Optimising Intrusion Detection Systems in Cloud-Edge Continuum with Knowledge Distillation for Privacy-Preserving and Efficient Communication
Soad Almabdy, Amjad Ullah
TL;DR
This work tackles the high communication overhead of Federated Learning for intrusion detection in the Cloud-Edge continuum by introducing a hierarchical FL framework that incorporates Knowledge Distillation. A central Teacher model on the cloud transfers knowledge to lightweight Student models running on edge devices, with Edge servers aggregating client updates to reduce data transfers. The approach achieves high detection accuracy (about 98.6%) while significantly lowering transmission, aggregation, memory usage, and data size, outperforming centralized FL and recent SOTA methods in both speed and efficiency. This KD-enabled hierarchical design enables privacy-preserving, scalable, real-time IDS suitable for dynamic cloud-edge environments.
Abstract
The growth of the Internet of Things has amplified the need for secure data interactions in cloud-edge ecosystems, where sensitive information is constantly processed across various system layers. Intrusion detection systems are commonly used to protect such environments from malicious attacks. Recently, Federated Learning has emerged as an effective solution for implementing intrusion detection systems, owing to its decentralised architecture that avoids sharing raw data with a central server, thereby enhancing data privacy. Despite its benefits, Federated Learning faces criticism for high communication overhead from frequent model updates, especially in large-scale Cloud-Edge infrastructures. This paper explores Knowledge Distillation to reduce communication overhead in Cloud-Edge intrusion detection while preserving accuracy and data privacy. Experiments show significant improvements over state-of-the-art methods.