Federated Learning for Distributed Network Security and Threat Intelligence: A Privacy-Preserving Paradigm for Scalable Cyber Defense

Considering the amount, level of sophistication, and variety of cyber threats, network security is required to be intelligent, real-time, and privacy-preserving. Although successful, traditional centralized machine learning models have a number of drawbacks such as the risk of privacy, data bottleneck, and single points of failure phenomena. Our proposal is the federated learning (FL) framework of distributed network security and threat intelligence with a plan to provide a solution that takes full advantage of the diversity of data distributed on heterogeneous nodes without imposing serious privacy risks to users. The framework allows distributed edge devices to jointly train deep learning models in a locally-distributed fashion and only exchanging model updates with an aggregator. We compare the performance of the system within the benchmark intrusion detection datasets in the presence of IID and non-IID data sets. The presented results show that the suggested FL-based framework maintains a reasonable level of detection accuracy, enables enormous failures in communication overhead, and creates increased privacy assurances as opposed to the conventional centralized methods. Moreover, the system possesses resistiveness to frequent adversarial attacks, e.g., data poisoning and model inversion. The work provides a scalable and flexible architecture of next-generation cybersecurity infrastructures, especially IoT, edge, and smart cities.