Anomaly detection for the Internet of Things (IoT) is a very important topic in the context of cyber-security. Indeed, as the pervasiveness of this technology is increasing, so is the number of threats and attacks targeting smart objects and their interactions. Behavioral fingerprinting has gained attention from researchers in this domain as it represents a novel strategy to model object interactions and assess their correctness and honesty. Still, there exist challenges in terms of the performance of such AI-based solutions. The main reasons can be alleged to scalability, privacy, and limitations on adopted Machine Learning algorithms. Indeed, in classical distributed fingerprinting approaches, an object models the behavior of a target contact by exploiting only the information coming from the direct interaction with it, which represents a very limited view of the target because it does not consider services and messages exchanged with other neighbors. On the other hand, building a global model of a target node behavior leveraging the information coming from the interactions with its neighbors, may lead to critical privacy concerns. To face this issue, the strategy proposed in this paper exploits Federated Learning to compute a global behavioral fingerprinting model for a target object, by analyzing its interactions with different peers in the network. Our solution allows the training of such models in a distributed way by relying also on a secure delegation strategy to involve less capable nodes in IoT. Moreover, through homomorphic encryption and Blockchain technology, our approach guarantees the privacy of both the target object and the different workers, as well as the robustness of the strategy in the presence of attacks. All these features lead to a secure fully privacy-preserving solution whose robustness, correctness, and performance are evaluated in this paper using a detailed security analysis and an extensive experimental campaign. Finally, the performance of our model is very satisfactory, as it consistently discriminates between normal and anomalous behaviors across all evaluated test sets, achieving an average accuracy value of 0.85.

物联网 (IoT) 异常检测是网络安全背景下的一个非常重要的主题。事实上，随着这项技术的普及，针对智能对象​​及其交互的威胁和攻击的数量也在增加。行为指纹识别引起了该领域研究人员的关注，因为它代表了一种建模对象交互并评估其正确性和诚实性的新颖策略。尽管如此，此类基于人工智能的解决方案的性能仍然存在挑战。主要原因可以归结为可扩展性、隐私性以及所采用的机器学习算法的限制。事实上，在经典的分布式指纹识别方法中，对象通过仅利用来自与其直接交互的信息来模拟目标联系人的行为，这代表了目标的非常有限的视图，因为它不考虑与其他对象交换的服务和消息。邻居。另一方面，利用与邻居交互的信息构建目标节点行为的全局模型可能会导致严重的隐私问题。为了面对这个问题，本文提出的策略利用联邦学习通过分析目标对象与网络中不同对等点的交互来计算目标对象的全局行为指纹模型。我们的解决方案允许以分布式方式训练此类模型，同时还依靠安全委托策略来涉及物联网中能力较差的节点。此外，通过同态加密和区块链技术，我们的方法保证了目标对象和不同工作人员的隐私，以及在存在攻击时策略的鲁棒性。所有这些功能形成了一个安全、完全保护隐私的解决方案，本文使用详细的安全分析和广泛的实验活动来评估其鲁棒性、正确性和性能。最后，我们的模型的性能非常令人满意，因为它在所有评估的测试集中始终区分正常行为和异常行为，实现了 0.85 的平均准确度值。