Abstract
The current intrusion detection methods suffer from deficiencies in terms of cross-domain adaptability, privacy preservation, and limited effectiveness in detecting minority-class attacks. To address these issues, a novel intrusion detection model framework, TrMulS, is proposed that integrates federated learning, generative adversarial networks with multispace feature enhancement ability, and transformers with multi-source transfer ability. First, at each institution (source domain), local spatial features are extracted through a CNN, multiple subsets are constructed (to solve the feature singularity problem), and the multihead self-attention mechanism of the transformer is utilized to capture the correlation of features. Second, the synthetic samples of the target domain are generated on the basis of the improved Exchange-GAN, and the cross-domain transfer module is designed by combining the Maximum Mean Discrepancy (MMD) to minimize the feature distribution difference between the source domain and the target domain. Finally, the federated transfer learning strategy is adopted. The model parameters of each local institution are encrypted and uploaded to the target server and then aggregated to generate the global model. These steps iterate until convergence, yielding the globally optimal model. Experiments on the ISCX2012, KDD99 and NSL-KDD intrusion detection standard datasets show that the detection accuracy of this method is significantly improved in cross-domain scenarios. This paper presents a novel paradigm for cross-domain security intelligence analysis that considers efficiency, privacy and balance.