A Privacy Preserving Federated Transformer Framework with Reinforcement Learning for Adaptive IoT Intrusion Detection

The rapid proliferation of Internet of Things (IoT) devices has exponentially expanded the cyber-attack surface, rendering traditional centralized Intrusion Detection Systems (IDS) inefficient due to critical data privacy concerns and bandwidth constraints. While recent advancements like Self-Attention Deep Neural Networks (SA-DNN) have achieved high detection accuracy, their reliance on centralized data aggregation exposes sensitive user information and lacks the adaptability required for dynamic threat landscapes. To address these gaps, this paper proposes Fed-Trans-RL, a novel privacy-preserving framework that integrates Federated Learning (FL), Transformer Encoders, and Deep Reinforcement Learning (DRL). Crucially, to ensure robustness against both known and zero-day threats, we design a Universal IDS Pipeline featuring two distinct modes: a Supervised mode utilizing lightweight Transformer Encoders to classify known attack patterns, and an Unsupervised mode employing Deep Autoencoders and Isolation Forests to identify anomalies in wild, unlabeled traffic. We decentralize the detection process using Learnable Feature Gating (LFG) directly on IoT edge devices and utilize a DRL agent with Proximal Policy Optimization (PPO) at the aggregation server to dynamically optimize client selection based on real-time network states. Experimental validation on four heterogeneous datasets BOT-IoT, N-BAIOT, IoT-23, and TAN-IOT demonstrates that Fed-Trans-RL achieves detection accuracy comparable to centralized baselines (up to 99.5% on N-BAIOT) while reducing communication rounds by approximately 31%. These results confirm that the proposed framework successfully bridges the gap between high-precision security, operational efficiency, and strict privacy preservation for next-generation IoT networks.