FNEM: A Federated-Neuro-Symbolic Edge Approach for Explainable Anomaly Detection in IoT Networks

The fast growth of Internet of Things (IoT) devices requires intrusion detection systems which must deliver precise results and fast response times and understandable decision processes from network edge locations. The three main obstacles for deep learning methods in these environments result from limited processing capacity and privacy protection standards and the requirement for explainable output. FL provides privacy protection through its method but it achieves inferior results when dealing with non-IID data and lacks clear explanations. The research introduces FNEM as a Federated-Neuro-Edge Model which combines neural prediction with symbolic rule-based correction to achieve both precise and interpretable IoT anomaly detection. The system enables edge device rule synchronization through SHAP-based rule extraction after FL collaborative training is finished. The system identified seven basic symbolic rules and 22 corrective overrides (0.0176%) which successfully fixed five neural false negatives within the uncertainty range. The system achieved 99.87% attack detection F1 when using a recall-oriented configuration with τ = 0.10. The model achieved a Macro-F1 score of 98.37% and AUC of 99.87% and average precision of 99.99% when using the validation-optimized threshold (τ = 0.22). The system provides an efficient solution for real-time anomaly detection in IoT networks through its combination of distributed learning with symbolic reasoning and privacy protection.