Federated Learning-Enabled Zero-Day DDoS Attack Detection Scheme in Healthcare 4.0

Distributed denial -of -service (DDoS) attacks are a constant threat to the security of healthcare systems, which are vulnerable due to a lack of cyber threat intelligence and insufficient cyber threat penetration testing skills. Zero -day attacks generate unexpected traffic anomaly for malware injection in local network devices and thus require more frequent analysis for early detection. Several federated learning (FL) aggregation methods implemented lack measures for frequent model raining with reduced CPU consumption. In this paper, we have proposed a digital twin and federated learning -enabled secure auditing (DTFL-Audit) scheme for zero -day attack detection in the healthcare environment. We have designed a third -party security auditor using digital twins to analyze network anomalies for hospitals lacking the required cybersecurity penetration skills. A DT is designed with the consent of each hospital, and their ownership is recorded in blockchain. A score -ofacceptance (SoA) method is designed in the FL model to enable the security auditor to modify the model training rounds. There is a tradeoff between a SoA and the accuracy of model training results, allowing local auditors to frequently train models for zero -day attacks with a higher efficiency. The DTFL-Audit scheme is evaluated based on the proposed SoA model's aggregation performance and DDoS attack detection accuracy using the CIC-DDoS 2019 dataset.