<p>Intrusion detection systems (IDS) monitor and detect malicious activity and unauthorized access that may compromise systems. Traditional IDS approaches send data to a central server for analysis, raising privacy concerns as data owners lose control over security. Federated Learning (FL) offers a privacy-preserving alternative by allowing local devices to process their data and generate models without sharing raw data. These local models are aggregated centrally to form a comprehensive model with performance comparable to centralized systems. This paper reviews FL-based IDS research, and is the first review paper to focus on privacy-preserving techniques collectively known as privacy-preserving Federated Learning (PPFL) for IDS. We examine methods used to prevent data leakage while maintaining detection effectiveness, including encryption-based and lightweight alternatives. While FL keeps raw data local, it remains susceptible to inference and poisoning attacks. Our findings show that most FL-based IDS research concentrates on data locality alone, with limited adoption of additional privacy-enhancing techniques. Advancing PPFL-IDS requires moving beyond data while addressing trade-offs. This review highlights key gaps and directions for future research.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A survey of privacy-preserving federated learning for intrusion detection systems

  • Thomas Bunko,
  • Michael N. Johnstone,
  • Wencheng Yang,
  • Ben A. Scott

摘要

Intrusion detection systems (IDS) monitor and detect malicious activity and unauthorized access that may compromise systems. Traditional IDS approaches send data to a central server for analysis, raising privacy concerns as data owners lose control over security. Federated Learning (FL) offers a privacy-preserving alternative by allowing local devices to process their data and generate models without sharing raw data. These local models are aggregated centrally to form a comprehensive model with performance comparable to centralized systems. This paper reviews FL-based IDS research, and is the first review paper to focus on privacy-preserving techniques collectively known as privacy-preserving Federated Learning (PPFL) for IDS. We examine methods used to prevent data leakage while maintaining detection effectiveness, including encryption-based and lightweight alternatives. While FL keeps raw data local, it remains susceptible to inference and poisoning attacks. Our findings show that most FL-based IDS research concentrates on data locality alone, with limited adoption of additional privacy-enhancing techniques. Advancing PPFL-IDS requires moving beyond data while addressing trade-offs. This review highlights key gaps and directions for future research.