Distributed Detection of DDoS Attack on 5G Network Slices

5G network slicing enables flexible and efficient service deployment by maintaining logical isolation and facilitating tailored Quality of Service (QoS) and security policies. However, network slices increase network complexity and expand the attack surface, making them more susceptible to Distributed Denial-of-Service (DDoS) attacks. Due to the growing attack landscape, Machine Learning (ML) based Intrusion Detection Systems (IDS) are getting popular over traditional IDS. Since network slices are used by different verticals, they often have strict privacy requirements. Conventional ML-based IDS are centralized in nature, combining all data on a central server, which fails to uphold slice-level privacy constraints. This paper proposes FLAccShield, a Federated Learning (FL)-based privacy-preserving IDS framework for DDoS detection in 5G network through collaboration among multiple slices. The framework is rigorously evaluated for supervised and unsupervised settings for both Independent and Identically Distributed (IID) and non-IID datasets against a varied range of features. The experimental results demonstrate that FLAccShield achieves F1-scores up to 32% higher than traditional aggregation method for FL such as FedAvg and 5% higher than Local Training in supervised settings with IID data. In unsupervised settings, it outperforms state-of-the-art FL methods such as FedAvg, FedProx, and QFedAvg by 0.4%, 1%, and 32%, respectively. Under non-IID conditions, FLAccShield improves by 3% over FedAvg and FedProx, and 2% over QFedAvg, respectively. These findings highlight FLAccShield’s robustness, efficiency, and its ability to preserve privacy in complex 5G environments.