SAFE-IDS: A privacy-preserving framework for overcoming non-IID challenges in federated intrusion detection

Federated learning has advanced intrusion detection systems (IDS) by enabling collaborative model training without requiring direct data sharing. This approach allows multiple institutions to contribute to and benefit from a shared model, enhancing detection capabilities. Despite these advances, the security of model updates remains a significant concern, as malicious actors may reverse-engineer the underlying data from these updates. Additionally, existing federated learning techniques struggle with non-IID (non-Independent and Identically Distributed) data distributions and are vulnerable to inference attacks on model updates. For example, methods like SignSGD, while providing some privacy benefits through gradient sign manipulation, suffer from accuracy degradation, especially when dealing with non-IID data. Similarly, FedAvg, while effective in handling non-IID data, is prone to privacy breaches as it transmits full model updates, potentially revealing sensitive information. To address these challenges, we propose SAFE-IDS, a novel framework combining gradient sign-based aggregation with the zSignFedAvg optimizer. Unlike SignSGD, it incorporates a unified learning rate and weighted loss function to mitigate accuracy loss in non-IID settings. Additionally, while FedAvg shares full model updates, SAFE-IDS only shares gradient signs, enhancing privacy. The integration of zSignFedAvg balances privacy and convergence speed, accelerating convergence and improving robustness, particularly for class imbalance. Notably, SAFE-IDS is the first federated network intrusion detection system that effectively maintains privacy while adeptly managing non-IID data. Our empirical evaluation demonstrates that SAFE-IDS achieves an impressive accuracy of up to 99.74% across various IDS datasets and a varying number of clients, proving its effectiveness in both securing client data and maintaining high model performance.