TY - GEN
T1 - PROTEAN
T2 - 30th European Symposium on Research in Computer Security, ESORICS 2025
AU - Chennoufi, Sara
AU - Han, Yufei
AU - Blanc, Gregory
AU - De Cristofaro, Emiliano
AU - Kiennert, Christophe
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.
PY - 2026/1/1
Y1 - 2026/1/1
N2 - In distributed networks, participants often face diverse and fast-evolving cyberattacks. This makes techniques based on Federated Learning (FL) a promising mitigation strategy. By only exchanging model updates, FL participants can collaboratively build detection models without revealing sensitive information, e.g., network structures or security postures. However, the effectiveness of FL solutions is often hindered by significant data heterogeneity, as attack patterns often differ drastically across organizations due to varying security policies. To address these challenges, we introduce PROTEAN, a Prototype Learning-based framework geared to facilitate collaborative and privacy-preserving intrusion detection. PROTEAN enables accurate detection in environments with highly non-IID attack distributions and promotes direct knowledge sharing by exchanging class prototypes of different attack types among participants. This allows organizations to better understand attack techniques not present in their data collections. We instantiate PROTEAN on two cyber intrusion datasets collected from IIoT and 5G-connected participants and evaluate its performance in terms of utility and privacy, demonstrating its effectiveness in addressing data heterogeneity while improving cyber attack understanding in federated intrusion detection systems (IDSs).
AB - In distributed networks, participants often face diverse and fast-evolving cyberattacks. This makes techniques based on Federated Learning (FL) a promising mitigation strategy. By only exchanging model updates, FL participants can collaboratively build detection models without revealing sensitive information, e.g., network structures or security postures. However, the effectiveness of FL solutions is often hindered by significant data heterogeneity, as attack patterns often differ drastically across organizations due to varying security policies. To address these challenges, we introduce PROTEAN, a Prototype Learning-based framework geared to facilitate collaborative and privacy-preserving intrusion detection. PROTEAN enables accurate detection in environments with highly non-IID attack distributions and promotes direct knowledge sharing by exchanging class prototypes of different attack types among participants. This allows organizations to better understand attack techniques not present in their data collections. We instantiate PROTEAN on two cyber intrusion datasets collected from IIoT and 5G-connected participants and evaluate its performance in terms of utility and privacy, demonstrating its effectiveness in addressing data heterogeneity while improving cyber attack understanding in federated intrusion detection systems (IDSs).
UR - https://www.scopus.com/pages/publications/105020256752
U2 - 10.1007/978-3-032-07884-1_6
DO - 10.1007/978-3-032-07884-1_6
M3 - Conference contribution
AN - SCOPUS:105020256752
SN - 9783032078834
T3 - Lecture Notes in Computer Science
SP - 103
EP - 125
BT - Computer Security – ESORICS 2025 - 30th European Symposium on Research in Computer Security, Proceedings
A2 - Nicomette, Vincent
A2 - Benzekri, Abdelmalek
A2 - Boulahia-Cuppens, Nora
A2 - Vaidya, Jaideep
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 22 September 2025 through 24 September 2025
ER -