Loading...

Federated Learning based Network Intrusion Detection for Industrial Cyber-Physical Systems

Dashtabadi, Hamid Reza | 2025

0 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 58412 (05)
  4. University: Sharif University of Technology
  5. Department: Electrical Engineering
  6. Advisor(s): Ahmadi, Siavash
  7. Abstract:
  8. The increasing integration of modern network infrastructure into industrial control systems elevates the need for robust cyber intrusion detection for industrial protocols. Unsupervised, anomaly-based machine learning methods are particularly well-suited for this task, as they can identify novel attacks by learning a model of normal network behavior without requiring access to scarce attack samples. While techniques like autoencoders, which use reconstruction error to flag deviations, can be effective, their application is often hindered by practical challenges, such as regulatory constraints and the large volumes of data that prohibit the centralized collection required for training. Federated learning offers a solution by distributing the training process to local clients and aggregating only the resulting model parameters, thus preserving data privacy and locality. This thesis proposes an anomaly-based intrusion detection framework built on federated learning. Using the CIC-Modbus2023 dataset, which comprises raw Modbus traffic from a smart grid, we systematically extract and label network flows based on attack logs. We then train and evaluate several autoencoder variants—including standard, variational and adversarial autoencoders—within this federated setting. Our results demonstrate strong performance in detecting malicious activities, highlighting the framework's potential as a promising approach for mitigating threats against the Modbus protocol without centralized data access. The code is available at
  9. Keywords:
  10. Industrial Network ; Intrusion Detection System ; Federated Deep Learning ; Raw Network Traffic Preprocessing ; Autoencoder Models ; Industrial Network Intrusion Detection

 Digital Object List

 Bookmark

No TOC