Abstract
Federated Learning (FL) has emerged as a promising paradigm for Network Intrusion Detection Systems (NIDS) by enabling distributed model training without sharing raw data. However, FL remains highly vulnerable to poisoning attacks, where malicious clients manipulate local updates to degrade global model performance. This study introduces WeiDetect, a Weibull distribution-based defense framework designed to identify and mitigate poisoning behaviors in FL-based NIDS environments. The proposed method models the statistical distribution of client-level gradient deviations using the Weibull probability distribution. By characterizing update irregularities through shape and scale parameters, WeiDetect distinguishes benign clients from adversarial participants without requiring labeled attack data. The framework integrates a robust aggregation mechanism that dynamically assigns weights to client updates based on their likelihood of conformity to learned Weibull behavior patterns. Experimental evaluation conducted on benchmark intrusion detection datasets demonstrates that WeiDetect consistently improves robustness under non-IID settings and various poisoning intensities. The model achieves higher detection accuracy and improved F1-score compared to conventional aggregation strategies such as FedAvg, trimmed mean, and median-based FL defenses. Additionally, WeiDetect maintains stable convergence behavior even under high adversarial participation rates, indicating strong resilience to model manipulation attacks. Experimental evaluations on benchmark intrusion datasets demonstrate that WeiDetect achieves 93.0% accuracy, 93.0% precision, 92.8% recall, and 92.9% F1-score under 30% poisoning conditions, significantly outperforming FedAvg, Trimmed Mean, and clustering-based defenses. Additionally, WeiDetect maintains a robustness index above 0.93, indicating strong stability under adversarial participation and non-IID data distributions.
Authors
N. Sudhir Reddy1, Shaik Jakeer Hussain2
Malla Reddy College of Engineering India1, Institute of Aeronautical Engineering, Hyderabad, India2
Keywords
Federated Learning, Poisoning Attacks, Network Intrusion Detection System, Weibull Distribution, Robust Aggregation