cs.LGcs.CRcs.DCcs.NI
CLAD: A Clustered Label-Agnostic Federated Learning Framework for Joint Anomaly Detection and Attack Classification
May 7, 2026
CLAD is a federated learning framework that jointly performs anomaly detection and attack classification in heterogeneous IoT environments by combining clustered learning with a dual-mode architecture, significantly improving performance with minimal communication overhead.
The rapid expansion of the Internet of Things (IoT) and Industrial IoT (IIoT) has created a massive, heterogeneous attack surface that challenges traditional network security mechanisms. While Federated Learning (FL) offers a privacy-preserving alternative to centralized Intrusion Detection Systems (IDS), standard approaches struggle to generalize across diverse device behaviors and typically fail to utilize the vast amounts of unlabeled data present in realistic edge environments. To bridge these gaps, we propose CLAD, a holistic framework that seamlessly incorporates Clustered Federated Learning (CFL) with a novel Dual-Mode Micro-Architecture ($\text{DM}^2\text{A}$). This unified approach simultaneously tackles the two primary bottlenecks of IoT security: device heterogeneity and label scarcity. The $\text{DM}^2\text{A}$ component features a shared encoder followed by two branches, enabling joint unsupervised anomaly detection and supervised attack classification; this allows the framework to harvest intelligence from both labeled and unlabeled clients. Concurrently, the clustering component dynamically groups devices with congruent traffic patterns, preventing global model divergence. By carefully combining these elements, CLAD ensures that no data is discarded and distinct operational patterns are preserved. Extensive evaluations demonstrate that this integrated approach significantly outperforms state-of-the-art baselines, achieving a 30% relative improvement in detection performance in scenarios with 80% unlabeled clients, with only half the communication cost.
In-network Attack Detection with Federated Deep Learning in IoT Networks: Real Implementation and An…
This paper proposes and evaluates a federated deep learning framework using auto…
Towards Securing IIoT: An Innovative Privacy-Preserving Anomaly Detector Based on Federated Learning
The paper proposes a novel Federated Learning framework combined with Homomorphi…
Robust Semi-Supervised Temporal Intrusion Detection for Adversarial Cloud Networks
The paper proposes a robust semi-supervised temporal learning framework for clou…
MA-IDS: Multi-Agent RAG Framework for IoT Network Intrusion Detection with an Experience Library
MA-IDS proposes a Multi-Agent RAG framework that uses LLMs and a self-building E…
Mitigating Backdoor Attacks in Federated Learning Using PPA and MiniMax Game Theory
The paper proposes FedBBA, a robust defense mechanism combining reputation syste…
Toward a Multi-Layer ML-Based Security Framework for Industrial IoT
This paper proposes a lightweight, multi-layer Machine Learning-based security f…
An Explainable Federated Framework for Zero Trust Micro-Segmentation in IIoT Networks
The paper proposes EFAH-ZTM, an explainable federated framework that uses hyperg…
Explainable Threat Attribution for IoT Networks Using Conditional SHAP and Flow Behavior Modelling
This paper proposes an explainable threat attribution system for IoT networks th…