Introduction

Technology is changing how we provide effective healthcare, driving an exponential rise in the demand for real-time, secure, cost-effective, and efficient diagnostic, treatment, and palliative services. The advancement of next-generation wireless communications, artificial intelligence (AI), cloud, fog, edge intelligence, and the rise of the Internet of Things (IoT) has created smart healthcare systems. Despite the significant advantages this new data-driven health paradigm has created, it also poses additional and unique cybersecurity considerations. According to the Protenus Breach Barometer, hackers breached 15 million patient records in 2018, nearly triple the number of reported incidents in 2017. In 2020, a ransomware attack on the Florida Orthopedic Institute resulted in the breach of 640,000 patient data records [1].

According to Gartner, cloud-based artificial intelligence grew 500% between 2019 and 2023, making it one of the most popular cloud services. Containers and serverless computing will enable machine learning models to work independently, reducing costs and overhead. However, while edge-enabled healthcare devices improve patient quality of life, create new revenue streams for healthcare providers, and provide more accurate and holistic patient diagnosis, significant privacy concerns over patient data must be overcome. In combination, edge intelligence (EI) and federated learning (FL) offer potential privacy preservation methods that may be applied to patient data.

A smart healthcare system promises to provide low-cost, low latency, secure, location-aware, and energy-efficient data-driven medical systems for diagnosis, management, treatment, and health issue prevention [2]. Emerging smart healthcare systems increasingly require dynamic architectures, charged with transmitting data securely and the development of decision-making models. Such architectures will be designed using an edge computing-based federated learning paradigm. It includes IoT devices for collecting health data and communication protocols, such as IEEE 802.11/WiFi, IEEE 802.15.1/Bluetooth, and IEEE 802.15.4/WPAN, to allow seamless transmission of data to build a secure decision-making model. Privacy preservation in the medical sector focuses on data operations that include secure transmission, patient-sensitive data encryption, and authentication to be effective against attacks. In contrast, edge intelligence can be applied to classification and prediction to get maximum accuracy [2].

Edge-based healthcare Internet of Things frameworks often feature remote monitoring systems that use several smart sensor types to construct diagnostic, sensitive, and preventive healthcare systems. Patients are tracked using dynamic patient monitoring sensors if they are outside of a hospital, office, or other static location. FL is especially appealing for smart healthcare as a new distributed collaborative AI paradigm since it allows several clients (like hospitals) to work together to accomplish AI training without sharing raw patient data. IoT devices in the physical layer generate client data, can convert analog to digital as needed, and are queried or controlled over networks.

Federated learning combined with serverless computing provides a promising approach for implementing smart healthcare systems to improve patient care and treatment outcomes. In this approach, computational resources are pooled together from multiple sources and used to train machine learning models in a distributed manner without needing a centralised server. To protect smart healthcare systems from privacy attacks, an authenticated key agreement is a crucial security measure. Cyber attackers might obtain sensitive information by gathering the identities of the devices while pretending to be part of a true client of federated learning using an edge aggregator, particularly if the devices are installed in some crucial facilities like hospitals [3].

Serverless computing enables user workloads to be executed without respect for the underlying physical and virtual infrastructure. The most popular model for this is the function-as-a-service (FaaS) paradigm. FaaS enables scalable execution of programming operations through cloud-hosted state-free platforms. Users register functions with a cloud provider, and possibly any system or language prerequisites are required to perform each function. By providing the function ID and input arguments to the cloud provider, authorised users can execute that function a single time or multiple times [4]. Users do not need to provision, set up, and operate dedicated servers that would otherwise run continuously and use resources; instead, they merely pay for the computing resources consumed (typically measured in execution time). However, as with commercial providers, these services must be built up and deployed locally, generally on a Kubernetes cluster or managed centrally. As an infrastructure requirement, FaaS functions must also be designed to be relatively stateless.

Research Motivation

A fully trusted central server, as used in traditional federated learning, represents a potential limitation and security threat in implementations with privacy requirements. If there is a security breach in the central server, the entire system and all data will be under privacy threat [5]. A man-in-the-middle (MitM) attack is particularly of great concern in this paradigm during the learning phase, as parameters are passed among clients and servers over the network [6]. Regarding privacy attacks, an attacker can forge a client’s identity by forging the lodging of learning parameters.

The creation and integration of the non-homogeneous data used by IoT devices can limit the effectiveness of federated learning algorithms. Multiple data types being sent at different rates from various geographic locations can limit the utility and model of such algorithms. Combined with changes in the breadth and volumes of data produced, this changes capacity requirements quickly. Such use cases require an adaptable convolution neural network (CNN) model design that can process tabular data and generate gradients to continue the FL training privately. Additional complexities exist, such as new devices becoming active online after dormant periods or changing location during updates. Any paradigm, including edge aggregator, must handle such instances robustly while investigating anomalies.

The primary research motivation of this work is to resolve constraints that prevent serverless computing and FL from being used in the health industry. Based on the literature, several requirements are necessary to consider using these technologies in real-world use cases. These include an adaptable machine learning model capable of processing structured and unstructured data as required and passing gradients as model parameters. Also required is the design and implementation of an adaptable edge intelligence-based federated learning model that can provide efficient ongoing learning continuation. Another requirement for commercial deployment is privacy-preserving and secure device-to-device authentication. A final requirement is the ability to scale based on the number of patients and data produced — this requirement lends itself to the benefits of serverless computing.

Research Contribution

As a solution, a federated edge aggregator method minimises the loss of privacy and the impact of a successful adversary. With this method, edge aggregators minimise the impact if a server privacy breach occurs as they partition data. As a group of edge aggregators perform federated learning for allocated clients until converged iteration and send back to the server a blended parameter, an adversary cannot trace data back to a particular client. By adding Gaussian noise, differential privacy protects data in model parameters from alteration via MiTM attack. Finally, using edge aggregators solves direct manipulation between servers and clients, as they act as intermediaries.

Integrating an edge aggregator at the intermediate level with a conventional FL architecture can secure the privacy of individual clients and that of data [7]. This three-layered architecture comprises the following layers: a top level as the Global Aggregator, an intermediate level as the edge aggregator, and an IoT level as IoT Clients avoid direct manipulation from a central server. In such a framework, the edge aggregator delivers the blended model parameters to a central aggregator after a certain number of iterations. As a result, the global aggregator cannot track sensitive information about a particular user. However, in the current framework, the client layer is relatively static and does not adequately consider efficient privacy management for dynamically moving users with various data types. This research proposes an adaptable three-layered hierarchical privacy-preserving method, SPEI-FL, to operate over a conventional IoT-based FL paradigm. It is designed specifically for use in smart healthcare ecosystems.

The contributions of this paper include the following:

  • The design and implementation of a six-way handshake protocol connects clients and servers securely, expanding on a traditional four-way handshake to include an additional two-way device-to-cluster authentication. This addition allows for a more robust authentication in real-time situations where IoT data collection devices are portable.

  • An adaptable CNN model is the core of the federated learning process in combination with serverless computing processes. In this, we introduce cross entropy as a loss function and stochastic gradient descent (SGD) as an optimizer.

  • The proposal of a serverless privacy edge intelligence-enabled federated learning (SPEI-FL) framework that processes and evaluates both structured and unstructured data of healthcare systems.

We have evaluated the proposed framework’s performance with existing techniques. The results showed stronger data privacy and scalability with durable serverless computing.

The remainder of the paper is organised as follows. The “Background and Related Work” section provides background and related work information on federated learning, IoT, serverless computing, threat models, and authentication protocols. Federated learning at the edge, its thread models, and patient data insertion and deletion during federated learning-related problem formulation are discussed in the “Federated Learning at the Edge” section. The proposed method is described in the “Proposed Framework” section. The “Experiment and Evaluation” section explains our experimental setup and our experimental findings in detail. The article is concluded in the “Conclusion” section.

Background and Related Work

Smart Healthcare Systems Using Serverless Computing

Smart healthcare refers to a health service that uses technology to provide health benefits in an automated and intelligent manner. Examples include IoT integration, wearable technologies, and wireless communication methods to connect patients with dynamic diagnostics and treatment. Smart healthcare benefits individuals, patients, professional services, and healthcare organisations by facilitating data collection, assisting with diagnosis and treatment, and allowing for robust information exchange.

Multiple forms of aggregate personal records relate to individuals’ health. These include electronic health records (EHR), electronic medical records (EMR), and personal health records (PHR) [8]. A person’s electronic health record (EHR) complies with nationally recognised interoperability standards and may be created, managed, and accessed by authorised medical professionals. What differentiates the EHR from the EMR is that it only contains internal information, whereas EMR data may be partially shared with employers, insurance companies, governmental organisations, and patients. A PHR is a person’s electronic health record that complies with internationally accepted interoperability standards, can be accessed from various sources, and is managed, shared, and controlled by the individual to whom it is relevant. Figure 1 shows the overview of the smart healthcare system with an attack scenario.

Fig. 1
figure 1

Overview of SPEI-FL in smart health care system with an attack scenario

Full size image

A recent trend has been to merge data from EHRs, EMRs, and PHRs, allowing for holistic and consistent health approaches [9]. Heart et al. [9] presented the benefits and necessity of such integration, Agfa Healthcare, one of the leading healthcare IT providers in Europe, established a strategic partnership with My Personal Health Record Express Inc. as part of its entry into the market for integrated care, purchasing a 27% equity share of the smaller company.

In [10], an approach is proposed to ensure smart healthcare systems offer a mechanism for patients to verify the legitimacy of the medication they are taking while ensuring that such systems are not abused. Although this approach can be made readily available via smart mobile apps for in-the-moment QR code scanning, the technique alone cannot stop the ingestion of counterfeit or unauthorised medications.

Serverless computing is an emerging cloud computing model where the cloud provider manages the infrastructure required to run and scale applications, and the users only pay for the computing resources used. It is designed to provide fast and secure development and strongly decouple development and infrastructure maintenance. Serverless computing potentially benefits the healthcare industry [11], as with any other industry with elastic data requirements. When applied to smart health solutions, serverless computing allows for rapid and secure IoT deployments. Additionally, serverless computing can make it easier to develop and integrate artificial intelligence and machine learning algorithms into smart healthcare systems, leading to more accurate diagnoses and personalised healthcare recommendations.

The Internet of Things

The Internet of Things (IoT) is the emerging lightweight bridge between the virtual and physical domains. Comprised of sensors, actuators, networking, and computing (often cloud-based), the IoT is changing how we live and interact with physical spaces around us. IoT results from several underpinning technology advances — wireless and mobile networking, cloud, edge computing, small, cheap processors, and AI/ML. The physical components, communication between components that enables data exchange and collection, and data analytics and decision-making skills that elevate a merely “connected” system to a “smart and connected” system are the three defining aspects of IoT-enabled systems [12]. From a smart health perspective, there are many existing and potential future uses for this paradigm — chronic disease management, epidemic surveillance, and control, care for the old and young, and supervision of health and fitness.

Several studies have investigated the use of clustering for adaptable IoT clients. An example of these includes the development of iterative federated clustering algorithm (IFCA) Heterogeneous clients [13]. This work’s results showed that clusters improve compared to randomly scattered clients. Federated learning soft clustering (FLSC) is a combined IFCA + Soft clustering [14] technique in which clients are partitioned into overlapping clusters to achieve higher performance. The zero-knowledge clustering (ZeKoC) adaptable cluster process [15] used clustering as a filtering mechanism to mitigate the adversarial behaviour. The data-decoupling federated learning (DDFL) one-to-many matching [16] method was designed and showed positive outcomes for privacy-preserving resource allocation. GANC was introduced in [17], a process with 149 clients, and the dynamic clustering process Pendigit. This work showed that the clustering-based handover process is 45% faster than the long short-term memory neural network (LSTM). The clustering to address data heterogeneity in the federated learning (CAFL) method introduced in [18] has been shown to lower the cost of communication while guaranteeing effective clustering outcomes. ClusterFL [19] with 184 clients depth of the performance (convergence and accuracy) demonstrates less sensitivity to the additional random noises.

Device-to-Device Authentication

In modern device-to-device (D2D) communication, authentication and encryption are routed through a central server. Although this seems paradoxical, using a central server provides for connection brokering when devices are on different networks [20]. On-device machine learning is made possible via federated learning, but it faces difficulties with security, resilience, and resource optimisation (both computational and communication-related).

These issues must be solved for IoT networks to use federated learning effectively. One can create federated learning protocols based on D2D communication to address concerns with resource limits. Once the D2D linkages are established, the devices are subscribed to the base stations, and while the devices are mobile, the intermediate devices communicate via the Base Station [21, 22]. When using cellular networks, improved D2D connections are available to lessen congestion. Device-to-device, a big data platform created by Wang et al. [23], accurately offered content to users, successfully discharged intelligently for operators, and effectively promoted the use of wireless networks amongst users to achieve D2D communication.

Federated Learning at the Edge

Federated learning focuses on the challenge of mapping input data \(I_i\) to output labels \(O_i\) in traditional machine learning. \((p, p+1)\) are the pair size of the input–output \(\left( I_i, O_i\right) \). Federated learning aims to optimise using the following objective function for the loss function \(F_i(L)\), which measures how well a model predicts its sample using model L. The minimum f(L), where

$$\begin{aligned} \begin{aligned} f(L)=\frac{1}{p} \sum _{i=1}^p f\left( X_i Y_i L\right) \end{aligned} \end{aligned}$$
(1)

And

$$\begin{aligned} \begin{aligned} f(L)=\frac{1}{p} F_i L \end{aligned} \end{aligned}$$
(2)

The objective function must be modified because the training data are dispersed over numerous remote clients, much like in federated learning. When client C receives a partition from the entire dataset D, it is called |Dc|. Each of the C clients taking part in the federated learning holds a data sample

$$\begin{aligned} \begin{aligned} pC = |Dc| \end{aligned} \end{aligned}$$
(3)
$$\begin{aligned} \begin{aligned} f(L)=\sum _{i=1}^k \frac{p k}{p} P k(L) \end{aligned} \end{aligned}$$
(4)
$$\begin{aligned} \begin{aligned} P k(L)=\frac{1}{P k} \sum _{i=1}^k F_i L \end{aligned} \end{aligned}$$
(5)

The model for each client is updated using local data and trained for local epochs. P represents the weight of the dataset on the \(k-th\) client. L, a client model, therefore, acquires alterations and transmits them to the server. The server calculates the weighted average of client updates for the subsequent training cycle based on the sample size. Here, fed averaging will have finished one round globally federated. We use FedAvg because it is commonly used for aggregation in federated learning (FL) and requires less communication overhead than other complex FedProx or SCAFFOLD algorithms. It is robust and can work reasonably well across different settings and datasets without extensive tuning. So, in our model, the requirements and constraints of the FL application, FedAvg is more compatible than others. Local epoch training is used to lower communication costs on the client’s side because it would be expensive to send each client’s gradient update for each round of training.

Threat Model for Federated Edge Aggregators

Edge computing offers intelligent, real-time healthcare solutions that satisfy latency and energy consumption requirements when combined with 5 G and advanced smart IoT sensors [24]. Its merits include privacy, autonomy, computation, fast alerts and decisions, and resilience. However, as another significant device on a network, Edge adds additional infrastructure that is susceptible to cyber attacks potential compromise.

Edge intelligent-based federated learning relies on a threat model, which describes the assumptions about the capabilities and behaviours of the many parties involved in the process, to secure the privacy and security of the data. Recent studies [25, 26] have shown that only the transmission gradient is susceptible to different attack levels. The federated edge aggregator model shows how to avoid client-level privacy attacks by establishing an SGD of differential privacy on clients’ data.

Organisations utilising IoT devices to gather or use potentially personally identifiable data or data related to health must abide by laws and regulations that define how such data should be handled. Suppose private organisations that provide IoT devices or services have access to IoT data. In such a case, there is an increased risk of the potential for information being exposed for non-public interest reasons, such as profiling, targeted advertising, leverage, or as the basis for future spear-phishing campaigns. To adequately protect users, there is a need to identify possible privacy attacks and approaches to mitigation. Although federated learning is designed for conditional training for privacy preservation, it can still reveal sensitive information [27].

An international standard’s backend may become overloaded or modified by malicious players. Because only the server, in an intermediate understanding, can violate the participants’ privacy, these attacks constitute a serious threat to federated learning [28]. During federated learning, insiders, such as curious servers or curious clients, and outsiders, such as adversary attacks, are possible [28]. Data transmission from the global aggregator to the system’s users could be the target of internal attacks such as passive network interception attacks and Sybil attacks.

A hierarchical three-fold federated edge aggregator (FEA) method introduces an iteration-based middle association of edge intelligence, including differential privacy, before sending learning parameters [6]. This FEA method ensures data privacy by leveraging the Gaussian noise-adding mechanism before passing model parameters under certain noise perturbation levels. However, in privacy attacks during the training phase, an attacker may negotiate the validity of the training data collection during the training stage using information-infecting attacks or modify the integrity of the training technique with data poisoning.

Insertion and Deletion During Federated Learning

A FL system becomes robust when it processes stable and dynamic clients. This would require the dynamic addition and removal of IoT devices, and ensuring clients can move between geographic locations and networks. This requirement contradicts current federated learning processes, in which clients continuously run their ML model by feeding their generated data to collaborate and keep updating their learning. However, the main challenge is how inserting or deleting a new client might impact overall collaboration. These requirements raise an additional limitation in the federated edge aggregation model; if a client moves regions whilst the source edge aggregator is iterating a group of clients’ data, how can the system ensure that processing is transitioned to the appropriate destination edge aggregators?

In federated learning, the user may enter before or after the training start, which is noted as ‘Push’, and the other side user might move away far or end his assigned task and stop being part of the training; in this case, it is noted as ‘Pop’. An efficient and privacy-preserving way for users to use Push and Pop is essential for real-time applications. The proposed method investigates the true clients to allow performing the learning, and if it detects an intruder, the system deletes it immediately. The proposed method efficiently handles clients’ insertion, deletion, and moving for seamless federated learning without compromising privacy.

Indicative Authentication in Federated Edge Aggregators

Although any Internet-connected device can pose general security and privacy risks to users, the nature of IoT is different [29]. There are several reasons for this; many ecosystems present difficulties for device discovery and inventory on consumer home networks, the number and variety of devices increase vulnerability surface areas, small systems may not be easily updated, and the limited nature of computation may limit security. The security of such systems impacts both the consumer’s and other users’ Internet access services that use shared network links, as an adversary can pivot from a compromised IoT device to adjacent devices.

In FL, authentication is the process that verifies the identity of the participating edge devices and edge aggregator servers and ensures that the communication is secure and private. Authentication in federated learning involves using a cryptographic protocol and key exchange mechanism to establish a secure communication channel between the edge devices and the edge aggregator server. For example, the secure sockets layer (SSL) or transport layer security (TLS) protocols can encrypt the communication channel and ensure user data is protected from eavesdropping or tampering.

In addition, FL would use authentication mechanisms such as digital certificates, which are cryptographic protocols that verify the identity of the devices and allow them to communicate securely. Digital certificates can also enhance the system’s security by preventing unauthorised edge devices from participating in the federated learning process. Authentication in federated learning is essential for ensuring the security and privacy of user data in the collaborative learning environment, and it involves the use of various cryptographic techniques and protocols to establish secure communication channels between the edge devices and the edge aggregator.

Proposed Framework

The procedure of the proposed framework, SPEI-FL, is illustrated in Fig. 2. In SPEI-FL, the global aggregator initialises the edge aggregators, hyperparameters, model and noise parameters, dataset, and distribution method, including the authenticated token. Consequently, edge aggregators initialise their corresponding IoT clients, passing the model’s parameters and assigned data, including authenticated tokens, and initialise cluster members based on geographical location using k-means clustering. In each cluster, IoT clients load the training data with the proposed adaptable convolutional neural network model and labels to train the model to calculate the training Loss by employing an optimization technique to load the model’s parameters, add Gaussian noising using differential privacy before aggregation ensures client privacy and protects against adversarial attacks to each and update the model.

Fig. 2
figure 2

Serverless privacy based edge intelligent enabled federated learning framework in smart healthcare systems

Full size image

The edge aggregator accumulates the model parameters of the corresponding set of IoT clients, broadcasts the updated model to the connected IoT clients, and calculates the accuracy of the test data and corresponding labels. This process repeats until the model is stabilised. Currently, the global aggregator aggregates the edge aggregators’ model parameters, broadcasts the updated model to the connected edge aggregators, and calculates the overall testing accuracy from the test data and corresponding labels. If a new client wishes to join, they will send a join request requesting geographical coordinates with a unique ID. If the ID value matches the dataset, then send a positive acknowledgement (ACK) and accept it as a trusted client, it will be considered an intruder. In the case of acknowledgement, the trusted client will be allocated into a cluster according to minimal Euclidian distance with each cluster representative.

Proposed Device to Cluster Authentication Method

To achieve the low latency and secure requirements for smart medical systems, we propose an adaptable edge intelligence-based privacy preservation method in federated learning. Our previous work [6] achieved a 90% accuracy and a higher degree of privacy preservation when compared with existing state-of-the-art methods with medical data. To extend this work, this paper proposes several interlinked additions; a secure and flexible device insertion and deletion process that allows the machine learning model to continue updating, an intrusion detection system to isolate suspicious users, and a device to CR (cluster representative) 6-way authentication protocol. The proposed method is explicitly designed for device-to-device (D2D) communications to preserve privacy while maintaining low latency. The collection of medical devices in a geographical region is called a single cluster, and each cluster has a cluster head (CH). Through this CH, medical devices request the service provider’s identity from the server for mutual authentication. The proposed Device to Cluster Head authentication updates token-based authentication, a key exchange between the device and edge aggregators cluster representative, instead of using a global aggregator. Firstly, we consider IoT devices deployed in a geographical area with distinct 2D coordinates. Then, we determine the distance between each dataset point and each initialised centroid using the K-Means technique. Points are allocated to the centroid with the shortest distance based on the values discovered. In Algorithm 1, it is mentioned that when a new client is identified for insertion, edge aggregators initialise their corresponding IoT clients, passing the model’s parameters and assigned data, including Authenticated token and initialising cluster members based on geographical location using k-means clustering. The proposed research considers each device’s geographic location (e.g. 2D coordinate) as the input to the K-means clustering algorithm. This means that rather than considering the individual device type, the clustering algorithm groups diverse devices into the same clusters based on their geographic closeness.

The process for this is as follows. At initialisation, clients transmit their client ID, x coordinate and y coordinate, and associated service provider ID. For new client requests, the edge aggregator checks the unique ID for verification. If the verification process fails, the edge aggregator rejects the request. For efficient edge aggregation, we have grouped user devices by k-mean clustering using Euclidean distance (Eq. (1)) based on geographical location. Consider two devices are P and Q in d dimensional area whereas, P= [p1, p2,.., pd] and Q= [q1,q2,..., qd], Euclidean distance in between P and Q as follows:

$$\begin{aligned} \begin{aligned} \Vert P-Q\Vert =\sqrt{\sum _{i=1}^d(p i-q i)^2} \end{aligned} \end{aligned}$$
(6)

At the beginning of the true client identification process, a request is made by a new client. A new IoT client requests to join the network’s nearest devices. The cluster representative response requests the x coordinate, y coordinate, and the unique service provider ID the patient had to register for. The cluster representative will request the edge aggregator to validate which other cluster already has a database of eligible service providers that originated from the global aggregator at initialisation. If authentication is successful, the trusted client will be assigned to a cluster by estimating the minimum Euclidean distance between the cluster representative and the new client. The edge aggregator will update the client number. If authentication fails, the intruder is not responded to.

The proposed 6-way device-to-cluster authentication is one of the contributions where an individual client has to pass its geographic location along with ID to the network. The six-way handshake protocol, which connects clients and servers securely expanding on a traditional four-way handshake to include an additional two-way device-to-cluster authentication. This addition allows for a more robust authentication in real-time situations where IoT data collection devices are portable. The network then verifies whether the client is authenticated or an intruder to keep the complete network from eavesdroppers. This authentication and further clustering may cause an additional delay in adding a device to the network; however, the author prioritises network safety and stability over the initial delay. This proposed six-way handshake protocol is shown in Fig. 3. Even if a client is removed, the edge aggregator updates the members during iteration.

Fig. 3
figure 3

6-way device-to-cluster representative authentication of SPEI-FL

Full size image
Algorithm 1
figure a

IoT client authentication through six-way Handshaking

Full size image

Adaptable CNN Model for Federated Learning

The section discusses an adaptable convolutional neural network model for federated learning to classify intruders in a serverless computing manner. Handling big data is challenging for traditional machine learning. Deep neural network processes, such as transfer learning, recurrent neural network (RNN), and convolutional neural network (CNN), are advanced solutions to overcome these issues. Specifically, these neural network methods perform best for feature extraction from image datasets [30]. For clinical numerical data multilayer perceptron (MLP), random forest algorithms can be used for machine learning [31]. However, federated learning requires efficient learning parameters that are easily extracted from convolutional neural network models for sending to aggregators and continuous updates on their own devices.

The proposed adaptable CNN is a 1D CNN, rather than a 2D CNN. While 2D CNNs are designed to operate exclusively on 2D data such as images and videos, 1D CNN has recently been developed to perform on tabular, signal, or times series data. The proposed adaptable CNN requires an array rather than a matrix, significantly reducing the computational cost. The relatively swallow architecture includes a few hidden layers and neurons, which makes it much easier to train and implement. The proposed adaptable CNN is well-suited for real-time and low-cost applications, especially on mobile and hand-held devices. The BoT-IoT dataset is a time series data containing spatial properties, hence the proposed adaptable CNN is designed as 1D CNN so that the kernel slides in only one dimension along the axis of time.

The proposed adaptable convolutional neural network model design presents a viable solution for structured and unstructured data in federated learning. A two-layer sequential convolutional neural network (CNN) model shown in Fig. 4 with a fully linked layer on top was used to investigate tabular data. With 1\(\times \)10 Kernel, BatchNorm2D [32], Activation: ReLU, Padding 0,4, each layer has a convolution. Figure 7 depicts the CNN model’s process for learning tabular data from their device.

Fig. 4
figure 4

Proposed adaptable convolutional neural network (CNN) Model of SPEI-FL

Full size image

The non-IID technique was used to divide and assign training data to each client. The non-IID-based technology ensures that each client will receive a maximum of three-digit variants data by first sorting training data according to the label before giving it to clients. Sorting is not necessary with the IID-based approach. However, after initialisation, as non-IID distribution in a cluster environment and clients move to other locations, overall accuracy will decrease because of the probability of missing data. The result shows IID still has a good accuracy in this limitation. The procedure for training the adaptable CNN model with tabular data is shown in Algorithm 2.

Algorithm 2
figure b

Training of the proposed CNN model based on tabular data

Full size image

For an efficient data distribution method, this process uses Algorithm 2 from [6] to distribute training data initially with corresponding labels to each IoT client. The following three crucial criteria [33] can be used to assess rating based on every user authentication method:

  • Usability: For the end-user, authentication is easy and intuitive.

  • Security: Security measures how challenging it is for a hostile actor to bypass authentication.

  • Deployability: For all users, regardless of platforms, devices, geography, etc., how simple is it to deploy?

Figure 5 presents a rating-based comparison among various authentication methods with flowing criteria.

Fig. 5
figure 5

Rating-based comparison of different authentication methods

Full size image

Several key factors can be considered for being an efficient and more adaptable method. Table 1 sincerely represents how the proposed method (SPEI-FL) covers more key aspects.

Table 1 Presence of key factors in proposed SPEI-FL and baseline FEA method
Full size table

Experiment and Evaluation

In this section, we have developed a serverless privacy edge intelligence-enabled federated learning framework and simulated our experiments with multiple datasets. This section also provides a performance evaluation. We evaluated the performance of our scheme in different hyperparameter settings and client variance.

We performed tests using an HP laptop with Microsoft Windows 10 Home, an Intel Core i7 processor (2.6–5.0GHz), 16GB of RAM, and an NVIDIA GeForce GTX 1650 Ti with a Max-Q design graphics processor. The development tools were PyCharm, Pysift, Pytorch, the TensorFlow library, and Python 3.6.

Datasets

To evaluate the performance of the proposed method, we considered both structured and unstructured data. Given the intended use-case in smart health care, we used the COVID-19 Chest X-ray medical dataset from Kaggle [34]. The standard unstructured MNIST data is also considered, as this is a benchmark dataset, and its inclusion allows for practical assessment using comparative methods. The MNIST dataset, with ten output classes labelled from 0 to 9, has 60,000 training and 10,000 test grayscale images with a 28 \(\times \) 28 \(\times \) 1 resolution. We selected the recently released COVID-19 chest X-RAY image dataset with 4 labels, 20685 training set (COVID-19: 3496, Lung Opacity: 5892, Normal: 10,072, Pneumonia: 1225), and 240 testing set, with the input image dimension 299 \(\times \) 299, to demonstrate the performance on medical images to support the smart healthcare system.

We resized the images to 32 \(\times \) 32 during the experiment due to memory restrictions on our machine, which may have impacted the method’s evaluation and overall accuracy calculations. Downsizing COVID-19 Chest in the X-RAY dataset images can lead to more efficient model training and inference, improved generalisation, enhanced interpretability, scalability, and privacy preservation, making it a valuable technique for leveraging medical imaging data in healthcare AI systems. Memory constraints are of concern in any mobile platform, so these images were scaled to 32 \(\times \) 32 during the experiment. This might have affected the spatial details; however, it increased the robustness of the method’s evaluations and estimations of its overall accuracy performance. We use the BoT-IoT dataset to analyse IoT-based smart healthcare systems, including attack types and structured data. In this dataset, we consider a structured CSV file with the number of training labels converted to 1D Images 410556. Labs were converted to 1D images 136916 for testing to feed the proposed machine learning model efficiently. We also considered the Normal and Attacked labels for this dataset.

Experimental Results and Discussion

We conducted several experiments using diverse datasets to examine the effect of the adaptability of federated learning on model accuracy in finding true clients and removing intruders. The proposed research’s performance evaluation is based on structured and unstructured data. The publicly available datasets, such as MNIST, COVID-19 Chest X-Ray, and BoT-IoT datasets, have provided the training and testing sets separately. This confirms that datasets are already balanced and robust. Also, training datasets are sufficiently large enough to cover each output label to avoid overfitting problems. The results demonstrated here are the mean testing accuracy of 5 individual test cases. Two edge aggregators were considered to handle two clusters containing 5 and 10 clients with very close geographic locations, respectively.

Testing Accuracy Analysis

Figure 6 illustrates the proposed methods’ testing accuracy regarding the BoT-IoT dataset with distribution methods IID. The figure reported 86% testing accuracy at the 6th communication round; correspondingly, the proposed method is efficiently adaptable for tabular datasets and performs better than other methods (see table).

Fig. 6
figure 6

Testing accuracy with proposed ML model for BoT-IoT dataset of SPEI-FL

Full size image

Training Loss Analysis

Figure 7 demonstrates the training loss of the proposed method regarding the mean absolute error (MAE). We consider the tabular dataset the BoT-IoT dataset. In this experiment, we considered five clients for edge aggregator one and ten for edge aggregator two. Training loss is reducing over time.

Fig. 7
figure 7

Training loss with proposed ML model for BoT-IoT dataset of SPEI-FL

Full size image
Fig. 8
figure 8

Box plot of testing accuracy and training loss in a different setting of clients insertion and deletion of SPEI-FL

Full size image

We present our results through box plots to statistically analyse our observations of testing accuracy and training loss in a different setting of the client’s insertion and deletion of SPEI-FL. In Fig. 8, Ev represents Evaluation, EA1 represents the 1st Edge Aggregator, which contains 5 IoT devices, and EA2 represents the 2nd Edge Aggregator, which includes 10 IoT devices. Here, we can see that for the MNIST dataset, testing accuracy demonstrated higher mean and median accuracy values than the COVID-19 dataset for 4 random observations. Figure 8a shows that median Testing Accuracy for all the settings observed for the MNIST dataset was reported around 85–90% whereas 30–50% was observed for the COVID-19 dataset in Fig. 8b. Regarding training error, Fig. 8c shows around 0.6 median training error was observed for different settings for the MNIST dataset, whereas around 0.8 was observed for the COVID-19 dataset in Fig. 8d. For all the settings in any dataset, reported median testing accuracy and median training error were almost similar, proving the proposed method’s robustness. However, in the COVID-19 chest x-ray dataset, the result is a bit low because of the large image size, so we needed to resize the images.

Figure 9 shows the visualisation of the proposed method’s outcome message. By entering x-y coordination and a valid unique service provider ID, we can see that the system authenticates the client and assigns it a suitable cluster for continuing federated learning.

Fig. 9
figure 9

Illustration of the options regulation and visualisation of client’s insertion and intruder detection massage in SPEI-FL

Full size image

Comparative Accuracy

The table shows the comparative accuracy for different methods. All methods have been tested with the same dataset MNIST. Here, we can see that the proposed method shows more accuracy, around 90% than others. Table 2 presents the comparative accuracy of different methods that are conducted with the same dataset MNIST and the result shows that the proposed method has a promising outcome with 90% accuracy than others.

Table 2 Comparative accuracy of different methods
Full size table

Table 3 lists the comparative performance of different methods, including precision, recall, and F1 Score. The result shows that the proposed method performs better than others and takes less training and testing processing time.

Table 3 Comparative performance at the 100th iteration with MNIST dataset
Full size table

Discussion of Results

Using a well-known large dataset, the proposed framework produces promising outcomes. The results show client insertion requests can be made to aggregators with geographical coordination for suitable clusters. After the proposed cluster representative to device authentication, the true client added its assigned cluster according to the location, to continue federated learning. The system can successfully insert and remove true clients and detect intruders. We considered a unique service provider ID as a token for authentication in the proposed six-way handshaking protocol. In the base method, the three-layered architecture shows an overall testing accuracy of around 90%. In contrast, the proposed SPEI-FL is designed to handle dynamic clients with structured and unstructured data without compromising overall accuracy. We convert each tuple into a 1D image for pre-processed structured data to fit the CNN model for efficient federated learning.

While evaluating the impact on overall accuracy, we consider various settings for clients to add and remove in the edge aggregator. After a converged iteration, the cluster representative will reset. As a result, cluster representative to-device authentication can avoid being the target of privacy attacks. It is expected that smart healthcare systems will hold multiple data types, including images, signal data, and numerical data. The proposed on-device machine learning design can process image and numerical data for federated learning. To minimise the execution cost while achieving the deadline for such applications, considerations such as the influence of network latency, bandwidth restrictions, and data placement must be made [34]. In this regard, the proposed serverless privacy can also bring viable solutions.

We consider two edge aggregators with five and ten clients for experimental purposes. However, vast numbers of clients are expected in real-time deployments. In the evaluation, we consider cluster-based intrusion detection. Patients can produce signals such as ECG data in a smart healthcare system. In our proposed method, the CNN model is not designed to learn signal data. In future work, we will consider overcoming these limitations and testing for scale.

Conclusion

This paper has proposed a versatile solution for a smart healthcare system by leveraging adaptable edge intelligence in a federated learning model over a serverless computing paradigm. It shows seamless learning continuation of federated learning over moving patients. It demonstrates a serverless privacy edge intelligence-based federated learning framework to protect overall systems privacy and allocate proper resources for each client at the edge of a network. To avoid complicated infrastructure management load on a central server, lost computation, and incurred costs during authentication demands from inactive clients, serverless computing brings a viable solution. Experiments have shown that this strategy offers noteworthy learning accuracy and time complexity outcomes.

Additionally, it defends against Global Aggregator manipulation by enhancing privacy protection. As part of the experiment, popular datasets with both IID and non-IID distributions were initially distributed among clients, who were trained and tested, and the training loss and privacy costs were calculated. However, non-IID distribution among existing client sets before model learning during client insertion and deletion in a cluster is challenged because missing data will affect overall accuracy. The proposed framework showed a significantly better influence on learning accuracy with less computing power, has effective data load control, and provides better privacy by evaluating privacy costs. It keeps outstanding performance and provides a more adaptable privacy-preserving paradigm at the same privacy cost as the standard way. Fine-grained microservices-based edge federated learning will be investigated to continue this work.