Abstract Intrusion detection systems (IDS) monitor and detect malicious activity and unauthorized access that may compromise systems. Traditional IDS approaches send data to a central server for analysis, raising privacy concerns as data owners lose control over security. Federated Learning (FL) offers a privacy-preserving alternative by allowing local devices to process their data and generate models without sharing raw data. These local models are aggregated centrally to form a comprehensive model with performance comparable to centralized systems. This paper reviews FL-based IDS research, and is the first review paper to focus on privacy-preserving techniques collectively known as privacy-preserving Federated Learning (PPFL) for IDS. We examine methods used to prevent data leakage while maintaining detection effectiveness, including encryption-based and lightweight alternatives. While FL keeps raw data local, it remains susceptible to inference and poisoning attacks. Our findings show that most FL-based IDS research concentrates on data locality alone, with limited adoption of additional privacy-enhancing techniques. Advancing PPFL-IDS requires moving beyond data while addressing trade-offs. This review highlights key gaps and directions for future research.
Bunko et al. (Sat,) studied this question.