Diferentially Private Federated Learning for Anomaly Detection in eHealth Networks Ana Cholakoska ∗ Ss. Cyril and Methodius University Faculty of Electrical Engineering and Information Technologies Skopje, North Macedonia acholak@feit.ukim.edu.mk Bjarne Pftzner ∗ Hasso Plattner Institute Digital Health Ð Connected Healthcare Potsdam, Germany bjarne.pftzner@hpi.de Hristijan Gjoreski Ss. Cyril and Methodius University Faculty of Electrical Engineering and Information Technologies Skopje, North Macedonia hristijang@feit.ukim.edu.mk Valentin Rakovic Ss. Cyril and Methodius University Faculty of Electrical Engineering and Information Technologies Skopje, North Macedonia valentin@feit.ukim.edu.mk Bert Arnrich Hasso Plattner Institute Digital Health Ð Connected Healthcare Potsdam, Germany bert.arnrich@hpi.de Marija Kalendar Ss. Cyril and Methodius University Faculty of Electrical Engineering and Information Technologies Skopje, North Macedonia marijaka@feit.ukim.edu.mk ABSTRACT Increasing number of ubiquitous devices are being used in the med- ical feld to collect patient information. Those connected sensors can potentially be exploited by third parties who want to misuse personal information and compromise the security, which could ultimately result even in patient death. This paper addresses the se- curity concerns in eHealth networks and suggests a new approach to dealing with anomalies. In particular we propose a concept for safe in-hospital learning from internet of health things (IoHT) de- vice data while securing the network trafc with a collaboratively trained anomaly detection system using federated learning. That way, real time trafc anomaly detection is achieved, while maintain- ing collaboration between hospitals and keeping local data secure and private. Since not only the network metadata, but also the ac- tual medical data is relevant to anomaly detection, we propose to use diferential privacy (DP) for providing formal guarantees of the privacy spending accumulated during the federated learning. CCS CONCEPTS · Security and privacy → Intrusion detection systems; · Ap- plied computing → Health care information systems; · Comput- ing methodologies → Anomaly detection; Distributed artifcial intelligence. KEYWORDS anomaly detection, federated learning, eHealth ∗ Both authors contributed equally to this research. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for proft or commercial advantage and that copies bear this notice and the full citation on the frst page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specifc permission and/or a fee. Request permissions from permissions@acm.org. UbiComp ’21, September 21ś26, 2021, All Over the World © 2021 Copyright held by the owner/author(s). Publication rights licensed to ACM. ACM ISBN 978-1-4503-8461-2/21/09. . . $15.00 https://doi.org/10.1145/3460418.3479365 ACM Reference Format: Ana Cholakoska, Bjarne Pftzner, Hristijan Gjoreski, Valentin Rakovic, Bert Arnrich, and Marija Kalendar. 2021. Diferentially Private Federated Learn- ing for Anomaly Detection in eHealth Networks. In Proceedings of ACM International Joint Conference on Pervasive and Ubiquitous Computing. ACM, New York, NY, USA, 5 pages. https://doi.org/10.1145/3460418.3479365 1 INTRODUCTION The rapid development of the internet of things (IoT) leads to a variety of applications in society, enabling simplifcation and im- provement of the quality of life of end-users. This is also the case with mobile and eHealth, where human health and well-being come frst. With the help of various sensors for monitoring the human body, the possibilities for diagnosis, early prevention, treatment and administration of drugs are becoming faster and easier [15]. Also, mobile devices and smartwatches with accelerometers and pulse oximeters today play a key role in the remote monitoring of patients and health evaluation of regular people (fall detection, etc.) [8]. However, such devices also have their drawbacks. Due to the heterogeneity of sensors and technologies used in the transmission of data in eHealth environments, the risk of violating the privacy of patients’ data and their electronic health records increases. Net- worked devices can be turned of, reconfgured or reprogrammed, which could put patients at risk or have catastrophic consequences on their health [22]. For instance, it was shown that malware could be deployed to pacemakers or insulin pumps [3, 18] that could quickly result in the patient’s death. In order to preserve the safety of patients and their data, new and improved ways are being sought to detect such anomalies in real-time so that timely responses can be made. Because we are considering protecting IoT networks, the traditional network in- trusion detection system (NIDS) that exist cannot fully cope with the new attacks that are taking place. Machine learning (ML) has already shown high efcacy in detecting anomalies. Recently, fed- erated learning is emerging as a promising new variant that can signifcantly improve the time to detect and deal with such anom- alies without compromising patient data. Hospitals can keep their 514