Fed-ANIDS: Federated learning for anomaly-based network intrusion detection systems

As computer networks and interconnected systems continue to gain widespread adoption, ensuring cybersecu-rity has become a prominent concern for organizations, regardless of their scale or size. Meanwhile, centralized machine learning-based Anomaly Detection (AD) methods have shown promising results in improving the accuracy and efficiency of Network Intrusion Detection Systems (NIDS). However, new challenges arise such as privacy concerns and regulatory restrictions that must be tackled. Federated Learning (FL) has emerged as a solution that allows distributed clients to collaboratively train a shared model while preserving the privacy of their local data. In this paper, we propose Fed-ANIDS, a NIDS that leverages AD and FL to address the privacy concerns associated with centralized models. To detect intrusions, we compute an intrusion score based on the reconstruction error of normal traffic using various AD models, including simple autoencoders, variational autoencoders, and adversarial autoencoders. We thoroughly evaluate Fed-ANIDS using various settings and popular datasets, including USTC-TFC2016, CIC-IDS2017, and CSE-CIC-IDS2018. The proposed method demonstrates its effectiveness by achieving high performance in terms of different metrics while preserving the data privacy of distributed clients. Our findings highlight that autoencoder-based models outperform other generative adversarial network-based models, achieving high detection accuracy coupled with fewer false alarms. In addition, the FL framework (FedProx), which is a generalization and re-parametrization of the standard method for FL (FedAvg), achieves better results. The code is available at

Automated summary

With the increased adoption of computer networks and interconnected systems, cybersecurity has become a major concern for organizations of all sizes. Centralized machine learning-based Anomaly Detection (AD) methods have shown promise in improving Network Intrusion Detection Systems (NIDS), but new challenges such as privacy concerns and regulatory restrictions need to be addressed. Federated Learning (FL) offers a solution by allowing distributed clients to collaboratively train a shared model while preserving data privacy. In this paper, we propose Fed-ANIDS, a NIDS that uses AD and FL to address privacy concerns associated with centralized models. We evaluate Fed-ANIDS using various settings and datasets, demonstrating its effectiveness and ability to preserve data privacy.