A Multi-National Framework for Real-Time Collaborative Cyber Defense: Evaluating FL Architectures and Aggregation Strategies in Heterogeneous NIDS

Abstract: The rapid evolution of cyber threats necessitates the development of sophisticated Machine Learning (ML) based Network Intrusion Detection Systems (NIDS). However, the efficacy of these systems is often hampered by the sensitive nature of network traffic and stringent privacy regulations, such as GDPR, which prevent organizations and nations from sharing raw data. To address this “privacy-security paradox,” this paper presents a decentralized framework for collaborative threat intelligence utilizing Federated Learning (FL).We simulate a high-stakes multi-national scenario where three distinct nations collaboratively train a global NIDS model while maintaining data sovereignty. The testbed comprises physical nodes representing an aggregation server, a threat actor, and independent nations, with the latter further simulating diverse domestic sectors including Critical Infrastructure (SCADA/IIoT), Financial Services, and Tech Hubs to generate realistic, heterogeneous traffic.

Our research evaluates the performance of various local model architectures, comparing 1D-CNN, DNN, and Autoencoders for detecting complex patterns in network features. Furthermore, we conduct a comparative analysis of aggregation algorithms to mitigate challenges posed by non-IID data. Experimental results demonstrate that the collaborative global model achieves significantly higher detection accuracy than isolated systems. This work provides evidence that Federated Learning is a viable framework for privacy-preserving network security.

Keywords: Federated Learning, NIDS, FedProx, 1D-CNN, Multi-National Cyber Defense, Privacy-Preserving AI, CIC- IDS2017.