Prototype retrieval-augmented federated learning
system for robust intrusion detection

Zhou, Hanlin; Yan, Huiru; Nian, Jiawei; Liu, Cong; Wang, Ying; Chen, Xiaomin; Theodoropoulos, Georgios; Cheng, Long

Download

[thumbnail of 2025_TC_Federated_Intrusion_Detection_System.pdf]

Text
- Accepted Version
· Restricted to Repository staff only
· The Copyright of this document has not been checked yet. This may affect its availability.

Advice

Please see our End User Agreement.

It is advisable to refer to the publisher's version if you intend to cite from this work. See Guidance on citing.

Tools

Lists

Zhou, H., Yan, H., Nian, J., Liu, C., Wang, Y., Chen, X. ORCID: https://orcid.org/0000-0001-9267-355X, Theodoropoulos, G. and Cheng, L. (2026) Prototype retrieval-augmented federated learning system for robust intrusion detection. IEEE Transactions on Computers. ISSN 1557-9956 doi: 10.1109/TC.2026.3688741 (In Press)

Abstract/Summary

Detecting malicious attacks is essential for protecting computer systems and ensuring device security. Federated Learning (FL)-based Intrusion Detection Systems (IDS) have emerged as promising solutions, enabling multiple clients (i.e., data owners) to collaboratively train intrusion detection models without sharing private data. However, current FL studies typically assume that each client’s training and test label distribution is identical. This assumption is overly idealistic and rarely holds in real-world scenarios, leading to suboptimal performance when label distribution shifts occur between the training and testing data. To address this challenge, we propose FedPRO, a plug-and-play framework designed to improve the test-time performance of existing FL methods, without modifying their original training pipelines or fine-tuning the trained FL models. Specifically, we develop a unique prototype generation and optimization mechanism to produce semantically meaningful class prototypes. These prototypes constitute a prototype memory bank, serving as an external knowledge repository. At test time, a prototype retrieval-augmented inference strategy is employed to query relevant prototypes and refine predictions on each client, effectively alleviating the label distribution shift issues and boosting prediction accuracy. We evaluate FedPRO by integrating it with various off-the-shelf FL methods on benchmark datasets. Extensive results consistently demonstrate its effectiveness in diverse settings. Notably, applying FedPRO to the state-of-the art method FedDBE improves its test accuracy from 79.25% to 86.66% on the CICIDS-2018 dataset, while introducing only approximately 32KB of additional communication overhead.

Altmetric Badge

Dimensions Badge

Item Type	Article
URI	https://centaur.reading.ac.uk/id/eprint/130607
Identification Number/DOI	10.1109/TC.2026.3688741
Refereed	Yes
Divisions	Science > School of Mathematical, Physical and Computational Sciences > Department of Computer Science
Publisher	IEEE
Download/View statistics	View download statistics for this item

Deposit Details

CORE (COnnecting REpositories)

University Staff: Request a correction | Centaur Editors: Update this record

Date Deposited:	17 Jun 2026 10:51	Date item deposited into CentAUR
Last Modified:	17 Jun 2026 11:00	Date item last modified