Threats to Internet of Things (IoT) networks are becoming increasingly complex and distributed, challenging the effectiveness of traditional Intrusion Detection Systems (IDS). IDS based on federated learning (FL) offer the ability to train machine learning models among distributed nodes without sharing data, but they are vulnerable to adversarial attacks such as model poisoning. Trust among distributed nodes is also a major challenge. To address these issues, this work presents a lightweight, blockchain-secured distributed IDS for IoT networks. The proposed system combines anomaly-based detection using federated learning, Snort-based signature detection, and host-based log analysis with transformer models. The blockchain is used for immutable logging of model updates and reputation-based trust scores. These updates are linked to unique blockchain identities, and the ledger enforces Sybil-resistant enrollment, allowing only authenticated nodes to contribute valid updates. Evaluation on the CICIDS2017 and HDFS datasets shows that the proposed approach achieves detection accuracy near 98.8% for federated network traffic analysis and an F1-score of 99.6% for host-based log anomaly detection with BERT-mini-class models. In poisoning experiments using random-weight injection, reputation scoring with L2-norm update filtering mitigates the impact of malicious updates. Experiments are conducted on a hardware testbed using Raspberry Pi and ESP32 devices. Blockchain logging achieved 21.47 TPS with 736 ms average latency on a Raspberry Pi 4. BERT-mini inference achieved ~59 ms average latency (real-time).
Stolz et al. (Tue,) studied this question.