ORIGINAL RESEARCH article
Front. Artif. Intell.
Sec. Machine Learning and Artificial Intelligence
Structural Impact of Non-IID Heterogeneity on Federated Behavioral Anomaly Detection in IoT and IoMT Systems
- JR
jorge Robalino-Díaz 1
- AC
Alejandro Cabrera-Andrade 1
- SL
Sergio Luján-Mora 2
- WV
William Villegas 1
1. University of the Americas, Quito, Ecuador
2. Universitat d'Alacant, San Vicente del Raspeig, Spain
Select one of your emails
You have multiple emails registered with Frontiers:
Notify me on publication
Please enter your email address:
If you already have an account, please login
You don't have a Frontiers account ? You can register here
Abstract
The expansion of Internet of Things (IoT) and Internet of Medical Things (IoMT) infrastructures has increased the generation of multivariate sensor streams that reflect complex operational behaviors in industrial and clinical environments. Centralized anomaly detection approaches face limitations in IoMT due to privacy constraints, latency, and device heterogeneity. Federated learning (FL) enables distributed model training without data centralization; however, its behavior under highly non-Independent and Identically Distributed (non-IID) conditions remains insufficiently understood. This study proposes a trace-level behavioral modeling approach combined with federated training via FedAvg to analyze the impact of non-IID heterogeneity on anomaly detection. An Integrated Hybrid Dataset (IHD) comprising 71,980 behavioral traces, with 22,698 used for evaluation, was constructed from Edge-IIoTset, TON IoT, and IoMT data. The centralized model achieved F1 = 0.981 and Recall = 0.993, while the federated model preserved discriminative capacity (AUC-ROC = 0.995) but reduced Recall to 0.530. Degradation is concentrated in IoMT (Recall = 0.290), with increased Brier Score and Expected Calibration Error, showing that preserved discrimination does not ensure operational effectiveness.
Summary
Keywords
artificial intelligence, Behavioral anomaly detection, explainable artificial intelligence (XAI), Federated learning, IoMT security
Received
07 March 2026
Accepted
22 May 2026
Copyright
© 2026 Robalino-Díaz, Cabrera-Andrade, Luján-Mora and Villegas. This is an open-access article distributed under the terms of the Creative Commons Attribution License (CC BY). The use, distribution or reproduction in other forums is permitted, provided the original author(s) or licensor are credited and that the original publication in this journal is cited, in accordance with accepted academic practice. No use, distribution or reproduction is permitted which does not comply with these terms.
*Correspondence: William Villegas
Disclaimer
All claims expressed in this article are solely those of the authors and do not necessarily represent those of their affiliated organizations, or those of the publisher, the editors and the reviewers. Any product that may be evaluated in this article or claim that may be made by its manufacturer is not guaranteed or endorsed by the publisher.