SecFedDNN: A Secure Federated Deep Learning Framework for Edge–Cloud Environments

Abstract

Cyber threats that target Internet of Things (IoT) and edge computing environments are growing in scale and complexity, which necessitates the development of security solutions that are both robust and scalable while also protecting privacy. Edge scenarios require new intrusion detection solutions because traditional centralized intrusion detection systems (IDSs) lack in the protection of data privacy, create excessive communication overhead, and show limited contextual adaptation capabilities. This paper introduces the SecFedDNN framework, which combines federated deep learning (FDL) capabilities to protect edge–cloud environments from cyberattacks such as Distributed Denial of Service (DDoS), Denial of Service (DoS), and injection attacks. SecFedDNN performs edge-level pre-aggregation filtering through Layer-Adaptive Sparsified Model Aggregation (LASA) for anomaly detection while supporting balanced multi-class evaluation across federated clients. A Deep Neural Network (DNN) forms the main model that trains concurrently with multiple clients through the Federated Averaging (FedAvg) protocol while keeping raw data local. We utilized Google Cloud Platform (GCP) along with Google Colaboratory (Colab) to create five federated clients for simulating attacks on the TON_IoT dataset, which we balanced across selected attack types. Initial tests showed DNN outperformed Long Short-Term Memory (LSTM) and SimpleNN in centralized environments by providing higher accuracy at lower computational costs. Following federated training, the SecFedDNN framework achieved an average accuracy and precision above 84% and recall and F1-score above 82% across all clients with suitable response times for real-time deployment. The study proves that FDL can strengthen intrusion detection across distributed edge networks without compromising data privacy guarantees.

1. Introduction

The increasing adoption of Internet of Things (IoT) devices and edge computing architectures has fundamentally transformed modern digital infrastructures by enabling more responsive, scalable, and decentralized processing at the network edge. This shift has empowered a wide range of applications from intelligent transportation and smart healthcare to industrial automation and real-time surveillance systems that depend on low-latency data analytics and localized decision making [1,2,3]. By reducing reliance on centralized servers, edge computing helps minimize bandwidth consumption, improve response times, and preserve data privacy by allowing sensitive information to remain near its source [4]. However, as the number of interconnected devices continues to grow, so does the attack surface of these distributed systems, exposing them to a wide array of sophisticated cyber threats. According to recent surveys, IoT and edge environments have become frequent targets for cyberattacks, with adversaries exploiting heterogeneous configurations and limited security protections to launch large-scale intrusions, including Distributed Denial of Service (DDoS), Denial of Service (DoS), and injection attacks [5,6,7,8,9].

Traditional intrusion detection system (IDS) solutions, while effective in isolated network environments, often depend on centralized data aggregation and offline training processes. This approach presents major drawbacks when applied to edge-based systems, as it leads to communication overhead, privacy concerns due to data centralization, and an inability to model distributed data across decentralized devices, even when the data are identically distributed. Moreover, the dynamic and heterogeneous nature of edge environments demands lightweight yet intelligent intrusion detection mechanisms capable of operating locally while contributing to global system intelligence. Machine learning (ML) and deep learning (DL) approaches have demonstrated promising detection capabilities in centralized IDS architectures, but their success in decentralized edge settings remains constrained without a privacy-preserving collaborative learning model [10,11,12,13,14,15]. Federated learning (FL) has emerged as a transformative approach to overcome these challenges, particularly in security-critical edge–cloud environments. Unlike traditional centralized training paradigms, FL enables multiple decentralized clients, such as edge nodes, smart sensors, or user devices, to collaboratively train a global model without transmitting raw data to a central server [16]. The decentralized approach lowers privacy threats substantially while cutting down data transfer expenses and meeting the location-specific limitations often faced in edge computing networks. The combination of periodic local training rounds and secure parameter aggregation methods such as Federated Averaging (FedAvg) enables federated learning (FL) to maintain privacy while supporting collaborative learning models [17,18].

The latest developments show that FL can effectively work with IDS in IoT networks that have limited resources and diverse devices. These frameworks demonstrate considerable potential for preserving detection accuracy alongside sensitive information protection across multiple domains [4]. FL demonstrates architectural benefits but becomes a complex system affected by client availability, synchronization delays, and resource diversity, even with uniform data distribution. Security applications show critical sensitivity to this environment because certain clients are targeted by injection attacks while others mainly face benign traffic or DDoS patterns [19]. The varied capabilities of hardware, along with energy limitations and communication reliability differences between federated nodes, create substantial effects on training consistency and synchronization. System performance suffers when model drift combines with inconsistent updates caused by these discrepancies. The FL framework faces a distinctive detection challenge when dealing with distributed threats like DDoS attacks that manifest through multi-source traffic flows with high volume. FL’s decentralized framework obstructs prompt coordination and global model convergence among clients even when data follow Independent and Identically Distributed (IID) conditions [20,21]. Although FL provides benefits in terms of data privacy and collaborative intelligence development, its robustness and operational efficiency during real-world edge deployments are still research topics that need enhanced optimization through client-focused aggregation methods alongside attack-specific feature adjustments and adaptive learning techniques [10,16].

This paper introduces SecFedDNN, which offers a secure and efficient Federated Deep Neural Network (FL-DNN) framework designed to operate efficiently within edge–cloud environments. The new framework utilizes federated learning protocols alongside cloud–edge orchestration and a specialized deep learning backbone for detecting multiple attack classes. This study examines three primary cyberattack categories: DDoS, DoS, and injection attacks by utilizing a balanced portion of the TON_IoT dataset for equitable evaluation of all attack types. We deploy the FL-DNN across five simulated clients that utilize Google Colaboratory and Google Cloud Platform (GCP) while training local models independently and applying the FedAvg strategy for central aggregation of these models. The objective is to validate the practicality, effectiveness, and efficiency of the proposed model under realistic edge computing constraints. Experimental evaluation demonstrates that the federated DNN model maintains high performance metrics, achieving consistent accuracy, precision, recall, and F1-score across multiple clients while effectively preserving privacy and computational scalability.

In this paper, we explore advanced strategies and architectural innovations in designing secure and privacy-preserving intrusion detection systems within edge–cloud environments. We provide a comparative evaluation of centralized DL models, namely, DNN, LSTM, and Simple Neural Network (SimpleNN), and demonstrate how FL can be integrated with the most effective model to enhance distributed security capabilities while maintaining data confidentiality. The key contributions of this research are as follows:

• We propose a multi-layered framework, SecFedDNN, designed to detect and classify cyberattacks (DDoS, DoS, Injection) using federated deep learning (FDL) mechanisms within edge–cloud environments. SecFedDNN enables edge nodes to train models while preserving privacy through decentralized learning collaboratively. Moreover, SecFedDNN performs edge-level pre-aggregation filtering through Layer-Adaptive Sparsified Model Aggregation (LASA) for anomaly detection while supporting balanced multi-class evaluation across federated clients.
• We further implemented FL-DNN and analyzed its performance using per-client metrics, confusion matrices, and performance curves. The results reveal strong detection performance, especially for DoS and injection attacks.
• To validate the proposed framework, we performed a comprehensive comparison between DNN, LSTM, and SimpleNN under centralized settings. Based on performance metrics such as accuracy, precision, recall, and F1-score, the DNN model was selected as the most robust for FL adaptation.

The remainder of this paper is organized as follows: Section 2 reviews recent works on FL for cybersecurity in edge environments and outlines key limitations in existing approaches. Section 3 presents the architecture of the proposed SecFedDNN framework, detailing its layered structure and security components. Section 4 describes the design of the FL-DNN model and its integration within the FL paradigm. Section 5 discusses the implementation setup, including the simulation environment, tools, and dataset configuration. Section 6 reports the experimental results, including centralized and federated evaluations. Finally, Section 7 concludes the paper with a summary of the findings and future research directions.

2. Related Work

Federated learning (FL) has emerged as a key enabler for developing privacy-preserving and collaborative intrusion detection systems in edge–cloud environments. By enabling multiple nodes to train a shared model without transmitting raw data, FL reduces privacy risks and supports scalable, decentralized learning across heterogeneous devices [10,22]. Current research combines DL architectures, including DNNs, LSTMs, and lightweight models within federated learning systems to identify advanced distributed cyberattacks [23,24,25]. This section examines recent advances in federated intrusion detection that form the basis of the proposed SecFedDNN framework.

2.1. Federated Learning for Intrusion Detection

Ferrag et al. [26] focused on federated deep learning (FDL) for IoT cybersecurity enhancement through assessments of Recurrent Neural Networks (RNNs), Convolutional Neural Networks (CNNs), and Deep Neural Networks (DNNs) in centralized environments and federated learning setups using datasets Bot-IoT, MQTTset, and TON_IoT. FDL improves detection accuracy while preserving privacy by first training models locally and then aggregating outcomes globally. The study shows that FDL is applicable across several domains like Industrial IoT (IIoT) and Edge Computing while endorsing protective measures, including homomorphic encryption and differential privacy. The study identifies particular limitations that involve both resource constraints and communication overhead. Our research targets the detection of DDoS, DoS, and injection attacks within a controlled edge–cloud environment as a means to showcase FDL’s specific strengths in distributed threat detection. Lazaros et al. [27] present a comprehensive analysis of how FL can achieve privacy preservation while supporting scalable learning across multiple distributed devices. Their study demonstrates resilience to adversarial threats using FedAvg alongside differential privacy and secure aggregation even when operating in Non-Independent and Identically Distributed (Non-IID) conditions. While Lazaros et al. provide a high-level perspective on FL’s potential across various application domains, our research distinguishes itself by implementing and experimentally validating an FL-based intrusion detection system, specifically tailored to identify cyberattacks such as DDoS, DoS, and injection within a realistic edge–cloud setting.

2.2. Deep Learning in Edge Environments

Wu et al. [28] introduce EdgeLSTM, which uses Grid Long Short-Term Memory (Grid LSTM) to process IoT time-series data with better latency and throughput performance in anomaly detection tasks. The research focuses on basic IoT functions that utilize centralized edge training processes. While Wu et al. present a powerful time-series-oriented framework for generic IoT applications, our work diverges by focusing on cyberattack detection in edge–cloud environments using federated DL. Unlike EdgeLSTM, which performs centralized training on edge nodes, our framework adopts a distributed learning approach across multiple clients to enhance security and collaboration. Shrestha et al. [29] propose an FL system safeguarding privacy through LSTM–autoencoder models with encrypted model updates for smart grid anomaly detection. The goal of this framework is to ensure privacy preservation and efficient data processing by keeping raw data localized on devices while transmitting encrypted model updates to a central server, utilizing homomorphic encryption methods for data security during aggregation. The method introduces two detection techniques, Mean Standard Deviation (MSD) and Median Absolute Deviation (MAD), with experimental evaluations demonstrating MSD’s superior performance. While Shrestha et al. rely on LSTM-AE for time-series anomaly detection, our work adopts a DNN-based FL approach that offers faster convergence and lower computational complexity, making it more suitable for deployment in resource-constrained edge–cloud environments.

2.3. Hybrid and Privacy-Preserving Federated Learning Approaches

In [30], the authors present DVACNN-Fed, an innovative intrusion detection framework designed for IIoT systems, integrating FL with hybrid deep learning models to address the dual challenges of privacy and security. The proposed architecture incorporates Variational Autoencoders (VAEs), CNNs, and attention mechanisms to improve feature extraction and enhance anomaly detection accuracy. Unlike Huang et al.’s emphasis on hybrid deep models with attention and variational encoding, our research highlights the effectiveness of simpler DNN in federated settings, achieving competitive detection performance with reduced model complexity and lower training overhead in edge–cloud environments. Belarbi et al. [31] propose an FL-based IDS specifically designed for IoT networks, aiming to overcome critical drawbacks in centralized IDSs, such as privacy vulnerabilities, scalability limitations, and difficulties in managing heterogeneous data. The study employed the TON-IoT dataset to simulate realistic non-IID data conditions and evaluated two FL-based models, one built on DNNs and the other using Deep Belief Networks (DBNs). While Belarbi et al. explore multiple model variants and aggregation techniques to address data heterogeneity, our work adopts a unified modeling approach and emphasizes in-depth evaluation of learning dynamics across clients, providing clearer insights into model behavior and convergence stability within federated environments.

2.4. Reinforcement Learning and Resource Optimization in Federated Learning

Kumar and Singh [32] employed Reinforcement Learning (RL) to propose a secure framework for the detection and prevention of DDoS attacks in IoT edge computing networks. The Message Driven-based RL (MD-RL) algorithm learns from detected attack patterns to dynamically update defensive measures through ongoing network traffic analysis. The research identifies problems with integrating systems in IoT environments that feature various protocols and infrastructures. Our research broadens the threat detection range through the examination of federated deep learning techniques, which can identify and categorize various cyberattack forms, such as DDoS, DoS, and injection attacks, using a single scalable framework. The FL-DLT3 framework introduced in [33] merges FL with Deep Reinforcement Learning (DRL) to enhance resource allocation optimization in EdgeIoT settings and resolves essential trade-offs between learning precision and energy efficiency. The framework applies the Twin Delayed Deep Deterministic Policy Gradient (TD3) algorithm to select IoT devices dynamically and distribute transmission power efficiently for optimal resource usage and strong model performance. Our research employs supervised federated deep learning to focus on multi-attack classification, which establishes a core difference from Zheng et al., who use DRL with LSTM for EdgeIoT resource scheduling. In [34], the study conducted an experimental evaluation of FL performance in edge computing environments by implementing a KubeEdge-based framework. The proposed method leverages the FedAvg algorithm to coordinate model training across distributed edge nodes without centralizing sensitive data. Unlike Kotecha et al., who focus on evaluating FL performance under system and statistical heterogeneity using benchmark image classification tasks, our study emphasizes cyberattack detection across distributed clients. Rather than optimizing client selection or convergence time, we prioritize the classification accuracy of diverse attack types using a unified federated deep learning framework. An accelerated training framework for DNNs in wireless federated edge learning systems that emphasizes efficiency, adaptability, and scalability is proposed by Ren et al. [35]. The key components of their system include batch size optimization, communication resource allocation, and latency-aware scheduling. A noted limitation is that maximizing learning efficiency may introduce bias in gradient aggregation under non-IID settings, a challenge acknowledged for future improvement. Unlike Ren et al., whose framework is tailored to optimize training configurations for general-purpose image classification in wireless environments, our research is specifically oriented toward security-centric applications, aiming to enhance FL capability in detecting and classifying cyber threats within edge computing systems.

2.5. Secure Aggregation and Poisoning Defense Mechanisms

The research presented in [36] introduces a two-phase MPC-enabled FL framework to enable privacy-preserving collaborative training across industrial IoT systems. The method uses Additive and Shamir secret sharing protocols to securely aggregate Neural Network (NN) models without exposing raw data. It operates in two phases: Phase I elects a small committee using peer-to-peer Multi-Party Computation (MPC), and Phase II aggregates local models through this committee. However, the framework assumes no collusion among committee members; if compromised, it may expose the aggregated model, making this a key limitation in trustless environments. While Kanagavelu et al. utilize NN primarily to demonstrate secure model aggregation using MPC in collaborative IIoT scenarios, our work centers on leveraging DL for precise cyberattack detection, where the model’s role is not only functional but critical for identifying complex threat patterns in distributed environments. Paper [37] proposes a facilitator-based approach to mitigate data poisoning attacks in FL within edge computing environments. The facilitator acts as an intermediary between client devices and the edge server, using a Support Vector Machine (SVM) to vet training data without compromising user privacy. Unlike Doku and Rawat’s approach, which integrates a lightweight SVM model within a pre-filtering mechanism to detect poisoned data prior to training, our study employs a unified DNN architecture that focuses on robust cyberattack classification during federated training, streamlining the detection process while maintaining model integrity across distributed clients. Yazdinejad et al. [38] propose a robust privacy-preserving FL model designed to defend against model poisoning attacks in both IID and non-IID data settings. The framework incorporates Additive Homomorphic Encryption (AHE) via the Paillier cryptosystem to secure local gradients and an internal auditor that evaluates encrypted updates using Gaussian Mixture Models (GMMs) and Mahalanobis Distance (MD) to detect malicious behavior. While their focus lies in enhancing privacy and robustness against internal adversaries, our work addresses a different security dimension by developing an effective attack classification framework that prioritizes accuracy, generalizability, and deployment feasibility across real-world edge–cloud environments.

2.6. Adversarial Threats and Adaptive Federated Learning in DDoS Detection

The authors in [39] investigate feature reconstruction attacks on DNN training in VFL, where the active party attempts to recover binary features held by the passive party using intermediate outputs exchanged during training. They propose two attack methods, one based on solving linear equations and the other on linear regression, and evaluate them on five real-world datasets: Bank, Credit, Mushroom, Nursery, and Covertype. However, the attacks rely on the model being split at the input layer, and the masquerade method may not provide full protection if attackers adapt to partial leakage. In [40], the study explored FLAD, a novel adaptive FL approach tailored for DDoS attack detection in dynamic and privacy-sensitive environments. The method employs a Multi-Layer Perceptron (MLP) and introduces a client-driven training strategy, where local computation measured by training epochs and gradient steps is allocated based on each client’s validation accuracy. Unlike FLAD, which is specifically tailored for detecting and adapting to DDoS attack variations, our work expands the detection scope by addressing multiple categories of cyber threats, such as DDoS, DoS, and injection within a unified federated framework, offering broader applicability to diverse attack surfaces in edge–cloud systems.

3. SecFedDNN Framework Architecture

This section presents the architectural design of SecFedDNN, a secure, federated deep learning framework tailored for edge–cloud environments. The proposed framework is engineered to support decentralized intelligence with robust security and privacy preservation. As illustrated in Figure 1. SecFedDNN is composed of four hierarchical layers: the Device Layer, the Edge Layer, the Federated Learning Layer, and the Cloud Layer. Each layer fulfills a critical role in enabling distributed training of DNNs under the FL paradigm while defending against cyber threats and ensuring end-to-end data confidentiality.

3.1. Device Layer

This is the foundational tier of the SecFedDNN framework, comprising a diverse set of resource-constrained, heterogeneous end devices including smartphones, smart sensors, surveillance units, and industrial IoT nodes. These devices act as the primary data producers, collecting localized and often sensitive information such as environmental conditions, behavioral patterns, or network traffic. To preserve user privacy, each device independently trains a local instance of the deep learning model FL-DNN on its own private dataset without sharing raw data [29]. Only the encrypted model updates (weights) are transmitted to the edge, significantly reducing the risk of data leakage. This layer enables context-aware learning while ensuring minimal exposure to external threats, supporting personalized adaptation to local data characteristics, and contributing securely to the global model aggregation process. In this layer, Eagent is used to monitor local device activity and extract relevant features from the TON_IoT dataset for training.

3.2. Edge Layer

This serves as an intermediary processing domain that bridges the device endpoints with higher-level federated orchestration. It is composed of edge servers or gateways deployed closer to the data sources, typically at the network periphery. These edge nodes receive encrypted model updates from the Device Layer and execute critical security, validation, and coordination functions. Within SecFedDNN, the Edge Layer is responsible for performing pre-aggregation filtering, which includes checking model updates for anomalies, adversarial patterns, or poisoned gradients. The Layer-Adaptive Sparsified Model Aggregation (LASA) forms the basis of the pre-aggregation filtering procedure, which sparsifies client updates before aggregation to both reduce malicious parameter impacts and limit interference from non-essential parameters for later filtering steps (more details on the pre-aggregation filtering can be found in [41]). This process evaluates historical norms by measuring variations in gradient magnitudes along with directional consistency and weight distribution data. The gradients of malicious actors display erratic variability and sudden shifts that deviate markedly from established norms, supporting local inference for low-latency applications by utilizing partial models when full model synchronization is delayed and providing temporary coaching and buffering for update synchronization to account for unreliable connectivity or device churn [32,37]. This layer is essential for reducing communication overhead to the cloud, enabling bandwidth efficiency, and localizing threat mitigation strategies when cyber incidents are detected.

3.3. Federated Learning Layer

The control plane establishes secure collaborative training for distributed clients. This system securely aggregates FL-DNN model updates from different edge nodes through privacy-preserving methods. The primary design principle of this layer involves strong protection from adversarial tampering. Before inclusion into the aggregation pool, the model updates from the edge layer undergo both integrity checks and trust evaluations. The aggregation process creates an intermediate global model that captures all client knowledge collectively while maintaining individual data privacy. The cloud layer receives the model for further refinement, as well as storage and distribution. TensorFlow Federated (TFF) enables this layer to perform model aggregation securely while ensuring scalability and customization capabilities.

3.4. Cloud Layer

The cloud layer acts as the primary control and intelligent core of the SecFedDNN framework. The cloud layer controls the master global FL-DNN model while receiving secure updates from federation learning insights. The cloud infrastructure provides scalable computational resources required for heavy-duty model validation, consistency checks, retraining cycles, and performance analytics. Importantly, the cloud layer plays a pivotal role in ensuring long-term system-wide security through functionalities such as model deployment policies, where updated global models are selectively dispatched to clients based on device trust levels, risk scores, and computational capacities [34]. The cloud also enforces advanced access control mechanisms, such as role-based policies, identity management, and key rotation, to restrict unauthorized interaction with the learning pipeline. Once the global model is finalized, it is pushed back down the hierarchy to edge and client devices for further training and inference.

4. FL-DNN Model

FL has become a pivotal paradigm for privacy-preserving and distributed model training, especially in the context of edge–cloud environments where data sensitivity, device heterogeneity, and network constraints are prevalent. In this paradigm, decentralized clients collaboratively train a shared global model under the orchestration of a central server, without the need to transfer raw data beyond the local environment. This method ensures user privacy, minimizes communication overhead, and supports scalable deployment across diverse infrastructures. Extensive studies in the literature [26,30] have verified the potential of FL for strengthening cybersecurity applications, including intrusion detection, by enabling knowledge transfer across clients while keeping data localized.

In parallel, DNNs have demonstrated exceptional capabilities in modeling high-dimensional and complex data patterns, making them particularly suitable for tasks involving anomaly and intrusion detection. Prior research [35] has emphasized the computational efficacy and representational power of DNNs when applied in federated edge computing settings. Their multi-layered architecture enables progressive abstraction of features, from low-level signal attributes to high-level semantic patterns, enhancing the accuracy and robustness of detection systems.

Building upon these complementary strengths, we propose a unified FL-DNN architecture that integrates the federated training mechanism with a deep learning core to address the limitations of traditional centralized IDS frameworks. As illustrated in Figure 2, this architecture comprises multiple clients, each maintaining an independent DNN instance coordinated through periodic synchronization with a central aggregation server. The clients are assumed to possess private IID data subsets that are evenly distributed across devices, ensuring uniform representation of attack categories and consistent training conditions.

At the start of each communication round r, the server broadcasts the global model parameters ${\theta }^r$ to all participating clients ${\mathit{u}}_j\in u$; each client updates its local model using:

$${\theta }_j^{r+1}={\theta }_j^r-\lambda \nabla \mathcal{L}(h_w,Z_j)$$

(1)

where ${\theta }_j^r$ denotes local model weights, $\lambda$ denotes the learning rate, and $\nabla \mathcal{L}(h_w,Z_j)$ denotes the local gradient evaluated on dataset $Z_j$. The empirical loss for client j is minimized as follows:

$$Q_j\left(\theta \right)={\displaystyle \frac{1}{|Z_j|}}\sum _{x,y\in Z_j}=\mathcal{L}(h(x;\theta ),y)$$

(2)

Once local training is completed, each client transmits the updated model parameters ${\theta }_j^{(r+1)}$ to the central server. The server executes the FedAvg algorithm to aggregate the updates:

$${\theta }^{r+1}=\sum _{j=1}^M{\displaystyle \frac{m_j}{m}}{\theta }_j^{r+1}$$

(3)

where M denotes the number of clients, $m_j$ is the size of the dataset at client j, and ${\sum }_{j=1}^M{m}_j$ is the total number of data samples across all clients. This weighted averaging ensures that clients with larger data contributions have a proportionally greater influence on the global model.

Clients receive the updated global model ${\theta }^{r+1}$ so they can begin training in the next round. The iterative process carries on through R communication rounds until convergence has been reached. The definition of the final global model $h(w*)$ stands as:

$$h_{w*}={argmin}_w\sum _{r=1}^R\mathcal{L}(h_w,Z)$$

(4)

where $Z={\cup }_{j=1}^M{Z}_j$ represents the complete aggregation of all local datasets collected. Once convergence completes, the model functions at the edge for real-time intrusion detection with low latency and strong data privacy protections.

The FL-DNN model tackles fundamental challenges of edge-based intrusion detection by maintaining data confidentiality through local data storage and minimizing dependence on centralized systems. The framework capitalizes on deep neural networks’ layered representation abilities alongside federated learning’s collaborative training strengths to enable successful identification of challenging distributed attacks, which include DDoS, DoS, and injection threats that traditional detection methods find hard to detect. The technical foundation of the SecFedDNN framework described within the system architecture enables secure intrusion detection through collaborative operations between edge and cloud environments. The FL-DNN architecture achieves effective, high-accuracy threat detection for IoT and edge computing environments through its iterative model improvement process and secure parameter exchange methods [35,38].

5. Implementation

The implementation workflow for the proposed SecFedDNN framework is demonstrated in this section through a simulated edge–cloud FL environment. The experimental setup simulated real-world deployment scenarios, which emphasized distributed training alongside model aggregation and secure data management. The following subsections provide details about the technical infrastructure and dataset utilized for system performance evaluation.

5.1. Environment and Tools

Our implementation of the SecFedDNN framework took place within a hybrid cloud–edge simulation environment that integrated Google Cloud Platform (GCP) and Google Colaboratory (Colab) capabilities. The central coordination server and model aggregation logic operated on GCP through a Compute Engine e2-standard-4 virtual machine with 4 vCPUs and 16 GB RAM running Debian-based Linux. The selected specification strikes an optimal balance between computational power and cost efficiency to manage federated training rounds together with model versioning and communication tasks. Five virtual clients representing independent federated participants were emulated using Google Colaboratory notebooks to mimic distributed edge devices. Local model training used an optional NVIDIA Tesla T4 GPU alongside Intel Xeon CPUs and about 12 GB of RAM to speed up convergence within the Colab environment. The dataset was partitioned into IID subsets, which were distributed to each client to maintain uniform data distribution across all participants [42]. Researchers deliberately chose this setup to ensure consistent client behavior throughout experiments and create a stable test environment for baseline performance evaluation of the SecFedDNN framework. Python 3.10 served as the foundation for building the implementation pipeline, which employed NumPy and Pandas for data preprocessing and manipulation, along with TensorFlow and Keras for developing and training models, while TensorFlow Federated (TFF) enabled secure local training as well as global model aggregation and round coordination. Keycloak served as the access management solution with role-based control on the server side. TensorBoard handled the logging and monitoring of training sessions to visualize performance metrics like accuracy and loss trends, as well as client synchronization consistency. The setup allowed for practical and reproducible testing of SecFedDNN within a cloud-based federated learning environment while enabling systematic experiments under real-world computational and network conditions [36].

5.2. Dataset

We evaluated the SecFedDNN framework’s effectiveness in detecting real-world cyberattacks using the TON_IoT dataset, which functions as a standard benchmark for modern attack patterns in IoT and IIoT systems. UNSW Canberra’s Cyber Range Lab produced a dataset that encompasses detailed telemetry and network flow information from various smart settings such as home automation, surveillance systems, and industrial control devices. The dataset incorporates both non-malicious and malicious traffic, which allows intrusion detection systems to be trained and evaluated within edge–cloud environments [43].

Our study examined three essential attack types, namely DDoS, DoS, and injection. The selection of these categories was based on their common occurrence in IoT networks along with their significant effects on edge-based system operations. To maintain equilibrium between classes and minimize training bias, we chose 3000 labeled records for each attack type, which formed a balanced subset of 9000 samples. The dataset was divided into a training set of 80%, 7200 samples, and a testing set of 20%, 1800 samples. The dataset was split using stratification to maintain consistent class ratios in both training and test sets for reliable model evaluation.

• Distributed Denial of Service (DDoS) Attacks: They use numerous hijacked devices that direct massive traffic volumes at a target system all at once. The TON_IoT-extracted DDoS records show distributed packet flooding patterns, which include fast connection attempts along with high source IP entropy and packet bursts. The model faces significant challenges when detecting distributed attacks across fragmented edge data due to these characteristics, which makes this attack category critical for evaluating FL resilience in collaborative settings.
• Denial of Service (DoS) Attacks: They originate from a single source and work by bombarding a service with multiple requests to create system overload. The TON_IoT dataset reveals DoS attack characteristics through repeated protocol requests, excessive request frequency, and service timeout anomalies. The experimental subset contains DoS samples to enable the model to detect localized high-frequency attacks, which frequently occur in resource-limited edge systems.
• Injection Attacks: Attackers use input fields at the application layer to execute harmful scripts or database queries through injection attacks. The dataset TON_IoT features different injection attack types such as command injection and SQL injection. The samples demonstrate unorthodox string formations and abnormal parameter values along with command-line sequence patterns. Federated systems need precise anomaly detection because identifying subtle irregularities locally can stop malicious data from corrupting global model updates.

The TON_IoT dataset subset includes a balanced distribution of attack types and partitioned training and testing sets, which serves as a solid foundation for model performance evaluation under realistic federated learning constraints [43].

6. Experimentation and Result

The experimental design and evaluation results used to validate the performance of the proposed SecFedDNN framework are presented in this section. The experimental process involves initial centralized evaluation of various DL architectures to determine the optimal intrusion detection model, followed by federated deployment and testing of the selected model on simulated edge clients. Standard classification metrics analyze results that reveal model performance and real-world applicability for distributed IoT security scenarios.

6.1. Baseline Evaluation of Centralized Models

To identify the most suitable architecture for integration within the FL framework, we conducted a baseline comparison of three deep learning models, including Simple Neural Network (SimpleNN), Long Short-Term Memory (LSTM), and DNN in a centralized training setup. The objective was to evaluate their effectiveness in detecting DDoS, DoS, and injection attacks using the curated subset of the TON_IoT dataset described in Section 5.2. All models were trained using the same stratified 80/20 training–testing split, totaling 7200 samples for training and 1800 for testing, with 3000 samples per attack type. Training was performed over 30 epochs using the Adam optimizer with a learning rate of 0.001 and a batch size of 32. Key evaluation metrics included accuracy, precision, recall, F1-score, and response time.

As shown in Figure 3, the DNN model achieved the highest and most stable validation accuracy across training epochs, peaking at 84.6%, while both LSTM and SimpleNN lagged behind. LSTM showed fluctuations in early training but remained consistent after epoch 20, whereas SimpleNN plateaued quickly, indicating limited learning capacity. In terms of precision, illustrated in Figure 4, DNN outperformed the other models, reaching a peak precision of 0.846. SimpleNN followed closely with 0.842, while LSTM trailed with slightly lower but stable results (i.e., 0.838). This trend indicates DNN’s superior ability to reduce false positives, particularly in distinguishing injection and DDoS traffic.

The recall scores shown in Figure 5 reveal that DNN maintained a higher recall throughout training, reaching 0.834, indicating more effective detection of actual attack samples. SimpleNN and LSTM gradually improved but remained below the performance of DNN, especially for DDoS samples. Figure 6 highlights the F1-score curves, where DNN consistently outperformed other models, achieving a final score above 0.83. This reflects its balanced performance in terms of both precision and recall. Although SimpleNN and LSTM showed convergence, they remained below DNN by a consistent margin. More details regarding the DNN, SimpleNN, and LSTM models’ performance (i.e., in terms of accuracy, precision, recall, F1-score, and response time) against each targeted attack can be found in

Table 1. DNN: a performance comparison.

Attacks	Accuracy	Precision	Recall	F1-Score	Response Time
DDoS	0.63	0.89	0.62	0.73	29.10 s
DoS	0.97	0.87	0.98	0.93	27.12 s
Injection	0.90	0.77	0.90	0.83	28.53 s

,

Table 2. SimpleNN: a performance comparison.

Attacks	Accuracy	Precision	Recall	F1-Score	Response Time
DDoS	0.61	0.88	0.61	0.72	30.96 s
DoS	0.96	0.87	0.97	0.93	29.25 s
Injection	0.87	0.76	0.89	0.82	30.15 s

, and

Table 3. LSTM: a performance comparison.

Attacks	Accuracy	Precision	Recall	F1-Score	Response Time
DDoS	0.63	0.86	0.62	0.72	39.46 s
DoS	0.98	0.87	97	0.93	37.13 s
Injection	0.88	0.77	0.88	0.82	38.25 s

, respectively.

To further analyze model behavior, confusion matrices were constructed to assess class-wise predictions. Figure 7 shows the DNN confusion matrix, where DoS samples were predicted with high accuracy (i.e., 3005/3006), and injection attacks were correctly identified in 2684 cases. In contrast, Figure 8 (SimpleNN) shows similar strength in DoS detection (i.e., 3003/3006) but more misclassification of DDoS and injection samples. Meanwhile, Figure 9 (LSTM) presents more confusion between DDoS and injection, with 789 DDoS samples misclassified as injection and slightly lower accuracy on the injection class (i.e., 2670 correctly classified).

These results collectively demonstrate that the DNN model provides the most balanced and efficient performance, offering superior accuracy, lower false positives, and a faster response time. Based on these findings, DNN was selected as the core model for integration within the FL framework presented in Section 6.2.

6.2. Experimental Results and Evaluation

To evaluate the effectiveness and adaptability of the proposed FL-DNN model under FL settings, a comprehensive set of experiments was conducted across five simulated clients, each representing an independent edge node with access to an IID partition of the TON_IoT dataset. The evaluation focused on key classification metrics: validation accuracy, precision, recall, F1-score, and confusion matrices, measured over 30 federated training rounds. The goal was to assess not only the detection accuracy but also the model’s generalization behavior in a privacy-preserving, distributed learning environment.

The progression of validation accuracy over the training rounds is depicted in Figure 10, where all clients demonstrate clear trends. While slight variations were observed in the initial stages, the models began to stabilize after approximately 15 rounds, with final validation accuracy values ranging between 83.5% and 84.7%. This reflects the consistency and reliability of the FL-DNN architecture in learning across identically distributed client partitions without centralized access to raw data. In terms of precision, illustrated in Figure 11, most clients achieved values exceeding 0.84. Client 1 showed superior precision, likely due to more distinct local patterns in its data subset. Figure 12 presents the recall curves, indicating that all clients reached values above 0.82 by the final rounds. This signifies the model’s ability to effectively detect actual attack cases. The F1-score trends, shown in Figure 13, confirm the model’s capacity to maintain a balanced trade-off between precision and recall, with final scores consistently above 0.825 for all clients.

Further insights into the per-class classification performance are provided through the confusion matrices in Figure 14, Figure 15, Figure 16, Figure 17 and Figure 18. These visualizations highlight the distribution of predictions across the three attack classes (i.e., DDoS, DoS, and injection). For instance, Client 1 (see Figure 14) shows nearly perfect classification for DoS samples and competitive performance on injection, whereas DDoS misclassifications remain higher. Similar behavior is seen across other clients, with some degree of confusion between DDoS and injection attacks, particularly in Clients 3 and 4 (i.e., in Figure 16 and Figure 17); although the dataset is IID, class overlap may still lead to misclassification challenges.

A detailed quantitative summary is presented in

Table 4. FL-DNN: a performance comparison for 5 clients.

Clients	Attacks	Accuracy	Precision	Recall	F1-Score	Response Time
Client 1	DDoS	0.69	0.91	0.60	0.72	15.83 s
	DoS	1	0.88	1	0.93
	Injection	0.91	0.76	0.92	0.83
Client 2	DDoS	0.70	0.84	0.60	0.70	16.34 s
	DoS	0.99	0.89	0.99	0.94
	Injection	0.86	0.74	0.87	0.80
Client 3	DDoS	0.66	0.89	0.56	0.69	16.45 s
	DoS	0.99	0.88	0.99	0.93
	Injection	0.91	0.73	0.91	0.81
Client 4	DDoS	0.56	0.92	0.47	0.62	16.54 s
	DoS	1	0.88	1	0.94
	Injection	0.93	0.69	0.94	0.79
Client 5	DDoS	0.62	0.91	0.53	0.67	15.28 s
	DoS	0.99	0.88	1	0.94
	Injection	0.92	0.71	0.92	0.81

, which reports the accuracy, precision, recall, F1-score, and response time for each client and attack type. DoS attacks consistently achieved the highest performance, with F1-scores reaching up to 0.93. Injection attacks followed, with scores ranging from 0.81 to 0.83, depending on the client. DDoS detection, however, remained the most challenging, with lower accuracy (i.e., around 61% to 64%) and F1-scores between 0.72 and 0.73, even though precision stayed above 0.85 in most cases. The average response time for clients ranged between 25.5 and 30.1 s, demonstrating practical efficiency for real-time detection applications in edge environments. Experimental conditions variations cause distinct differences in the response times between centralized and federated learning scenarios. During the centralized learning model, inference and training occur on one server that accesses all data at once, resulting in uniform computational efficiency and reduced communication delays. The federated approach uses multiple simulated clients that simultaneously process data under different resource constraints and network latencies affecting synchronization and local processing time. The environmental conditions lead to marginally increased yet functional response times within the federated deployment.

Although the overall results confirm the strength and adaptability of federated DL in intrusion detection, it is important to note the relatively lower performance in classifying DDoS attacks. This pattern, observed consistently across clients, does not stem from a limitation in the FL paradigm itself. Rather, it reflects the intrinsic complexity of DDoS traffic, which involves high-volume, multi-source flows that often mimic legitimate network behavior. Compared to DoS and injection attacks, both of which exhibit localized, structured features, DDoS patterns are temporally dynamic and spatially dispersed, making them more difficult to detect. Nevertheless, the FL-DNN model maintained low response times and competitive classification metrics, validating its feasibility for deployment in edge-centric systems. The decentralized structure of FL also allows each client to develop context-sensitive detection capabilities, enhancing adaptability in real-world IoT ecosystems. As emphasized in the prior literature, such as Lee et al. [44], FL systems may face generalization limitations when detecting globally coordinated attacks like DDoS due to fragmented feature representation across clients.

This observation should not be seen as a drawback but as an opportunity for optimization. Future work may incorporate cross-client feature alignment, robust aggregation methods, and attack-specific feature augmentation to improve detection fidelity for complex threats. Overall, the findings reaffirm the structural advantages of FL and highlight the importance of tailoring detection strategies to the nature of each attack vector, particularly in dynamic and distributed environments.

7. Conclusions and Future Work

This research presented SecFedDNN, which serves as a secure federated deep learning framework created to tackle increasing cybersecurity issues within edge–cloud environments. The framework combines Deep Neural Networks (DNNs) with federated learning (FL) protocols to achieve collaborative intrusion detection across distributed clients with data privacy protection and reduced communication overhead. Centralized deep learning model evaluation revealed that Deep Neural Networks (DNNs) provide optimal balance among detection accuracy, precision, and inference speed. A further evaluation was conducted on the FL-DNN framework across five simulated edge clients with a balanced portion of the TON_IoT dataset. Through experimental evaluation, the framework demonstrated high-performance detection and classification of Distributed Denial of Service (DDoS), Denial of Service (DoS), and injection attacks, reaching an average accuracy and precision of over 84%, and recall and F1-score above 82% across all clients while maintaining response times suitable for real-time application deployment.

The FL-DNN model demonstrated lower classification accuracy for DDoS attacks despite its overall strong performance because DDoS attacks involve higher complexity from multiple sources and dynamic behavior. The current performance gap emphasizes the requirement for advanced optimization techniques in federated settings where attack characteristics are distributed across various clients.

Future work will investigate multiple methods for overcoming the current obstacles. Our initial research direction includes applying adaptive aggregation strategies like Federated Proximal (FedProx) or Federated Curvature (FedCurv) to achieve better convergence when dealing with heterogeneous or imbalanced data distributions. In our research, we will focus on enhancing detection capabilities through the design-level integration of cross-client feature alignment alongside global attention modules and adaptive aggregation techniques to effectively model multi-source traffic behavior. Through these improvements, the framework will become more capable of tackling both spatial and temporal aspects of DDoS attacks within distributed edge-cloud systems. Furthermore, future research should explore developing the SecFedDNN framework to include Federated Semi-Supervised Learning (FSSL) capabilities because this approach is advantageous in edge environments with limited labeled data availability. Relation-Guided Versatile Regularization (RGVR) stands out as a recent technique that uses both labeled and unlabeled data to protect client privacy. The integration of these methods would improve model generalization across different clients while minimizing annotation overhead, which proves essential for practical IoT and IIoT applications. Moreover, FL needs to address the retrogress issue since client performance can drop after global aggregation when dealing with imbalanced or heterogeneous datasets. Personalization strategies within SecFedDNN can strengthen model stability and performance when operating in various edge environments.