Handling Class Imbalance in Federated Learning for Cyber-Physical Attack Detection
Received: 23 September 2025 | Revised: 8 November 2025 | Accepted: 24 November 2025 | Online: 9 February 2026
Corresponding author: C. B. Swetha
Abstract
Cyber-Physical Systems (CPS) are increasingly targeted by diverse cyberattacks, making intrusion detection a critical requirement. A major barrier in this domain is the imbalance of attack data, where minority classes remain poorly detected, particularly in federated learning environments with non-IID data distribution. This work introduces an imbalance-aware federated framework for CPS intrusion detection, evaluated on the CIC-IDS2017 dataset. Four training strategies were compared: baseline FedProx, focal loss, oversampling, and a combined approach. Although FedProx alone failed to capture minority attacks (0% precision and recall for PortScan), focal loss and oversampling improved detection moderately, achieving F1-scores of 0.48 and 0.62, respectively. The hybrid method delivered the most balanced outcome, reaching 97.7% accuracy with a PortScan precision of 0.78, recall of 0.72, and F1-score of 0.75. These results confirm that combining data-level and loss-level remedies substantially enhances the detection of rare attacks without compromising overall performance, offering a practical pathway for secure and privacy-preserving CPS operations. The proposed framework can be directly extended to industrial control and smart-infrastructure settings, where decentralized nodes must coordinate securely under constrained communication and heterogeneous attack patterns.
Keywords:
Cyber Physical Systems (CPS), Intrusion Detection Systems (IDS), privacy preserving, federated learningDownloads
References
S. A. Mahmud, N. Islam, Z. Islam, Z. Rahman, and S. T. Mehedi, "Privacy-Preserving Federated Learning-Based Intrusion Detection Technique for Cyber-Physical Systems," Mathematics, vol. 12, no. 20, Jan. 2024, Art. no. 3194. DOI: https://doi.org/10.3390/math12203194
M. Nivaashini, E. Suganya, S. Sountharrajan, M. Prabu, and D. P. Bavirisetti, "FEDDBN-IDS: federated deep belief network-based wireless network intrusion detection system," EURASIP Journal on Information Security, vol. 2024, no. 1, Apr. 2024, Art. no. 8. DOI: https://doi.org/10.1186/s13635-024-00156-5
I. A. Soomro, H. ur Rehman Khan, S. J. Hussain, Z. Ashraf, M. M. Alnfiai, and N. N. Alotaibi, "Lightweight privacy-preserving federated deep intrusion detection for industrial cyber-physical system," Journal of Communications and Networks, vol. 26, no. 6, pp. 632–649, Sept. 2024. DOI: https://doi.org/10.23919/JCN.2024.000054
I. Ahmed, M. A. Syed, M. Maaruf, and M. Khalid, "Distributed computing in multi-agent systems: a survey of decentralized machine learning approaches," Computing, vol. 107, no. 1, Jan. 2025, Art. no. 2. DOI: https://doi.org/10.1007/s00607-024-01356-0
S. El-Ferik, M. Maaruf, F. M. Al-Sunni, A. A. Saif, and M. M. Al Dhaifallah, "Reinforcement Learning-Based Control Strategy for Multi-Agent Systems Subjected to Actuator Cyberattacks During Affine Formation Maneuvers," IEEE Access, vol. 11, pp. 77656–77668, 2023. DOI: https://doi.org/10.1109/ACCESS.2023.3296741
W. Bai, "Optimization of Federated Learning Algorithm for Non-lID Data: Improvements to the FedDyn Algorithm," in 2024 International Conference on Computing, Robotics and System Sciences (ICRSS), Sanya, China, Nov. 2024, pp. 277–283. DOI: https://doi.org/10.1109/ICRSS65752.2024.00055
B. Wei, J. Li, Y. Liu, and W. Wang, "Non-IID Federated Learning With Sharper Risk Bound," IEEE Transactions on Neural Networks and Learning Systems, vol. 35, no. 5, pp. 6906–6917, Feb. 2024. DOI: https://doi.org/10.1109/TNNLS.2022.3213187
H. Kang, M. Kim, B. Lee, and H. Kim, "FedAND: Federated Learning Exploiting Consensus ADMM by Nulling Drift," IEEE Transactions on Industrial Informatics, vol. 20, no. 7, pp. 9837–9849, July 2024. DOI: https://doi.org/10.1109/TII.2024.3380742
X. Li, Z. Qu, B. Tang, and Z. Lu, "FedLGA: Toward System-Heterogeneity of Federated Learning via Local Gradient Approximation," IEEE Transactions on Cybernetics, vol. 54, no. 1, pp. 401–414, Jan. 2024. DOI: https://doi.org/10.1109/TCYB.2023.3247365
J. He, S. Guo, D. Qiao, and L. Yi, "HeteFL: Network-Aware Federated Learning Optimization in Heterogeneous MEC-Enabled Internet of Things," IEEE Internet of Things Journal, vol. 9, no. 15, pp. 14073–14086, Aug. 2022. DOI: https://doi.org/10.1109/JIOT.2022.3145360
Y. Zeng, P. Zheng, and J. Li, "A Federated Learning Network Intrusion Detection System for Multiple Imbalances," in ICASSP 2025 - 2025 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Hyderabad, India, Apr. 2025, pp. 1–5. DOI: https://doi.org/10.1109/ICASSP49660.2025.10889171
M. Zheng, X. Hu, Y. Hu, X. Zheng, and Y. Luo, "Fed-UGI: Federated Undersampling Learning Framework With Gini Impurity for Imbalanced Network Intrusion Detection," IEEE Transactions on Information Forensics and Security, vol. 20, pp. 1262–1277, 2025. DOI: https://doi.org/10.1109/TIFS.2024.3516547
C. Ren et al., "SecFedSA: A Secure Differential-Privacy-Based Federated Learning Approach for Smart Cyber–Physical Grid Stability Assessment," IEEE Internet of Things Journal, vol. 11, no. 4, pp. 5578–5588, Oct. 2024. DOI: https://doi.org/10.1109/JIOT.2023.3308170
A. Sagu, N. S. Gill, P. Gulia, I. Priyadarshini, and J. M. Chatterjee, "Hybrid Optimization Algorithm for Detection of Security Attacks in IoT-Enabled Cyber-Physical Systems," IEEE Transactions on Big Data, vol. 11, no. 1, pp. 35–46, Oct. 2025. DOI: https://doi.org/10.1109/TBDATA.2024.3372368
A. T. Azar, S. U. Amin, M. A. Majeed, Ahmed Al-Khayyat, and I. Kasim, "Cloud-Cyber Physical Systems: Enhanced Metaheuristics with Hierarchical Deep Learning-based Cyberattack Detection," Engineering, Technology & Applied Science Research, vol. 14, no. 6, pp. 17572–17583, Dec. 2024. DOI: https://doi.org/10.48084/etasr.8286
H. He and E. A. Garcia, "Learning from Imbalanced Data," IEEE Transactions on Knowledge and Data Engineering, vol. 21, no. 9, pp. 1263–1284, Sept. 2009. DOI: https://doi.org/10.1109/TKDE.2008.239
A. Khraisat, I. Gondal, P. Vamplew, and J. Kamruzzaman, "Survey of intrusion detection systems: techniques, datasets and challenges," Cybersecurity, vol. 2, no. 1, Dec. 2019, Art. no. 20. DOI: https://doi.org/10.1186/s42400-019-0038-7
"CIC-IDS 2017." Canadian Institute for Cybersecurity, [Online]. Available: https://www.unb.ca/cic/datasets/ids-2017.html.
I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, "Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization:," in Proceedings of the 4th International Conference on Information Systems Security and Privacy, Funchal, Portugal, 2018, pp. 108–116. DOI: https://doi.org/10.5220/0006639801080116
Downloads
How to Cite
License
Copyright (c) 2025 C. B. Swetha, Chetan J. Shelke
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
