Federated Intrusion Detection Under Non-IID Traffic
摘要
Botnet intrusion detection faces several critical challenges, including data silos, significant class imbalance, privacy concerns, and non-independent and identically distributed (Non-IID) client data. To address these challenges, we propose a novel intrusion detection framework based on federated learning. Our framework allows isolated data holders to collaboratively train a shared model while preserving data privacy. To mitigate aggregation bias caused by statistical heterogeneity in the federated setting, we introduce a Jensen-Shannon (JS) divergence-based client similarity-aware aggregation strategy, which dynamically adjusts each client’s contribution during global model updates. Furthermore, we integrate the Synthetic Minority Over-sampling Technique (SMOTE) and Focal Loss into the local training process to enhance the model’s capability in detecting minority-class attack traffic. Extensive experiments conducted on the publicly available CTU-13 botnet dataset demonstrate that our approach significantly outperforms both conventional centralized models and standard federated learning baselines in terms of accuracy, F1-score, and other key metrics. The results highlight the framework’s effectiveness in privacy-preserving modeling of imbalanced and Non-IID intrusion detection data.