Collaborative federated learning for interest flooding attacks detection across distributed named-data edge networks

NDN's stateful forwarding plane is inherently vulnerable to Interest Flooding Attack (IFA), a form of DDoS threat. Existing mitigation mechanisms, such as static threshold-based detection and isolated node-level monitoring, fail to effectively address coordinated, adaptive-rate botnet-driven attacks because of their limited capability in modeling global traffic patterns and cross-node correlations. This paper presents FedEdge-IFA, a regional collaborative distributed detection framework for IFA at the network edge. This framework uses Federated Learning (FL) with computational collaboration to train a globally optimized model across distributed datasets. First, a hybrid data-driven feature filtering technique is employed to extract the most relevant traffic attributes. Then, a Temporal Convolutional Network (TCN) is combined with a Multi-Layer Perceptron (MLP) to construct a TCN-MLP model for extracting deep latent attack patterns. Moreover, we propose a dynamic regional collaborative FL algorithm that adaptively clusters edge clients into regions based on traffic similarity. To enhance training stability under heterogeneous and non-iid conditions, the algorithm incorporates a proximal regularization term into the local optimization objective and a hierarchical aggregation strategy, performing aggregation first within each region and then across regions, to alleviate data imbalances and enhance the robustness of the global model. Experiments on three custom-built datasets (FDR-FAT, RDR-FAT, and RDR-RAT) under balanced and imbalanced conditions show that FedEdge-IFA exhibits robustness in environments with varying attack types and traffic patterns. On the class-imbalanced dataset of RDR-RAT, FedEdge-IFA achieves an accuracy of up to 95.57 % and an F1-score of 95.64 %, demonstrating effective attack detection. In addition, the efficiency performance gains are attributed to its lightweight design, comprising only 5489 trainable parameters. These results highlight FedEdge-IFA's capability to strike an effective balance between detection accuracy and communication efficiency. Its lightweight design allows reliable deployment on resource-limited edge devices, while its adaptive modeling ensures robust detection across diverse and evolving attack patterns.