Collaborative intrusion detection systems in SD-WAN enterprise networks with federated learning: a comprehensive survey
摘要
Software-Defined Wide Area Networking (SD-WAN) has revolutionized enterprise network connectivity by achieving substantial improvements. However, the multifaceted architectural properties extend the attack surface and compromise the robustness and detection reliability of intrusion detection systems (IDS). Further, fragmented visibility, dynamic traffic patterns, and regulatory constraints on data sharing exacerbate the complexity of enterprise-wide threat detection. To address these challenges, Collaborative IDS (CIDS) has emerged as a promising architectural paradigm. It embraces the recent Federated Learning (FL) to enable a privacy-preserving distributed learning framework in SD-WAN to detect intrusion patterns collaboratively. Despite the substantial research progress, a comprehensive understanding of how FL-based CIDS can be rigorously designed, operationally deployed, and empirically evaluated within SD-WAN enterprise networks remains largely unexplored. To address the key limitations, this survey offers the first in-depth investigation of FL-based CIDS in SD-WAN enterprise environments. By laying down the foundation of SD-WAN architectures, attack surfaces, and IDS requirements, the state-of-the-art FL-driven CIDS frameworks are critically examined by concentrating on architectural designs, aggregation strategies, learning paradigms, security threats, and operational constraints. This survey strongly emphasizes that next-generation solutions require the co-design of FL algorithms with the SD-WAN in CIDS frameworks to move beyond the current FL-based scenarios to meet the enterprise network constraints. Additionally, collaborative cyber threat intelligence sharing is explored to strengthen collective cross-enterprise threat resilience. Along with performance and benchmarking challenges, open research directions toward scalable, resilient, and autonomous SD-WAN security are highlighted. Conclusively, this survey serves the guideline for researchers and practitioners to develop next-generation, privacy-preserving IDS solutions for SD-WAN enterprise networks.