Enhancing Federated Intrusion Detection with Class-Specific Dynamic Sampling

Youm, Sungkwan; Kim, Taeyoon

doi:10.3390/app15095067

This is an early access version, the complete PDF, HTML, and XML versions will be available soon.

Open AccessArticle

Enhancing Federated Intrusion Detection with Class-Specific Dynamic Sampling

by

Sungkwan Youm

¹

and

Taeyoon Kim

^2,*

¹

Department of Information and Communication Engineering, Wonkwang University, Iksan 54538, Republic of Korea

²

Department of Mobile System Engineering, Dankook University, Yongin-si 16890, Republic of Korea

^*

Author to whom correspondence should be addressed.

Appl. Sci. 2025, 15(9), 5067; https://doi.org/10.3390/app15095067

Submission received: 22 February 2025 / Revised: 29 April 2025 / Accepted: 30 April 2025 / Published: 2 May 2025

(This article belongs to the Special Issue State-of-the-Art of Network Attack Detection and Situation Awareness Analysis)

Download Versions Notes

Abstract

Federated Learning (FL) presents a promising approach for collaborative intrusion detection while preserving data privacy. However, current FL frameworks face challenges with non-independent and identically distributed (non-IID) data and class imbalances in network security contexts. This paper introduces Dynamic Sampling-FedIDS (DS-FedIDS), a novel framework that enhances federated intrusion detection through adaptive sampling and personalization. DS-FedIDS extends the Federated Learning with Personalization Layers (FedPer) architecture by incorporating dynamic up/down sampling to address class imbalance issues in network security datasets. The framework maintains a global model for shared attack detection while enabling client-specific adaptation through personalized layers. Our approach effectively handles heterogeneous network environments, including Content Delivery Networks, Internet of Things, and industrial systems, each with distinct traffic patterns and attack profiles. Experimental results demonstrate that DS-FedIDS outperforms baseline FedPer in accuracy and efficiency, achieving superior detection rates across diverse attack classes while maintaining reasonable training overhead. Notably, DS-FedIDS excels in detecting minority attack classes and adapting to client-specific normal traffic patterns, making it ideal for real-world intrusion detection scenarios with inherently imbalanced and heterogeneous data distributions.

Keywords: federated learning; intrusion detection systems; dynamic sampling; personalization; class imbalance; non-IID data; network security; distributed learning; adaptive sampling

Share and Cite

MDPI and ACS Style

Youm, S.; Kim, T. Enhancing Federated Intrusion Detection with Class-Specific Dynamic Sampling. Appl. Sci. 2025, 15, 5067. https://doi.org/10.3390/app15095067

AMA Style

Youm S, Kim T. Enhancing Federated Intrusion Detection with Class-Specific Dynamic Sampling. Applied Sciences. 2025; 15(9):5067. https://doi.org/10.3390/app15095067

Chicago/Turabian Style

Youm, Sungkwan, and Taeyoon Kim. 2025. "Enhancing Federated Intrusion Detection with Class-Specific Dynamic Sampling" Applied Sciences 15, no. 9: 5067. https://doi.org/10.3390/app15095067

APA Style

Youm, S., & Kim, T. (2025). Enhancing Federated Intrusion Detection with Class-Specific Dynamic Sampling. Applied Sciences, 15(9), 5067. https://doi.org/10.3390/app15095067

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Menu

Enhancing Federated Intrusion Detection with Class-Specific Dynamic Sampling

Abstract

Share and Cite

Article Metrics

Article Access Statistics

Further Information

Guidelines

MDPI Initiatives

Follow MDPI