Federated Learning for Privacy-Preserving Intrusion Detection: A Systematic Review, Taxonomy, Challenges and Future Directions
Subject Areas : Machine learning
Dattatray Raghunath Kale
1
*
,
Swati Shirke-Deshmukh
2
,
Amulkumar Jadhav
3
,
Shrihari Khatawkar
4
,
Sunny Mohite
5
,
Sarang Patil
6
,
Madhav Salunkhe
7
,
Rahul Sonkamble
8
1 - Department of Computer Science & Engineering, MIT Art Design and Technology University, Pune, India
2 - Department of Computer Science & Engineering, Pimpri Chinchwad University, Pune, Maharashtra, India
3 - Department of Computer Science & Engineering, MIT Art Design and Technology University, Pune, India
4 - Computer Science and Engineering, Annasaheb Dange College of Engineering and Technology, Ashta India
5 - D Y Patil College of Engineering and Technology, Kolhapur, India
6 - Amity School of Engineering & Technology, Amity University Mumbai
7 - Annasaheb Dange College of Engineering and Technology Ashta
8 - Department of Computer Science & Engineering, Pimpri Chinchwad University, Pune, Maharashtra, India
Keywords: Federated Learning, Intrusion Detection, Data Privacy, Cyber security,
Abstract :
This paper presents a systematic review of intrusion detection systems (IDS) that leverage federated learning (FL) to enhance privacy in distributed cybersecurity environments. A total of 78 peer-reviewed studies published between 2019 and 2024 were selected using PRISMA guidelines. We categorize FL-based IDS solutions based on architecture (centralized, decentralized, hierarchical), aggregation methods (e.g., FedAvg, DAFL), and privacy-preserving techniques (e.g., differential privacy, homomorphic encryption). The survey also examines solutions to key challenges such as communication overhead, data heterogeneity, and poisoning attacks. Furthermore, this study outlines unresolved issues and proposes future research directions, including adaptive federated optimization and cross-domain deployments. This review serves as a valuable resource for researchers and practitioners aiming to develop privacy-aware, scalable, and intelligent IDS using federated learning.
[1] K. Kurniabudi, B. Purnama, S. Sharipuddin, D. Darmawijoyo, D. Stiawan, S. Samsuryadi, A. Heryanto, and R. Budiarto, “Network anomaly detection research: A survey,” Indonesian Journal of Electrical Engineering and Informatics (IJEEI), vol. 7, no. 2, pp. 1–10, 2019.
[2] I. Manan, F. Rehman, H. Sharif, C. N. Ali, R. R. Ali, and A. Liaqat, “Cyber security intrusion detection using deep learning approaches and Bot-IoT dataset,” in Proc. 2023 4th Int. Conf. on Advancements in Computational Sciences (ICACS), Lahore, Pakistan, 2023, pp. 1–5.
[3] J. Lánský, S. Ali, M. Mohammadi, M. K. Majeed, S. H. Karim, S. Rashidi, M. Hosseinzadeh, and A. M. Rahmani, “Deep learning-based intrusion detection systems: A systematic review,” IEEE Access, vol. 9, pp. 101574–101599, 2021.
[4] S. Tyagi, I. S. Rajput, and R. Pandey, “Federated learning: Applications, security hazards and defense measures,” in Proc. 2023 Int. Conf. on Device Intelligence, Computing and Communication Technologies (DICCT), 2023, pp. 477–482.
[5] J. Konečný, H. B. McMahan, F. X. Yu, P. Richtárik, A. T. Suresh, and D. Bacon, “Federated learning: Strategies for improving communication efficiency,” arXiv preprint arXiv:1610.05492, 2016.
[6] T. Li, A. Sahu, A. Talwalkar, and V. Smith, “Federated learning: Challenges, methods, and future directions,” IEEE Signal Processing Magazine, vol. 37, no. 3, pp. 50–60, May 2019.
[7] D. A. Kumar and S. R. Venugopalan, “Intrusion detection systems: A review,” Int. J. Adv. Res. Comput. Sci., vol. 8, no. 5, pp. 356–370, 201.
[8] K. B. Gan, “Intrusion detection systems: Principles and perspectives,” J. Multidisciplinary Eng. Sci. Studies (JMESS), vol. 4, no. 11, pp. —, Nov. 2018.
[9] T. F. Lunt, “Foundations for intrusion detection,” in Proc. IEEE Computer Security Foundations Workshop (CSFW), 2000, pp.
[10] S. Mukkamala, A. H. Sung, and A. Abraham, “Designing intrusion detection systems: Architectures, challenges and perspectives,” Studies in Fuzziness and Soft Computing, vol. 190, pp. —, 2005.
[11] A. Pharate, H. Bhat, V. Shilimkar, and N. A. Mhetre, “Classification of intrusion detection system,” Int. J. Comput. Appl., vol. 118, no. 23, pp. 23–26, 2015.
[12] N. Majeed, “A review and classification of intrusion detection system in data engineering,” —, 2021.
[13] R. Wankhede and V. Chole, “Intrusion detection system using classification technique,” Int. J. Comput. Appl., vol. 139, no. 25, pp. 25–28, 2016.
[14] S. Niksefat, P. Kaghazgaran, and B. Sadeghiyan, “Privacy issues in intrusion detection systems: A taxonomy, survey and future directions,” Comput. Sci. Rev., vol. 25, pp. 69–78, 2017.
[15] H. El Zakaria, A. Hafid, and L. Khoukhi, “MiTFed: A privacy-preserving collaborative network attack mitigation framework based on federated learning using SDN and blockchain,” IEEE Trans. Netw. Sci. Eng., vol. 10, pp. 1985–2001, 2023, doi: 10.1109/TNSE.2023.3237367.
[16] Q. Lin, R. Ming, K. Zhang, and H. Luo, “Privacy-enhanced intrusion detection and defense for cyber-physical systems: A deep reinforcement learning approach,” Security Commun. Netw., 2022, doi: 10.1155/2022/4996427.
[17] S. Chen, Y. Wang, D. Yu, J. Ren, C. Xu, and Y. Zheng, “Privacy-enhanced decentralized federated learning at dynamic edge,” IEEE Trans. Comput., 2023, doi: 10.1109/TC.2023.3239542.
[18] “Federated learning with privacy-preserving ensemble attention distillation,” IEEE Trans. Med. Imaging, 2023, doi: 10.1109/TMI.2022.3213244.
[19] S. R. Spangler, “Privacy-enhancing technologies in federated learning for the Internet of Healthcare Things: A survey,” Electronics, 2023, doi: 10.3390/electronics12122703.
[20] A. Elhussein and G. Gursoy, “Privacy-preserving patient clustering for personalized federated learning,” arXiv preprint arXiv:2307.08847, 2023.
[21] Y. Wu, C.-F. Chiasserini, F. Malandrino, and M. Levorato, “Enhancing privacy in federated learning via early exit,” in Proc. ACM, 2023, doi: 10.1145/3584684.3597274.
[22] T. M. Beltrán et al., “Fedstellar: A platform for decentralized federated learning,” arXiv preprint arXiv:2306.XXXXX, 2023.
[23] “Federated learning for IoT devices with domain generalization,” IEEE Internet Things J., 2023, doi: 10.1109/JIOT.2023.3234977.
[24] X. Yang, S.-W. Xiang, C. Peng, W. Tan, Z. Li, N. Wu, and Y. Zhou, “Federated learning incentive mechanism design via Shapley value and Pareto optimality,” Axioms, vol. 12, no. 7, p. 636, 2023, doi: 10.3390/axioms12070636.
[25] Y. Cui et al., “Optimizing training efficiency and cost of hierarchical federated learning in heterogeneous mobile-edge cloud computing,” IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst., 2022.
[26] J. Zhang, C. Luo, M. Carpenter, and G. Min, “Federated learning for distributed IIoT intrusion detection using transfer approaches,” IEEE Trans. Ind. Informatics, 2022.
[27] A. Cholakoska, H. Gjoreski, V. Rakovic, D. Denkovski, M. Kalendar, B. Pfitzner, and B. Arnrich, “Federated learning for network intrusion detection in ambient assisted living environments,” IEEE Internet Comput., vol. 27, pp. 15–22, 2023, doi: 10.1109/MIC.2023.3264700.
[28] J. Nie, D. Xiao, L. Yang, and W. Wu, “FedCME: Client matching and classifier exchanging to handle data heterogeneity in federated learning,” arXiv preprint arXiv:2307.08574, 2023.
[29] V. Valadi, X. Qiu, P. Gusmão, N. D. Lane, and M. Alibeigi, “FedVal: Different good or different bad in federated learning,” arXiv preprint arXiv:2306.04040, 2023, doi: 10.48550/arXiv.2306.04040.
[30] G. Hu, Y. Teng, N. Wang, and F. R. Yu, “Clustered data sharing for non-IID federated learning over wireless networks,” arXiv preprint arXiv:2302.10747, 2023.
[31] J. Li, X. Tong, J. Liu, and L. Cheng, “An efficient federated learning system for network intrusion detection,” IEEE Syst. J., vol. 17, pp. 2455–2464, 2023, doi: 10.1109/JSYST.2023.3236995.
[32] M. Nakıp, B. C. Gül, and E. Gelenbe, “Decentralized online federated G-network learning for lightweight intrusion detection,” arXiv preprint arXiv:2306.13029, 2023.
[33] O. Belarbi, T. Spyridopoulos, E. Anthi, I. Mavromatis, P. Carnelli, and A. Khan, “Federated deep learning for intrusion detection in IoT networks,” in CEUR Workshop Proc., vol. 3125, pp. 85–99, 2023.
[34] E. M. Campos, P. F. Saura, A. González-Vidal, J. L. Ramos, J. B. Bernabé, G. Baldini, and A. F. Gómez-Skarmeta, “Evaluating federated learning for intrusion detection in Internet of Things: Review and challenges,” arXiv preprint arXiv:2108.00974, 2021.
[35] M. A. Ferrag, O. Friha, L. Maglaras, H. Janicke, and L. Shu, “Federated deep learning for cybersecurity in the Internet of Things: Concepts, applications, and experimental analysis,” IEEE Access, vol. 9, pp. —, 2021.
[36] M. Alazab, S. P. Rm, M. P., P. K. Maddikunta, T. R. Gadekallu, and V. Q. Pham, “Federated learning for cybersecurity: Concepts, challenges, and future directions,” IEEE Trans. Ind. Informatics, vol. 18, no. 5, pp. 3501–3509, 2022.
[37] S. Chatterjee and M. K. Hanawal, “Federated learning for intrusion detection in IoT security: A hybrid ensemble approach,” arXiv preprint arXiv:2106.15349, 2021.
[38] P. Ruzafa-Alcázar, P. Fernández-Saura, E. Mármol-Campos, A. González-Vidal, J. L. Hernández-Ramos, J. Bernal-Bernabe, and A. F. Skarmeta, “Intrusion detection based on privacy-preserving federated learning for the industrial IoT,” IEEE Trans. Ind. Informatics, vol. 19, no. 2, pp. 1145–1154, 2023.
[39] A. Alazab, A. Khraisat, S. Singh, T. Jan, and M. Alazab, “Enhancing privacy-preserving intrusion detection through federated learning,” Electronics, 2023.
[40] N. A. Al-Marri, B. S. Ciftler, and M. M. Abdallah, “Federated mimic learning for privacy preserving intrusion detection,” in Proc. IEEE Int. Black Sea Conf. Commun. Netw. (BlackSeaCom), 2020, pp. 1–6.
[41] W. Yang, B. Liu, C. Lu, and N. Yu, “Privacy preserving on updated parameters in federated learning,” in Proc. ACM Turing Celebration Conf.—China, 2020.
[42] X. Zhao, L. Wang, L. Wang, and Z. Lu, “A privacy-enhanced federated learning scheme with identity protection,” in Proc. IEEE HPCC/DSS/SmartCity/DependSys, 2022, pp. 1188–1195.
[43] A. Elhussein and G. Gursoy, “Privacy-preserving patient clustering for personalized federated learning,” arXiv preprint arXiv:2307.08847, 2023.
[44] L. Zhang and H. Zhang, “Privacy-preserving federated learning on lattice quantization,” Int. J. Wavelets, Multiresolution Inf. Process., 2023, doi: 10.1142/S0219691323500200.
[45] P. Ruzafa-Alcázar et al., “Intrusion detection based on privacy-preserving federated learning for the industrial IoT,” IEEE Trans. Ind. Informatics, vol. 19, no. 2, pp. 1145–1154, 2021.
[46] Y. Liu, G. Wu, W. Zhang, and J. Li, “Federated learning-based intrusion detection on non-IID data,” in Lect. Notes Comput. Sci., pp. 313–329, 2023, doi: 10.1007/978-3-031-22677-9_17.
[47] O. Belarbi et al., “Federated deep learning for intrusion detection in IoT networks,” arXiv preprint arXiv:2306.02715, 2023.
[48] “Federated learning for IoMT applications: A standardization and benchmarking framework of intrusion detection systems,” IEEE J. Biomed. Health Informatics, 2023, doi: 10.1109/JBHI.2022.3167256.
[49] H. Saadat, A. Aboumadi, A. Mohamed, A. Erbad, and M. Guizani, “Hierarchical federated learning for collaborative IDS in IoT applications,” in Proc. MECO, 2021, pp. 1–6.
[50] R. Lazzarini, H. Tianfield, and V. Charissis, “Federated learning for IoT intrusion detection,” AI, vol. 4, no. 3, pp. 509–530, 2023.
[51] Q. Tong, G. Liang, and J. Bi, “Effective federated adaptive gradient methods with non-IID decentralized data,” arXiv preprint arXiv:2009.06557, 2020.
[52] E. M. Campos et al., “Evaluating federated learning for intrusion detection in Internet of Things: Review and challenges,” arXiv preprint arXiv:2108.00974, 2021.
[53] K. Chen, X. Zhang, X. Zhou, Y. Xiao, and L. Zhou, “Privacy preserving federated learning for full heterogeneity,” ISA Trans., 2023, doi: 10.1016/j.isatra.2023.04.020.
[54] A. David, B. Bierbrauer, and N. D. Bastian, “Data-efficient federated learning for raw network traffic detection,” Proc. SPIE, vol. 12538, 2023, doi: 10.1117/12.2663092.
[55] “Federated learning for IoMT applications: A standardization and benchmarking framework of intrusion detection systems,” IEEE J. Biomed. Health Informatics, 2023, doi: 10.1109/JBHI.2022.3167256.
[56] M. M. Rashid et al., “A federated learning-based approach for improving intrusion detection in industrial Internet of Things networks,” Network, 2023, doi: 10.3390/network3010008.
[57] F. Marulli, L. Verde, S. Marrone, R. Barone, and M. S. Biase, “Evaluating efficiency and effectiveness of federated learning approaches in knowledge extraction tasks,” in Proc. IJCNN, 2021, pp. 1–6.
[58] V. Valadi et al., “FedVal: Different good or different bad in federated learning,” arXiv preprint arXiv:2306.04040, 2023.
[59] W. Song and T. Yan, “Federated learning framework for blockchain based on second-order precision,” in Proc. IEEE BigComp, 2023, doi: 10.1109/BigComp57234.2023.00054.
[60] M. Wang et al., “TrFedDis: Trusted federated disentangling network for non-IID domain feature,” arXiv preprint arXiv:2301.12798, 2023.
[61] A. D. Chowdary et al., “An ensemble multi-view federated learning intrusion detection for IoT,” IEEE Access, vol. 9, pp. 117734–117745, 2021.
[62] R. Zhao et al., “Semi-supervised federated learning based intrusion detection method for Internet of Things,” IEEE Internet Things J., 2022.
[63] H. Liang, D. Liu, X. Zeng, and C. Ye, “An intrusion detection method for advanced metering infrastructure system based on federated learning,” J. Mod. Power Syst. Clean Energy, vol. 11, no. 3, pp. 927–937, 2023.
[64] J. Zhang, C. Luo, M. Carpenter, and G. Min, “Federated learning for distributed IIoT intrusion detection using transfer approaches,” IEEE Trans. Ind. Informatics, 2022.
[65] J. Zhang et al., “Federated learning for distributed IIoT intrusion detection using transfer approaches,” IEEE Trans. Ind. Informatics, 2023, doi: 10.1109/TII.2022.3216575.
[66] O. Belarbi et al., “Federated deep learning for intrusion detection in IoT networks,” arXiv preprint arXiv:2306.02715, 2023.
[67] P. Li, “FedSD: A new federated learning structure used in non-IID data,” in Proc. IEEE ICASSP, 2023, doi: 10.1109/ICASSP49357.2023.10095595.
[68] Z. Wang et al., “Poisoning-assisted property inference attack against federated learning,” IEEE Trans. Dependable Secure Comput., 2023, doi: 10.1109/TDSC.2022.3196646.
[69] G. Yan et al., “DeFL: Defending against model poisoning attacks in federated learning via critical learning periods awareness,” in Proc. AAAI Conf. Artif. Intell., 2023, doi: 10.1609/aaai.v37i9.26271.
[70] P. R. Ovi et al., “Confident federated learning to tackle label-flipped data poisoning attacks,” Proc. SPIE, 2023, doi: 10.1117/12.2663911.
[71] L. Lavaur et al., “The evolution of federated learning-based intrusion detection and mitigation: A survey,” IEEE Trans. Netw. Serv. Manag., 2022, doi: 10.1109/TNSM.2022.3177512.
[72] X. Wu et al., “Faster adaptive federated learning,” in Proc. AAAI Conf. Artif. Intell., vol. 37, no. 9, pp. 10379–10387, 2023.
[73] J. Mills et al., “Accelerating federated learning with a global biased optimiser,” IEEE Trans. Comput., 2022.
[74] Y. Rahulamathavan et al., “FheFL: Fully homomorphic encryption friendly privacy-preserving federated learning with Byzantine users,” arXiv preprint arXiv:2306.05112, 2023.
[75] W. Mou et al., “A verifiable federated learning scheme based on secure multi-party computation,” in Lect. Notes Comput. Sci., 2021, doi: 10.1007/978-3-030-86130-8_16.
[76] R. Subedi et al., “A client-server deep federated learning for cross-domain surgical image segmentation,” arXiv preprint arXiv:2306.08720, 2023.
[77] W. Huang et al., “FedCKE: Cross-domain knowledge graph embedding in federated learning,” IEEE Trans. Big Data, 2022.
[78] S. Liu and F. Xu, “Adaptive federated learning aggregation strategies based on mobile edge computing,” in Proc. ICMLCA, vol. 12636, pp. 65–73, SPIE, 2023.
[79] A. Selamnia et al., “Edge computing-enabled intrusion detection for C-V2X networks using federated learning,” in Proc. IEEE GLOBECOM, 2022, pp. 2080–2085.
[80] R. Yu and P. Li, “Toward resource-efficient federated learning in mobile edge computing,” IEEE Netw., vol. 35, pp. 148–155, 2021.