Table of Contents
Fetching ...

Tri-LLM Cooperative Federated Zero-Shot Intrusion Detection with Semantic Disagreement and Trust-Aware Aggregation

Saeid Jamshidi, Omar Abdul Wahab, Foutse Khomh, Kawser Wazed Nafi

TL;DR

This work tackles open-world intrusion detection under privacy constraints by proposing a Tri-LLM cooperative federated framework that uses language-derived semantic prototypes to enable zero-shot attribution. It integrates inter-LLM semantic disagreement as an epistemic uncertainty signal and a trust-aware aggregation scheme to robustnessly combine heterogeneous client updates. Empirical results show over 80% zero-shot accuracy on unseen attacks and more than a 10% gain in zero-day discrimination over similarity-based baselines, while maintaining stable convergence under non-IID and unreliable clients. The system uses a calibrated zero-day risk score ZDS = $\lambda D_{\hat{a}} + (1-\lambda)(1 - c(\hat{z}, z_{\hat{a}}))$ to blend semantic uncertainty with confidence, enabling risk-aware responses in distributed security environments. Overall, the Tri-LLM approach demonstrates a practical, interpretable, and scalable path toward privacy-preserving IDS capable of adapting to evolving threat landscapes without centralized data pooling.

Abstract

Federated learning (FL) has become an effective paradigm for privacy-preserving, distributed Intrusion Detection Systems (IDS) in cyber-physical and Internet of Things (IoT) networks, where centralized data aggregation is often infeasible due to privacy and bandwidth constraints. Despite its advantages, most existing FL-based IDS assume closed-set learning and lack mechanisms such as uncertainty estimation, semantic generalization, and explicit modeling of epistemic ambiguity in zero-day attack scenarios. Additionally, robustness to heterogeneous and unreliable clients remains a challenge in practical applications. This paper introduces a semantics-driven federated IDS framework that incorporates language-derived semantic supervision into federated optimization, enabling open-set and zero-shot intrusion detection for previously unseen attack behaviors. The approach constructs semantic attack prototypes using a Tri-LLM ensemble of GPT-4o, DeepSeek-V3, and LLaMA-3-8B, aligning distributed telemetry features with high-level attack concepts. Inter-LLM semantic disagreement is modeled as epistemic uncertainty for zero-day risk estimation, while a trust-aware aggregation mechanism dynamically weights client updates based on reliability. Experimental results show stable semantic alignment across heterogeneous clients and consistent convergence. The framework achieves over 80% zero-shot detection accuracy on unseen attack patterns, improving zero-day discrimination by more than 10% compared to similarity-based baselines, while maintaining low aggregation instability in the presence of unreliable or compromised clients.

Tri-LLM Cooperative Federated Zero-Shot Intrusion Detection with Semantic Disagreement and Trust-Aware Aggregation

TL;DR

This work tackles open-world intrusion detection under privacy constraints by proposing a Tri-LLM cooperative federated framework that uses language-derived semantic prototypes to enable zero-shot attribution. It integrates inter-LLM semantic disagreement as an epistemic uncertainty signal and a trust-aware aggregation scheme to robustnessly combine heterogeneous client updates. Empirical results show over 80% zero-shot accuracy on unseen attacks and more than a 10% gain in zero-day discrimination over similarity-based baselines, while maintaining stable convergence under non-IID and unreliable clients. The system uses a calibrated zero-day risk score ZDS = to blend semantic uncertainty with confidence, enabling risk-aware responses in distributed security environments. Overall, the Tri-LLM approach demonstrates a practical, interpretable, and scalable path toward privacy-preserving IDS capable of adapting to evolving threat landscapes without centralized data pooling.

Abstract

Federated learning (FL) has become an effective paradigm for privacy-preserving, distributed Intrusion Detection Systems (IDS) in cyber-physical and Internet of Things (IoT) networks, where centralized data aggregation is often infeasible due to privacy and bandwidth constraints. Despite its advantages, most existing FL-based IDS assume closed-set learning and lack mechanisms such as uncertainty estimation, semantic generalization, and explicit modeling of epistemic ambiguity in zero-day attack scenarios. Additionally, robustness to heterogeneous and unreliable clients remains a challenge in practical applications. This paper introduces a semantics-driven federated IDS framework that incorporates language-derived semantic supervision into federated optimization, enabling open-set and zero-shot intrusion detection for previously unseen attack behaviors. The approach constructs semantic attack prototypes using a Tri-LLM ensemble of GPT-4o, DeepSeek-V3, and LLaMA-3-8B, aligning distributed telemetry features with high-level attack concepts. Inter-LLM semantic disagreement is modeled as epistemic uncertainty for zero-day risk estimation, while a trust-aware aggregation mechanism dynamically weights client updates based on reliability. Experimental results show stable semantic alignment across heterogeneous clients and consistent convergence. The framework achieves over 80% zero-shot detection accuracy on unseen attack patterns, improving zero-day discrimination by more than 10% compared to similarity-based baselines, while maintaining low aggregation instability in the presence of unreliable or compromised clients.
Paper Structure (38 sections, 35 equations, 11 figures, 12 tables, 1 algorithm)

This paper contains 38 sections, 35 equations, 11 figures, 12 tables, 1 algorithm.

Figures (11)

  • Figure 1: Overview of the proposed Tri-LLM cooperative federated zero-shot IDS framework.
  • Figure 2: Inference latency as a function of generated token length for different LLMs.
  • Figure 3: Trust entropy evolution across federated rounds, showing the entropy level shift $H(t)-H(0)$ (left axis) and the per-round change $\Delta H(t)$ (right axis).
  • Figure 4: Mean embedding norms across representative attack categories for GPT-4o, DeepSeek-V3, and LLaMA-3-8B.
  • Figure 5: Distribution of semantic embedding norms generated by GPT-4o, DeepSeek-V3, and LLaMA-3-8B.
  • ...and 6 more figures