Table 2 Federated data partitioning schemes.
From: Dataset-centric evaluation of federated intrusion detection models in IoT networks
Dataset | Clients | Partition strategy | Data distribution characteristics |
|---|---|---|---|
Edge-IIoTset | 6 | By device/application type (each client has traffic from certain IoT/IIoT devices and associated attacks) | Moderate non-i.i.d.: some attack types appear only on specific clients (e.g., Client A might see mostly industrial-related attacks, Client B sees home IoT attacks). |
CIC-IoT2023 | 10 | By groups of IoT devices (approximately 10 devices per client) | Moderate non-i.i.d.: all attack classes present overall, but distribution varies: e.g., one client may contain more DDoS attacks if those targeted its device group heavily, another client might have more web attacks, etc |
TII-SSRC-23 | 5 | Random flow partition (each client gets a mix of all traffic types) | Nearly i.i.d.: each client receives a stratified sample of benign and all 26 attack subtypes. Minor statistical differences exist but largely balanced |
Combined | 3 | Each client is an entire dataset (Client1 =Edge, Client2=CIC, Client3=TII) | Highly non-i.i.d.: completely different distributions per client (different feature scaling, attack mixtures, class definitions) |
