TY - JOUR
T1 - Collaborative federated learning for interest flooding attacks detection across distributed named-data edge networks
AU - Zhang, Qianyu
AU - Song, Tian
N1 - Publisher Copyright:
© 2025 Elsevier B.V.
PY - 2026/2
Y1 - 2026/2
N2 - NDN's stateful forwarding plane is inherently vulnerable to Interest Flooding Attack (IFA), a form of DDoS threat. Existing mitigation mechanisms, such as static threshold-based detection and isolated node-level monitoring, fail to effectively address coordinated, adaptive-rate botnet-driven attacks because of their limited capability in modeling global traffic patterns and cross-node correlations. This paper presents FedEdge-IFA, a regional collaborative distributed detection framework for IFA at the network edge. This framework uses Federated Learning (FL) with computational collaboration to train a globally optimized model across distributed datasets. First, a hybrid data-driven feature filtering technique is employed to extract the most relevant traffic attributes. Then, a Temporal Convolutional Network (TCN) is combined with a Multi-Layer Perceptron (MLP) to construct a TCN-MLP model for extracting deep latent attack patterns. Moreover, we propose a dynamic regional collaborative FL algorithm that adaptively clusters edge clients into regions based on traffic similarity. To enhance training stability under heterogeneous and non-iid conditions, the algorithm incorporates a proximal regularization term into the local optimization objective and a hierarchical aggregation strategy, performing aggregation first within each region and then across regions, to alleviate data imbalances and enhance the robustness of the global model. Experiments on three custom-built datasets (FDR-FAT, RDR-FAT, and RDR-RAT) under balanced and imbalanced conditions show that FedEdge-IFA exhibits robustness in environments with varying attack types and traffic patterns. On the class-imbalanced dataset of RDR-RAT, FedEdge-IFA achieves an accuracy of up to 95.57 % and an F1-score of 95.64 %, demonstrating effective attack detection. In addition, the efficiency performance gains are attributed to its lightweight design, comprising only 5489 trainable parameters. These results highlight FedEdge-IFA's capability to strike an effective balance between detection accuracy and communication efficiency. Its lightweight design allows reliable deployment on resource-limited edge devices, while its adaptive modeling ensures robust detection across diverse and evolving attack patterns.
AB - NDN's stateful forwarding plane is inherently vulnerable to Interest Flooding Attack (IFA), a form of DDoS threat. Existing mitigation mechanisms, such as static threshold-based detection and isolated node-level monitoring, fail to effectively address coordinated, adaptive-rate botnet-driven attacks because of their limited capability in modeling global traffic patterns and cross-node correlations. This paper presents FedEdge-IFA, a regional collaborative distributed detection framework for IFA at the network edge. This framework uses Federated Learning (FL) with computational collaboration to train a globally optimized model across distributed datasets. First, a hybrid data-driven feature filtering technique is employed to extract the most relevant traffic attributes. Then, a Temporal Convolutional Network (TCN) is combined with a Multi-Layer Perceptron (MLP) to construct a TCN-MLP model for extracting deep latent attack patterns. Moreover, we propose a dynamic regional collaborative FL algorithm that adaptively clusters edge clients into regions based on traffic similarity. To enhance training stability under heterogeneous and non-iid conditions, the algorithm incorporates a proximal regularization term into the local optimization objective and a hierarchical aggregation strategy, performing aggregation first within each region and then across regions, to alleviate data imbalances and enhance the robustness of the global model. Experiments on three custom-built datasets (FDR-FAT, RDR-FAT, and RDR-RAT) under balanced and imbalanced conditions show that FedEdge-IFA exhibits robustness in environments with varying attack types and traffic patterns. On the class-imbalanced dataset of RDR-RAT, FedEdge-IFA achieves an accuracy of up to 95.57 % and an F1-score of 95.64 %, demonstrating effective attack detection. In addition, the efficiency performance gains are attributed to its lightweight design, comprising only 5489 trainable parameters. These results highlight FedEdge-IFA's capability to strike an effective balance between detection accuracy and communication efficiency. Its lightweight design allows reliable deployment on resource-limited edge devices, while its adaptive modeling ensures robust detection across diverse and evolving attack patterns.
KW - DDoS attack
KW - Federated learning
KW - Interest flooding attack
KW - Named data networking
KW - Security
UR - https://www.scopus.com/pages/publications/105024538872
U2 - 10.1016/j.comnet.2025.111926
DO - 10.1016/j.comnet.2025.111926
M3 - Article
AN - SCOPUS:105024538872
SN - 1389-1286
VL - 275
JO - Computer Networks
JF - Computer Networks
M1 - 111926
ER -