Model optimization in federated intrusion detection systems: a survey of aggregation, communication, and personalization
摘要
Federated learning (FL) has become a promising paradigm for building privacy-preserving intrusion detection systems (IDS) in distributed cloud–edge environments, yet existing reviews do not sufficiently explain which model-level optimization choices determine practical deployability under heterogeneity, communication constraints, and evolving attacks. This survey addresses that problem by reviewing representative FL-IDS studies through a model-optimization lens, with primary emphasis on centralized horizontal FL-IDS in cloud–edge settings, and by organizing the literature into three tightly coupled dimensions: aggregation, communication-efficient transmission, and personalization. Through comparative analysis of representative methods, we find that these dimensions jointly shape not only detection accuracy, communication efficiency, and local adaptability, but also rare-attack recall, robustness to unreliable updates, concept-drift handling, and deployment latency. The survey further shows that current FL-IDS research remains limited by weak support for structural heterogeneity, static compression strategies, insufficient long-term personalization, and a lack of realistic cloud–edge evaluation. Overall, the evidence suggests that practical FL-IDS requires co-optimization across model design, communication, and deployment orchestration. As a survey, this study is constrained by the inconsistency of published datasets, metrics, and experimental protocols; accordingly, we advocate standardized benchmarks, realistic testbeds, coupling-aware aggregation, attack-aware transmission, and parameter-efficient drift adaptation for scalable and deployable federated intrusion detection.