{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T02:31:35Z","timestamp":1771468295008,"version":"3.50.1"},"reference-count":43,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T00:00:00Z","timestamp":1760659200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"KAU Endowment (WAQF) at king Abdulaziz University"},{"name":"WAQF"},{"name":"Deanship of Scientific Research"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"Botnet attacks on Internet of Things (IoT) devices are escalating at the 5G\/6G multi-access edge, yet most federated learning frameworks for IoT malware detection (FL-IMD) still hinge on a central aggregator, enlarging the attack surface, weakening privacy, and creating a single point of failure. We propose a two-tier, fully decentralized FL architecture aligned with MEC\u2019s Proximal Edge Server (PES)\/Supplementary Edge Server (SES) hierarchy. PES nodes train locally and encrypt updates with the Cheon\u2013Kim\u2013Kim\u2013Song (CKKS) scheme; SES nodes verify ECDSA-signed provenance, homomorphically aggregate ciphertexts, and finalize each round via an Algorand-style committee that writes a compact, tamper-evident record (update digests\/URIs and a global-model hash) to an append-only ledger. Using the N-BaIoT benchmark with an unsupervised autoencoder, we evaluate known-device and leave-one-device-out regimes against a classical centralized baseline and a cryptographically hardened but server-centric variant. With the heavier CKKS profile, attack sensitivity is preserved (TPR \u22650.99), and specificity (TNR) declines by only 0.20 percentage points relative to plaintext in both regimes; a lighter profile maintains TPR while trading 3.5\u20134.8 percentage points of TNR for about 71% smaller payloads. Decentralization adds only a negligible per-round overhead for committee finality, while homomorphic aggregation dominates latency. Overall, our FL-IMD design removes the trusted aggregator and provides verifiable, ledger-backed provenance suitable for trustless MEC deployments.<\/jats:p>","DOI":"10.3390\/fi17100475","type":"journal-article","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T14:29:17Z","timestamp":1760711357000},"page":"475","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Decentralized Federated Learning for IoT Malware Detection at the Multi-Access Edge: A Two-Tier, Privacy-Preserving Design"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7639-7281","authenticated-orcid":false,"given":"Mohammed","family":"Asiri","sequence":"first","affiliation":[{"name":"Department of Computer Science, King Abdulaziz University, Jeddah 21589, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1287-1634","authenticated-orcid":false,"given":"Maher A.","family":"Khemakhem","sequence":"additional","affiliation":[{"name":"Department of Computer Science, King Abdulaziz University, Jeddah 21589, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7940-059X","authenticated-orcid":false,"given":"Reemah M.","family":"Alhebshi","sequence":"additional","affiliation":[{"name":"Department of Computer Science, King Abdulaziz University, Jeddah 21589, Saudi Arabia"}]},{"given":"Bassma S.","family":"Alsulami","sequence":"additional","affiliation":[{"name":"Department of Computer Science, King Abdulaziz University, Jeddah 21589, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3987-9051","authenticated-orcid":false,"given":"Fathy E.","family":"Eassa","sequence":"additional","affiliation":[{"name":"Department of Computer Science, King Abdulaziz University, Jeddah 21589, Saudi Arabia"}]}],"member":"1968","published-online":{"date-parts":[[2025,10,17]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Coston, I., Plotnizky, E., and Nojoumian, M. (2025). Comprehensive Study of IoT Vulnerabilities and Countermeasures. Appl. Sci., 15.","DOI":"10.3390\/app15063036"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"554","DOI":"10.1109\/OJCS.2025.3563619","article-title":"Security Orchestration in 5G and Beyond Smart Network Technologies","volume":"6","author":"Batewela","year":"2025","journal-title":"IEEE Open J. Comput. Soc."},{"key":"ref_3","unstructured":"SonicWall Inc (2025, July 13). 2025 SonicWall Cyber Threat Report: Executive Summary. Available online: https:\/\/www.sonicwall.com\/resources\/white-papers\/executive-summary-2025-sonicwall-cyber-threat-report."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1428","DOI":"10.1109\/JIOT.2024.3490897","article-title":"A Survey of DDoS Attack and Defense Technologies in Multiaccess Edge Computing","volume":"12","author":"Ma","year":"2025","journal-title":"IEEE Internet Things J."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"10937","DOI":"10.1109\/JIOT.2023.3328595","article-title":"Cost and delay-aware service replication for scalable mobile edge computing","volume":"11","author":"Mohamed","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"4547","DOI":"10.1109\/JIOT.2018.2878718","article-title":"Deep PDS-learning for privacy-aware offloading in MEC-enabled IoT","volume":"6","author":"He","year":"2018","journal-title":"IEEE Internet Things J."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Mohamed, S.A., Sorour, S., and Hassanein, H.S. (2020, January 7\u201311). Group-delay aware task offloading with service replication for scalable mobile edge computing. Proceedings of the GLOBECOM 2020\u20142020 IEEE Global Communications Conference, Taipei, Taiwan.","DOI":"10.1109\/GLOBECOM42002.2020.9348241"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"11911","DOI":"10.1109\/TVT.2022.3193887","article-title":"Group delay-aware scalable mobile edge computing using service replication","volume":"71","author":"Mohamed","year":"2022","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"4903","DOI":"10.1007\/s11276-021-02776-y","article-title":"Multi-edge collaborative offloading and energy threshold-based task migration in mobile edge computing environment","volume":"27","author":"Li","year":"2021","journal-title":"Wirel. Netw."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Mohamed, S.A., Sorour, S., Elsayed, S.A., and Hassanein, H.S. (2024). Profitable and Scalable MEC: Reputation-Based Service Replication via Stackelberg Game. IEEE Internet Things J.","DOI":"10.1109\/JIOT.2024.3484410"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"3753","DOI":"10.1007\/s10586-022-03776-z","article-title":"Internet of Things intrusion detection systems: A comprehensive review and future directions","volume":"26","author":"Heidari","year":"2023","journal-title":"Clust. Comput."},{"key":"ref_12","first-page":"823","article-title":"Anomaly-Based Intrusion Detection Model Using Deep Learning for IoT Networks","volume":"141","author":"Alsoufi","year":"2024","journal-title":"Comput. Model. Eng. Sci."},{"key":"ref_13","unstructured":"McMahan, B., Moore, E., Ramage, D., Hampson, S., and Ag\u00fcera y Arcas, B. (2017, January 20\u201322). Communication-efficient learning of deep networks from decentralized data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS 2017), Fort Lauderdale, FL, USA. Available online: https:\/\/proceedings.mlr.press\/v54\/mcmahan17a.html."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"108693","DOI":"10.1016\/j.comnet.2021.108693","article-title":"Federated learning for malware detection in IoT devices","volume":"204","author":"Rey","year":"2022","journal-title":"Comput. Netw."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"3930","DOI":"10.1109\/JIOT.2021.3100755","article-title":"Federated deep learning for zero-day botnet attack detection in IoT-edge devices","volume":"9","author":"Popoola","year":"2021","journal-title":"IEEE Internet Things J."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"12","DOI":"10.1109\/MPRV.2018.03367731","article-title":"N-baiot\u2014Network-based detection of iot botnet attacks using deep autoencoders","volume":"17","author":"Meidan","year":"2018","journal-title":"IEEE Pervasive Comput."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Wardana, A.A., Sukarno, P., and Salman, M. (2024, January 1\u20133). Collaborative botnet detection in heterogeneous devices of Internet of Things using federated deep learning. Proceedings of the 2024 13th International Conference on Software and Computer Applications (ICSCA 2024), Bali Island, Indonesia.","DOI":"10.1145\/3651781.3651825"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Asiri, M., Khemakhem, M.A., Alhebshi, R.M., Alsulami, B.S., and Eassa, F.E. (2025). Rpfl: A reliable and privacy-preserving framework for federated learning-based iot malware detection. Electronics, 14.","DOI":"10.3390\/electronics14061089"},{"key":"ref_19","first-page":"100263","article-title":"Federated IoT attack detection using decentralized edge data","volume":"8","author":"Regan","year":"2022","journal-title":"Mach. Learn. Appl."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.future.2023.10.013","article-title":"Federatedtrust: A solution for trustworthy federated learning","volume":"152","author":"Xie","year":"2024","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"182","DOI":"10.1016\/j.future.2023.10.005","article-title":"Personalized federated learning-based intrusion detection system: Poisoning attack and defense","volume":"153","author":"Thein","year":"2024","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_22","first-page":"50","article-title":"Federated learning: Challenges, methods, and future directions","volume":"37","author":"Li","year":"2020","journal-title":"IEEE Signal Process. Mag."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"100595","DOI":"10.1016\/j.cosrev.2023.100595","article-title":"Asynchronous federated learning on heterogeneous devices: A survey","volume":"50","author":"Xu","year":"2023","journal-title":"Comput. Sci. Rev."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"3347","DOI":"10.1109\/TKDE.2021.3124599","article-title":"A survey on federated learning systems: Vision, hype and reality for data privacy and protection","volume":"35","author":"Li","year":"2023","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"409","DOI":"10.1007\/978-3-319-70694-8_15","article-title":"Homomorphic encryption for arithmetic of approximate numbers","volume":"Volume 10624","author":"Takagi","year":"2017","journal-title":"Advances in Cryptology\u2014ASIACRYPT 2017"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"15098","DOI":"10.1007\/s11227-023-05233-z","article-title":"A survey on implementations of homomorphic encryption schemes","volume":"79","author":"Doan","year":"2023","journal-title":"J. Supercomput."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Lauter, K., Dai, W., and Laine, K. (2021). Homomorphic encryption standard. Protecting Privacy Through Homomorphic Encryption, Springer International Publishing.","DOI":"10.1007\/978-3-030-77287-1"},{"key":"ref_28","unstructured":"Benaissa, A., Retiat, B., Cebere, B., and Belfedhal, A.E. (2021). TenSEAL: A library for encrypted tensor operations using homomorphic encryption. arXiv."},{"key":"ref_29","unstructured":"Pornin, T. (2025, October 13). Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA). Request for Comments 6979, Internet Engineering Task Force. Available online: https:\/\/www.rfc-editor.org\/info\/rfc6979."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Gilad, Y., Hemo, R., Micali, S., Vlachos, G., and Zeldovich, N. (2017, January 28\u201331). Algorand: Scaling Byzantine agreements for cryptocurrencies. Proceedings of the 26th Symposium on Operating Systems Principles (SOSP 2017), Shanghai, China.","DOI":"10.1145\/3132747.3132757"},{"key":"ref_31","unstructured":"Chen, J., Gorbunov, S., Micali, S., and Vlachos, G. (2018). Algorand Agreement: Super Fast and Partition Resilient Byzantine Agreement. Cryptol. ePrint Arch, Available online: https:\/\/eprint.iacr.org\/2018\/377."},{"key":"ref_32","unstructured":"Beutel, D.J., Topal, T., Mathur, A., Qiu, X., Fernandez-Marques, J., Gao, Y., Sani, L., Li, K.H., Parcollet, T., and de Gusm\u00e3o, P.P.B. (2020). Flower: A friendly federated learning research framework. arXiv."},{"key":"ref_33","unstructured":"Paszke, A., Gross, S., Massa, F., Lerer, A., Bradbury, J., Chanan, G., Killeen, T., Lin, Z., Gimelshein, N., and Antiga, L. (2019, January 8\u201314). PyTorch: An imperative style, high-performance deep learning library. Proceedings of the Advances in Neural Information Processing Systems, Vancouver, BC, Canada."},{"key":"ref_34","unstructured":"(2025, July 30). Algorand Sandbox, Available online: https:\/\/github.com\/algorand\/sandbox."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"116974","DOI":"10.1109\/ACCESS.2020.3001277","article-title":"A survey of multi-access edge computing in 5G and beyond: Fundamentals, technology integration, and state-of-the-art","volume":"8","author":"Pham","year":"2020","journal-title":"IEEE Access"},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"1657","DOI":"10.1109\/COMST.2017.2705720","article-title":"On multi-access edge computing: A survey of the emerging 5G network edge cloud architecture and orchestration","volume":"19","author":"Taleb","year":"2017","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"587","DOI":"10.1007\/978-3-030-77870-5_21","article-title":"Efficient bootstrapping for approximate homomorphic encryption with non-sparse keys","volume":"Volume 12696","author":"Canteaut","year":"2021","journal-title":"Advances in Cryptology\u2014EUROCRYPT 2021"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"300","DOI":"10.1007\/978-3-031-34127-4_29","article-title":"An overview of modern fully homomorphic encryption schemes","volume":"Volume 702","author":"Alikhanov","year":"2023","journal-title":"Current Problems in Applied Mathematics and Computer Science and Systems"},{"key":"ref_39","unstructured":"Adap (2025, October 13). Flower: A Friendly Federated Learning Research Framework. Available online: https:\/\/github.com\/adap\/flower."},{"key":"ref_40","unstructured":"(2023). Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186-5 (Standard No. FIPS 186-5)."},{"key":"ref_41","unstructured":"Barker, E. (2020). Recommendation for Key Management: Part 1\u2013General, National Institute of Standards and Technology. NIST Special Publication 800-57 Part 1, Rev. 5."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"100530","DOI":"10.1016\/j.cosrev.2022.100530","article-title":"Elliptic Curve Cryptography; Applications, challenges, recent advances, and future trends: A comprehensive survey","volume":"47","author":"Ullah","year":"2023","journal-title":"Comput. Sci. Rev."},{"key":"ref_43","unstructured":"(2015). Secure Hash Standard (SHS). Federal Information Processing Standards Publication 180-4 (Standard No. FIPS 180-4)."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/10\/475\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,21]],"date-time":"2025-10-21T04:36:19Z","timestamp":1761021379000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/10\/475"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,17]]},"references-count":43,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2025,10]]}},"alternative-id":["fi17100475"],"URL":"https:\/\/doi.org\/10.3390\/fi17100475","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,17]]}}}