DOI: 10.47000/tjmcs.1828534 ISSN: 2148-1830

Federated Learning for Intrusion Detection in UAV Networks

Deniz Berke Özsoy, Atakan Özcan, Mohammed Al-Hubaishi
UAV swarms operate under bandwidth constraints, intermittent connectivity, and privacy requirements that make fully centralized intrusion detection difficult. Using the UAVIDS--2025 benchmark, we construct a deployment-oriented federated intrusion detection setting by partitioning flows by source address into $K{=}176$ realistic, strongly non-IID clients, where each client approximates the traffic observed by an individual UAV. We train a compact multilayer perceptron ($22\!\rightarrow\!64\!\rightarrow\!32\!\rightarrow\!5$) across three federated optimizers (FedAvg, FedProx, and SCAFFOLD) and employ a leakage-safe feature pipeline that removes identifier and scenario fields while retaining mechanism-based traffic and QoS descriptors. Under a matched training and communication budget, FedAvg achieves $93\%$ accuracy, $93\%$ macro-F1, and AUROC $0.99$ on a held-out global test set, within roughly three percentage points of strong centralized baselines (XGBoost and LightGBM at $96\%$) that train on fully aggregated traffic. FedProx trades peak performance for more stable convergence ($86\%$ accuracy, $84\%$ macro-F1), whereas SCAFFOLD reduces communication but shows more pronounced classwise weaknesses ($82\%$ accuracy, $79\%$ macro-F1) under our current tuning. We report the communication footprint in MB per round and cumulatively, and we repeat the same held-out evaluation protocol on a second intrusion dataset (T-ITS) to assess transfer of optimizer trends. Overall, the results indicate that leakage-safe federated learning can keep raw UAV traffic local while recovering most of the detection quality of strong centralized models, clarifying accuracy--communication trade-offs for privacy-preserving IDS deployment in UAV swarms.

More from our Archive