Federated Learning for Privacy-Preserving IoT Intrusion Detection under Extreme Non-IID Conditions

Abstract

The rapid growth of IoT devices has expanded attack surfaces, making intrusion detection critical. Traditional centralized IDS compromise privacy and strain bandwidth by requiring raw data transfer. Federated learning (FL) offers a privacy-by-design solution, enabling collaborative training across IoT clients while sharing only model updates. However, FL is highly sensitive to non-IID data. Extreme heterogeneity, prevalent in real-world IoT IDS datasets due to device-specific traffic patterns and severe class imbalances, causes significant convergence challenges and accuracy degradation. This study benchmarks four advanced FL algorithms (FedAvg, SCAFFOLD, FedYogi, and AdaFedAdam) on the RT-IoT2022 dataset (123,117 samples, 12 attack classes) under extreme nonIID conditions (Dirichlet α = 0.01, average JSD = 0.5677, three heterogeneous clients). Using a multilayer neural network with 10-fold cross-validation nested in the FL loop, SCAFFOLD achieves the most stable performance (Round 100: accuracy 0.7981, F1-score 0.7451, ROC-AUC 0.9396), while FedAvg converges slowly (accuracy 0.6959). FedYogi and AdaFedAdam fail due to gradient starvation and second-moment explosion. Compared to centralized baselines (accuracy up to 1.000), FL incurs a 20% accuracy trade-off, an acceptable cost for enhanced privacy in edge-IoT environments. Contributions include the first validation of SCAFFOLD under extreme non-IID IoT IDS and a reproducible evaluation protocol.