Privacy-Preserving Collaborative Defence: Federated Learning for Intrusion Detection on the ToN_IoT Dataset

Abstract

The rapid proliferation of Internet of Things (IoT) devices across smart homes, industrial automation, and healthcare networks has expanded the cyber-attack surface while generating distributed, privacy-sensitive network telemetry that centralised intrusion detection systems cannot collect without creating regulatory and operational risks. Centralised IDS architectures are less suitable for the distributed, heterogeneous IoT deployment reality and may conflict with data sovereignty frameworks such as the General Data Protection Regulation (GDPR). This paper proposes and evaluates a Privacy-Preserving Collaborative Intrusion Detection System (PP-CIDS) using Federated Learning (FL) on the ToN_IoT benchmark. A lightweight multi-layer perceptron (MLP) is trained through FedAvg aggregation across ten simulated edge clients and compared against centrally-trained Random Forest (RF) and DNN reference baselines. Asynchronous FL with FedProx regularisation is evaluated against synchronous FL for convergence efficiency and communication overhead. The impact of Non-IID data heterogeneity is quantified using Dirichlet concentration parameter α ∈ {0.5, 0.1}. All results are reported as mean ± standard deviation across five independent runs. Under IID conditions the federated MLP achieves 89.12% ± 0.63% accuracy, within 3.1 pp of the centralised DNN reference (92.2%), without transmitting raw traffic data. Asynchronous FL with FedProx under severe Non-IID heterogeneity (α = 0.1) achieves 84.21% ± 0.84%, demonstrating that privacy-enhancing federated IoT IDS is viable even under significant data heterogeneity, while acknowledging that FL alone does not guarantee full regulatory compliance