🤖 AI Summary
This study addresses the challenge of detecting security threats in resource-constrained Internet of Medical Things (IoMT) devices under stringent privacy and low-latency constraints. To this end, the authors propose a collaborative defense framework that integrates temporal graph neural networks, digital twins, federated reinforcement learning, and dynamic honeypots. The approach innovatively introduces a digital twin-guided adaptive deception mechanism and combines exponential moving average (EMA)-weighted federated aggregation with a multidimensional state advantage actor-critic (A2C) decision-making module, enabling high-accuracy, interpretable, cross-device defense even under non-independent and identically distributed (non-IID) data settings. Experimental results demonstrate that the method achieves 99.48% and 99.61% accuracy on the CICDDoS 2019 and TON-IoT datasets, respectively, with F1 scores exceeding 0.99 across all attack categories and rapid convergence within 10–25 communication rounds.
📝 Abstract
The rapid proliferation of IoT and IoMT devices introduces critical cybersecurity vulnerabilities in healthcare and industrial environments where resource-constrained devices operate under strict latency and data-privacy regulations. This paper presents the Federated Temporal Graph Convolutional Network with Advantage Actor-Critic (Federated TGCN-A2C), a privacy-preserving defense architecture integrating four mechanisms: a PyG-based Temporal GCN using GCNConv layers with global mean pooling and a learned anomaly gate for flow-level threat classification; LSTM-based Digital Twins generating per-device anomaly scores gating the classifier via learned sigmoid coupling; a Federated A2C agent selecting among ALLOW, ISOLATE, and HONEYPOT-REDIRECT actions based on a seven-dimensional state capturing confidence, entropy, anomaly magnitude, and traffic composition; and an enhanced honeypot layer converting suspicious traffic into threat intelligence with adaptive thresholds. Federated aggregation employs EMA-smoothed per-client validation losses as inverse-weighted FedAvg coefficients to stabilize global model updates under non-IID distributions, with cosine-annealed learning rates per round. Evaluated on CICDDoS 2019 and TON-IoT benchmarks, the framework achieves 99.48% and 99.61% test accuracy with weighted-F1 scores of 0.9948 and 0.9961, converging within 25 and 10 federated rounds, outperforming Fed-Inforce-Fusion by 0.21 percentage points while covering three additional attack categories. All sixteen CICDDoS 2019 classes achieve F1 of at least 0.9237 and all ten TON-IoT classes achieve F1 of at least 0.9488, including the severely imbalanced MITM category. Post-hoc explainability via SHAP, LIME, Grad-CAM, and counterfactual analysis confirms decisions are grounded in semantically meaningful flow features, supporting regulatory accountability in clinical deployments.