Fair Client Selection and Encrypted Aggregation: A Federated Learning Framework for Intrusion Detection in Resource-Constrained Networks
Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
With the increasing deployment of resource-constrained networks, the need for secure and efficient intrusion detection is more pressing than ever, given the challenges posed by the heterogeneity and limited resources of client devices. Federated learning (FL) offers a promising decentralized approach, yet it faces critical issues such as privacy risks, class imbalance, and client diversity, hindering reliable global model development. To address these challenges, we introduce an adaptive federated learning framework designed to enhance security, balance data distribution, and optimize intrusion detection in distributed environments. Our framework ensures privacy preservation through encrypted model training using Fully Homomorphic Encryption (FHE), mitigates data imbalance by applying the Synthetic Minority Over-sampling Technique (SMOTE) based on the client selection informed by the highest and lowest Earth Mover's Distance (EMD) scores, thereby improving model fairness by strategically balancing client representation. By integrating these techniques, it effectively overcomes key obstacles in federated learning, transforming it into a practical and robust cybersecurity solution. We validate our approach using CICDDoS2019 and UNSW-NB15, two benchmark datasets known for their complex attack scenarios and diverse network traffic. The results are compelling, our method outperforms traditional methods across key metrics, achieving precision, recall, F1-score, MSE, and FAR of 0.9699, 0.9818, 0.9741, 0.0464, and 0.0619 respectively on the UNSW-NB15 dataset, and 0.8127, 0.9886, 0.8963, 0.3984, and 0.1889 respectively on the CICDDoS2019 dataset, even in resource-constrained and privacy-constrained environments. Our findings demonstrate that adaptive learning, intelligent client selection, and privacy-aware model aggregation are essential for future-proofing cybersecurity in distributed networks.