HyFlaNK: A Hybrid Federated Learning Framework for Real-time Network Threat Detection

Abstract

This paper proposed HyFlaNK, a hybrid federated learning threat detection framework combining Convolutional Neural Network (CNN) and Long Short Term Memory (LSTM) in a Flower-based federated learning model integrated with Apache Kafka to simulate live data ingestion, model updates, and feedback loops. The system is scalable, supports self-learning, real-time evaluation using TensorFlow/Keras for model creation and Flower for federated orchestration. Performance analysis was conducted to evaluate the model using accuracy, loss, precision, recall, F1-score, and ROC-AUC. Confusion matrices generated for the clients and global model shows good classification perfor mance. Experimental results show consistently high performance across the local models and the aggregated global model, achiev ing accuracies above 99.7% and ROC-AUC of 1.0, highlighting the effectiveness and reliability of HyFlaNK. A line plot of accuracy and loss over federated rounds revealed a consistent upward trend in accuracy and a corresponding decline in loss, validating the capability of HyFlaNK to maintain high detection performance while preserving data privacy in a distributed envi ronment. Additionally, a comprehensive performance evaluation comparing HyFlaNK with a traditional Random Forest-based approach further underscores its superior accuracy, precision, and scalability, making it a more robust solution for real-time threat detection in decentralized environments.

Keywords