Abstract
Intrusion Detection Systems are essential for securing both IoT and enterprise networks, yet models that appear nearly perfect on in domain tests often collapse under cross domain evaluation. This generalization gap have limited the operational reliability and slowed the adoption. We present FORT-IDS, a Federated, Optimized, Robust and Trustworthy multi phase framework that unifies cross domain assessment, adversarial hardening and explainable artificial intelligence within a single adaptive pipeline. FORT-IDS follows a five stage flow. First, it reduces drift by aligning heterogeneous feature spaces through lightweight mapping and normalization. Second, it applies SHAP and LIME to reveal unstable features whose attributions vary across sites or time. Third, it targets those features with adversarial augmentation and focused retraining to reshape brittle decision boundaries. Fourth, it is aggregating the clients update via adaptive attention weighted federated learning so that higher quality contributions exert greater influence while privacy is preserved. Fifth, it employs continual replay to retain corrective updates, preventing forgetting across rounds. We evaluate on UNSW-NB15 with 93,000 samples and 45 features and on DDoS Botnet IoT with 1.9 million samples and 30 features. Class imbalance is mitigated with SMOTE applied only to the training partitions. Baselines achieve [Formula: see text] scores: Logistic Regression 0.80; Random Forest 0.91; MLP 0.95. Cross-dataset transfer remains asymmetric in training on DDoS and testing on UNSW yields [Formula: see text], while the training on UNSW and testing on DDoS have reached [Formula: see text]. Advanced models improve in-dataset results: Graph Neural Networks reach 1.00 on DDoS and 0.91 on UNSW, surpassing CNN at 0.85 and LSTM at 0.82. SMOTE balances labels within the source training data only, so cross-dataset asymmetry can persist. By turning explanations into robustness actions and preserving them through federation and replay, FORT-IDS narrows the gap between lab performance and dependable deployment in dynamic IIoT and enterprise environments.