140699–140725, 2020.
[16] Zhuo Chen, Na Lv, Pengfei Liu, Yu Fang, Kun Chen, and Wu Pan.
Intrusion detection for wireless edge networks based on federated
learning. IEEE Access, 8:217463–217472, 2020.
[17] W. Y. B. Lim, N. C. Luong, D. T. Hoang, Y. Jiao, Y. C. Liang, Q. Yang,
D. Niyato, and C. Miao. Federated learning in mobile edge networks:
A comprehensive survey. IEEE Communications Surveys Tutorials,
22(3):2031–2063, 2020.
[18] Viraaji Mothukuri, Prachi Khare, Reza M. Parizi, Seyedamin Pouriyeh,
Ali Dehghantanha, and Gautam Srivastava. Federated learning-based
anomaly detection for iot security attacks. IEEE Internet of Things
Journal, pages 1–1, 2021.
[19] Viraaji Mothukuri, Reza M. Parizi, Seyedamin Pouriyeh, Yan Huang,
Ali Dehghantanha, and Gautam Srivastava. A survey on security and
privacy of federated learning. Future Generation Computer Systems,
115:619–640, 2021.
[20] Qiang Yang, Yang Liu, Tianjian Chen, and Yongxin Tong. Federated
machine learning: Concept and applications. ACM Transactions on
Intelligent Systems and Technology (TIST), 10(2):1–19, 2019.
[21] Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone,
H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and
Karn Seth. Practical secure aggregation for federated learning on user-
held data, 2016.
[22] Keith Bonawitz, Hubert Eichner, Wolfgang Grieskamp, Dzmitry Huba,
Alex Ingerman, Vladimir Ivanov, Chloe Kiddon, Jakub Konecny, Ste-
fano Mazzocchi, H. Brendan McMahan, Timon Van Overveldt, David
Petrou, Daniel Ramage, and Jason Roselander. Towards federated
learning at scale: System design, 2019.
[23] E. Hodo, X. Bellekens, A. Hamilton, P. Dubouilh, E. Iorkyase, C. Tach-
tatzis, and R. Atkinson. Threat analysis of iot networks using artificial
neural network intrusion detection system. In 2016 International
Symposium on Networks, Computers and Communications (ISNCC),
pages 1–6, 2016.
[24] M. Ge, X. Fu, N. Syed, Z. Baig, G. Teo, and A. Robles-Kelly. Deep
learning-based intrusion detection for iot networks. In 2019 IEEE
24th Pacific Rim International Symposium on Dependable Computing
(PRDC), pages 256–25609, 2019.
[25] T. D. Nguyen, S. Marchal, M. Miettinen, H. Fereidooni, N. Asokan,
and A. Sadeghi. DÃŔot: A federated self-learning anomaly detection
system for iot. In 2019 IEEE 39th International Conference on
Distributed Computing Systems (ICDCS), pages 756–767, 2019.
[26] R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-
Nemrat, and S. Venkatraman. Deep learning approach for intelligent
intrusion detection system. IEEE Access, 7:41525–41550, 2019.
[27] Ruijie Zhao, Yue Yin, Yong Shi, and Zhi Xue. Intelligent intrusion
detection based on federated learning aided long short-term memory.
Physical Communication, 42:101157, 2020.
[28] Yi Liu, Sahil Garg, Jiangtian Nie, Yang Zhang, Zehui Xiong, Jiawen
Kang, and M Shamim Hossain. Deep anomaly detection for time-
series data in industrial iot: A communication-efficient on-device
federated learning approach. IEEE Internet of Things Journal, 2020.
[29] Seyedali Mirjalili, Seyed Mohammad Mirjalili, and Andrew Lewis.
Grey wolf optimizer. Advances in engineering software, 69:46–61,
2014.
[30] Cha Zhang and Yunqian Ma. Ensemble machine learning: methods
and applications. Springer, 2012.
[31] H. Haddadpajouh, A. Mohtadi, A. Dehghantanaha, H. Karimipour,
X. Lin, and K. K. R. Choo. A multi-kernel and meta-heuristic feature
selection approach for iot malware threat hunting in the edge layer.
IEEE Internet of Things Journal, pages 1–1, 2020.
[32] Alexander Ziller, Andrew Trask, Antonio Lopardo, Benjamin

12 VOLUME 4, 2016

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
 This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2021.3107337, IEEE Access

DINESH CHOWDARY ATTOTA has received

his Bachelor of Technology degree in Computer
Science from Jawaharlal Nehru Technological
University Kakinada, India in 2018. He is cur-
rently pursuing his master’s program in Computer
Science and working as a Research Assistant in
Decentralized Science Lab (dSL) at Kennesaw
State University, GA, USA. His research interests
are Machine Learning, IoT security, and Computer
Vision.

VIRAAJI MOTHUKURI is a Research Assistant

in the College of Computing and Software En-
gineering (CCSE) at Kennesaw State University
GA, USA. She has several years of experience in
Java and middleware technologies working with
WIPRO and JP Morgan companies. Her research
interests include Machine Learning, Hyperledger
Fabric, Blockchain systems, and Decentralized
Applications. She has a professional certification
in Machine Learning to her credit.

REZA M. PARIZI (Senior Member, IEEE) re-

ceived the B.Sc. and M.Sc. degrees in Computer
Science in 2005 and 2008, respectively, and the
Ph.D. degree in Software Engineering in 2012. He
is the director of Decentralized Science Lab (dSL)
at Kennesaw State University, GA, USA. He is
a consummate AI technologist and cybersecurity
researcher with an entrepreneurial spirit. He is
a senior member of the IEEE, IEEE Blockchain
Community, and ACM. Prior to joining KSU, he
was a faculty at the New York Institute of Technology. His research interests
are R&D in decentralized AI, cybersecurity, blockchain systems, smart
contracts, and emerging issues in the practice of secure software-run world
applications.

SEYEDAMIN POURIYEH is an Assistant Pro-

fessor of Information Technology at Kennesaw
State University, GA, USA. He received an M.Sc.
in Information Technology Engineering from Shi-
raz University and his Ph.D. in Computer Science
from the University of Georgia in 2009 and 2018,
respectively. His primary research interests span
Federated Machine Learning, Blockchain, and Cy-
ber Security.

VOLUME 4, 2016 13

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/