EdgeDetect: Importance-Aware Gradient Compression with Homomorphic Aggregation for Federated Intrusion Detection

Authors: Noor Islam S. Mohammad
Affiliation: Department of Computer Science, Istanbul Technical University, Maslak, TR
Email: islam23@itu.edu.tr
arXiv: 2604.14663v1 [cs.CR]
Date: 16 Apr 2026

---

Abstract

Federated learning (FL) enables collaborative intrusion detection without raw data exchange, but conventional FL incurs high communication overhead from full-precision gradient transmission and remains vulnerable to gradient inference attacks. This paper presents EdgeDetect, a communication-efficient and privacy-aware federated IDS for bandwidth-constrained 6G-IoT environments.

EdgeDetect introduces gradient smartification, a median-based statistical binarization that compresses local updates to {+1, −1} representations, reducing uplink payload by 32× while preserving convergence. We further integrate Paillier homomorphic encryption over binarized gradients, protecting against honest-but-curious servers without exposing individual updates.

Key Results:

• 98.0% multi-class accuracy and 97.9% macro F1-score on CIC-IDS2017 (2.8M flows, 7 attack classes)
• 96.9% communication reduction (450 MB → 14 MB per round)
• Raspberry Pi 4 deployment: 4.2 MB memory, 0.8 ms latency, 12 mJ per inference with <0.5% accuracy loss
• Robustness: Maintains 87% accuracy under 5% poisoning attacks with 0.95 minority class F1 (p < 0.001)

Index Terms: PPFL, IDS, Edge Computing, 6G Security, IoT Networks, Communication Efficiency, Machine Learning

---

1. Introduction

Next-generation wireless technologies (5G, 6G, IoT) enable massive machine-type communications while expanding attack surfaces for sophisticated cyber threats. Traditional centralized IDS face:

• Scalability bottlenecks
• Communication latency
• Single points of failure
• Difficulty handling high dimensionality and severe class imbalance

Federated Learning addresses this but faces two critical challenges:

1. Communication overhead - High-dimensional gradient vectors consume excessive bandwidth
2. Gradient leakage - Shared updates may be reverse-engineered to reconstruct sensitive training samples

Contributions

1. Alignment-Aware Federated IDS Architecture

• Privacy-preserving federated intrusion detection framework for 6G-IoT
• Integrates PCA-based dimensionality reduction, imbalance-aware sampling, and secure aggregation
• Enables collaborative learning without sharing raw network traffic

2. Adaptive Median-Based Gradient Smartification with Encrypted Aggregation

• Statistically adaptive median-threshold binarization strategy
• Compresses gradients into {+1, −1} while preserving directional alignment
• Combined with Paillier homomorphic encryption
• Achieves up to 32× communication reduction while mitigating gradient inversion risks

3. Quantified Privacy–Utility–Efficiency Trade-off

• Extensive ablation and adversarial analyses
• 98.0% multi-class accuracy with 96.9% communication reduction
• Performance comparable to centralized baselines
• Cryptographic privacy guarantees
• Maintains >85% accuracy with 20% malicious clients
• Reduces inversion PSNR from 31.7 dB to 15.1 dB

4. Edge-Validated Deployment

• Real-world deployment on Raspberry Pi 4
• Only 4.2 MB memory, 0.8 ms latency
• 12 mJ per inference with <0.5% accuracy degradation
• Validates suitability for resource-constrained 6G-IoT environments

---

2. Related Work

A. Deep Learning-Based Anomaly Detection

• CNN–RNN and LSTM architectures for DDoS and zero-day detection
• Image-based encodings of time-series traffic for spatial feature extraction
• SVMs and random forests remain competitive for structured features

B. Federated Learning in IoT Networks

• Enables decentralized training without sharing raw data
• Applications: IoT security, industrial sensor networks, cross-domain intrusion detection
• Edge–cloud collaborative architectures reduce response latency
• Challenge: Standard FL (FedAvg) relies on full-precision gradient exchange

C. Privacy Preservation and Gradient Compression

• Differential Privacy (DP) and Homomorphic Encryption (HE) improve confidentiality
• Communication-efficient methods: signSGD, gradient sparsification
• Few approaches jointly optimize gradient compression and encrypted aggregation

D. Distinction from signSGD and Quantized FL

Unlike fixed-threshold quantizers (QSGD, TernGrad):

• Adaptive per-client threshold adapts to gradient distribution
• Preserves relative ordering within each gradient vector
• Exploits heavy-tailed distributions typical in IDS models

---

3. System Architecture

Protocol Flow

EdgeDetect comprises K resource-constrained edge clients and a central aggregation server.

Phase 1: Client-Side Local Training

W_{i}^{(r+1)} = W_{i}^{(r)} − η∇L(W_{i}^{(r)}, D_i)
Δ_{i}^{(r)} = W_{i}^{(r+1)} − W^{(r)}

Phase 2: Gradient Smartification

θ_i = median(|Δ_{i}^{(r)}|)
Δ^{bin}_{i,j} = +1  if Δ_{i,j} ≥ θ_i
                -1  otherwise

Phase 3: Privacy-Preserving Encryption

C_{i}^{(r)} = E(Δ^{bin}_{i})  # Paillier encryption

Phase 4: Secure Aggregation and Global Update

Δ^{bin}_{agg} = (1/|S_r|) × Σ D(C_{i}^{(r)})
W^{(r+1)} = W^{(r)} + α · Δ^{bin}_{agg}

---

4. Methodology

A. Data Exploration and Preprocessing

CIC-IDS2017 Dataset:

• 2,830,743 records with 79 features
• 308,381 duplicate rows (removed)
• 0.06% missing/infinite values (imputed via median)
• 47.5% memory reduction via numerical downcasting
• Severe class imbalance mitigation: 20% stratified sample

B. Feature Engineering and Selection

Temporal Features

Δt_mean = (1/(n-1)) × Σ(t_i − t_{i-1})
Δt_std = √[(1/(n-1)) × Σ(Δt_i − Δt_mean)²]

Entropy-Based Features

H(S) = −Σ p(s) log₂ p(s)

Captures distributional randomness in packet sizes.

Feature Selection

• Recursive Feature Elimination (RFE) using Random Forest permutation importance
• Ranking: I_j = (1/T) × Σ I(f_t(D) ≠ f^{-j}_t(D))

C. Dimensionality Reduction via Incremental PCA

Cov(Z) = (1/(n-1)) × Z^T Z = V Λ V^T
Z_PCA = Z V_k

Result: Reduced from 78 to 35 principal components, retaining 99.3% variance while reducing feature dimensionality by 55%.

D. Class Balancing Strategies

Binary Classification

• Random under-sampling: D_bal = D_min ∪ Sample(D_max, |D_min|)
• Result: 15,000 balanced instances (7,500 benign, 7,500 attack)

Multi-Class Classification

• SMOTE: x_new = x_i + λ(x_{ij} − x_i), where λ ~ U(0, 1)
• Adaptive SMOTE: λ ~ Beta(α, β), where α = 1 + ρ_i, β = 1 + (1 − ρ_i)

E. Machine Learning Models

F. Evaluation Metrics

• Accuracy, Precision, Recall, F1-Score
• Matthews Correlation Coefficient (MCC)
• Cohen's Kappa (κ)
• Area Under ROC Curve (AUC-ROC)

---

5. Experimental Setup

A. Dataset Construction and Sampling Validation

CIC-IDS2017 Sampling:

• Original: N = 2,830,540 flows
• Stratified 20% subset: n = 504,472
• Kolmogorov–Smirnov tests: p > 0.05 (no significant deviations)
• 92% of features: <5% mean deviation
• After PCA: k = 35 components (99.3% variance retained)

Train-Test Split:

• 80:20 stratified split (seed 42)
• Binary: 15,000 samples (7,500 benign, 7,500 attack)
• Multi-class: 35,000 samples via SMOTE (5,000 per class)

B. Hyperparameter Optimization

Configurations:

• Config 1 (Efficiency): Computational efficiency prioritized
• Config 2 (Expressiveness): Accuracy maximized via 3-fold grid search

Key Hyperparameters:

• Logistic Regression: C ∈ {0.1, 100}
• SVM: RBF kernel with γ = 0.1
• Random Forest: n ∈ {100, 200}, depth=20
• Decision Tree: depth ∈ {6, 10, 15}
• KNN: k ∈ {3, 5, 7}

C. Evaluation Protocol

Stage 1: Cross-Validation

• 5-fold stratified cross-validation on training partition (n = 12,000)
• Stratification preserves 50:50 benign-to-attack ratio
• Fold-to-fold variability: σ_CV = √[(1/(K-1)) × Σ(Acc_i − Acc̄)²]

Stage 2: Hold-Out Testing

• Best configuration retrained on full training set
• Evaluated on held-out test set (n = 3,000, 20%)
• Metrics: Accuracy, Precision, Recall, F1, ROC-AUC, Confusion matrices

Statistical Reliability

• Three independent random seeds: 42, 123, 456
• 95% confidence intervals: CI_95% = x̄ ± 1.96 × (σ/√n)

---

6. Experimental Results

A. Binary Classification Performance

Linear Models

• Logistic Regression: 92.21% accuracy (σ = 5.81 × 10⁻³)
• Config 2 improvement: +0.30% to 92.51%

Kernel-Based Methods

• SVM (Linear): 83.00% (underfits)
• SVM (RBF): 96.14% (+13.14%, σ = 3.89 × 10⁻³)

Tree-Based Ensembles

• Random Forest Config 1: 95.98%
• Random Forest Config 2: 98.09% (+2.11%, σ = 1.72 × 10⁻³) ✓ BEST

Instance-Based Learning

• KNN (k=5): 97.40% (σ = 0.89 × 10⁻³)
• KNN (k=3): 97.93% (+0.53%, σ = 1.27 × 10⁻³)

B. Multi-Class Classification Performance

C. Per-Class Breakdown (Random Forest Config 2)

---

7. Federated Learning Convergence Analysis

A. Convergence and Compression Trade-off

EdgeDetect achieves convergence parity with full-precision FedAvg at 32× compression:

• Across 2.8M CIC-IDS2017 samples
• No measurable accuracy degradation (Δ < 0.2 pp)
• Cosine similarity: 0.87 ± 0.04

B. Privacy Enhancement Through Smartification

C. Theoretical Convergence Analysis

Lemma 1 (Descent under Median-Threshold Smartification):
Let L(W) be L-smooth and bounded below. Let g̃_t denote the smartified gradient with cosine similarity cos(θ_t) = ⟨g_t, g̃_t⟩ / (∥g_t∥ ∥g̃_t∥) ≥ γ > 0.

For sufficiently small step size η:

E[L(W_{t+1})] ≤ L(W_t) − ηγ∥g_t∥² + (Lη²/2)∥g̃_t∥²

Theorem 1 (Convergence under Bounded Variance):
Assume bounded stochastic gradient variance σ² and cosine similarity γ > 0. Then after T rounds:

min_{t≤T} E[∥∇L(W_t)∥²] = O(1 / (γ√T))

---

8. Federated Learning Scalability

A. Convergence Under Different Heterogeneity Levels

B. Scalability with Number of Clients

Sublinear scaling: Increasing clients from K=10 to K=500 raises R₉₈ from 201 to 467 (sublinear in K).

---

9. Ablation Study

Component-wise Impact Analysis

Key Findings:

• Smartification: Essential for communication efficiency (32×), negligible accuracy loss
• Encryption: Critical for privacy (PSNR 31.7 → 15.1 dB)
• SMOTE: Essential for accuracy (+3.8 pp gain)
• PCA: Reduces dimensionality (4.16×) with negligible impact

---

10. Comparison with State-of-the-Art

Key Advantages:

• Highest accuracy on CIC-IDS2017 (98.0% vs 96.3%)
• 96.9% communication reduction vs federated baselines (14 MB vs 290-520 MB)
• Strongest cryptographic privacy (Paillier HE vs DP/SecAgg)
• Practical edge deployment (4.2 MB, 0.8 ms on Raspberry Pi 4)

---

11. Edge Deployment Evaluation

A. Raspberry Pi 4 Deployment

*KNN training is instantaneous (lazy learning) but requires 412 MB for storage.

B. Resource-Constrained Feasibility

• Memory footprint: 4.2 MB per client for gradient storage
• Encryption overhead: 156.4 ms per round (per-round encryption complexity O(d log n))
• Total bandwidth per round: 14 MB (vs 450 MB for full-precision)
• Accuracy loss on edge: <0.5% when deployed on Raspberry Pi 4

---

12. Robustness Analysis

A. Poisoning Attack Resilience

Setting: 5% to 20% of clients send poisoned updates

Conclusion: Maintains >85% accuracy even with 20% malicious clients (p < 0.001).

B. Differential Privacy-Utility Trade-off

---

13. Discussion

Key Insights for Federated IDS in 6G-IoT

1. PCA reveals strong redundancy: 35 components retain 99.3% variance with negligible performance loss, enabling efficient computation and communication.

2. Random Forest optimal: Best stability–accuracy trade-off (98.0% accuracy, 97.9% macro F1, σ = 0.0017).

3. Imbalance handling essential: SMOTE–undersampling improves minority recall from 0.39 to 0.98.

4. Gradient smartification superior to signSGD:

   • Preserves gradient alignment (0.87±0.04 cosine similarity)
   • Achieves 96.9% communication reduction
   • Improves privacy by lowering gradient entropy

5. Paillier encryption effective: Complete inversion resistance while retaining 98.7% of centralized accuracy.

Challenges and Future Work

• Non-convex convergence: Theoretical analysis for deep learning architectures
• Concept drift: Adaptation to evolving attack patterns
• White-box robustness: Defense against adversarial gradient attacks
• Cumulative privacy loss: Formal composition under differential privacy

---

14. Conclusion

EdgeDetect introduces a privacy-preserving federated intrusion detection framework for resource-constrained 6G-IoT environments. The framework employs:

1. Gradient smartification: Median-based binarization achieving 32× communication reduction
2. Paillier homomorphic encryption: Only aggregated updates visible to server
3. Adaptive class balancing: SMOTE for minority-class robustness
4. Secure federated aggregation: Protection against inference and poisoning attacks

Performance Summary

EdgeDetect demonstrates that secure federated IDS can meet strict privacy, efficiency, and reliability requirements of next-generation 6G-IoT edge networks.

---

Acknowledgments

We thank the Canadian Institute for Cybersecurity for providing the CIC-IDS2017 dataset and the anonymous reviewers for their valuable feedback.

---

References

[1] P. Kairouz, et al., "Advances and open problems in federated learning," Foundations and Trends in Machine Learning, 2021.

[2] Y. Liu, J. Zhang, and H. V. Poor, "Federated deep learning for intrusion detection with differential privacy," IEEE Transactions on Information Forensics and Security, 2023.

[3-62] [See original paper for complete reference list]

---

Document Generated: 2026
Source: https://arxiv.org/abs/2604.14663v1