{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T06:21:01Z","timestamp":1778221261083,"version":"3.51.4"},"reference-count":42,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2025,12,31]],"date-time":"2025-12-31T00:00:00Z","timestamp":1767139200000},"content-version":"vor","delay-in-days":364,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,1,17]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The rapidly increasing field of industrial network security has led to the rapid growth of interconnecting devices, significantly enlarging attack surfaces and exposing flaws that older intrusion detection systems (IDS) cannot even handle due to scalability and privacy constraints. This work addresses the shortcomings by presenting an advanced federated framework for machine learning tailored toward intrusion detection in industrial networks. Using the detailed UNSW-NB15 dataset, known to represent realistic network traffic, we have analysed numerous machine learning methods in great detail to build a robust, adaptive, and privacy-preserving model for network protection. In a decentralized federated machine learning (FML) approach, the edge devices could train local models on their own and send aggregated parameters to a central server while keeping the data private. Our model, with differential privacy and secure aggregation, achieved an accuracy of 99.98% using the Random Forest Classifier and differentiated very well between benign and malicious traffic. Advanced feature engineering and interpretability tools, such as SHAP analysis, were used to identify critical detection features. The model was tested through iterative training and in-depth testing across distributed devices with remarkable resilience and efficiency in resource-limited environments. This research is therefore the shift in industrial cybersecurity toward the integration of federated learning with privacy-centric protocols in order to create a new effective, scalable, and resilient defense mechanism than the traditional IDS, which may offer a new standard for industrial network protection against evolving cyber threats.<\/jats:p>","DOI":"10.1093\/cybsec\/tyaf041","type":"journal-article","created":{"date-parts":[[2025,12,17]],"date-time":"2025-12-17T12:55:41Z","timestamp":1765976141000},"source":"Crossref","is-referenced-by-count":9,"title":["On the fog\u2019s frontline: a federated machine learning approach for industrial network threat detection and intrusion prevention"],"prefix":"10.1093","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5449-3088","authenticated-orcid":false,"given":"Basharat","family":"Ali","sequence":"first","affiliation":[{"name":"State Key Laboratory of Novel Software Technology, Nanjing University , Nanjing, Jiangsu 210093 ,","place":["China"]}]}],"member":"286","published-online":{"date-parts":[[2025,12,31]]},"reference":[{"key":"2026011311373079700_bib1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3229607.3229612","article-title":"Stream-based machine learning for network security and anomaly detection","volume-title":"Proceedings of the 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks","author":"Mulinka","year":"2018"},{"key":"2026011311373079700_bib2","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1145\/2491185.2491187","article-title":"Fattire: declarative fault tolerance for software-defined networks","volume-title":"Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking","author":"Reitblatt","year":"2013"},{"key":"2026011311373079700_bib3","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1145\/3532105.3535029","article-title":"Removing the reliance on perimeters for security using network views","volume-title":"Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies","author":"Anjum","year":"2022"},{"key":"2026011311373079700_bib4","doi-asserted-by":"publisher","first-page":"2131","DOI":"10.3390\/smartcities7040085","article-title":"Network security challenges and countermeasures for software-defined smart grids: a survey","volume":"7","author":"Agnew","year":"2024","journal-title":"Smart Cities"},{"key":"2026011311373079700_bib5","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1145\/3466772.3467033","article-title":"The tags are alright: Robust large-scale RFID clone detection through federated data-augmented radio fingerprinting","volume-title":"Proceedings of the Twenty-second International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing","author":"Piva","year":"2021"},{"key":"2026011311373079700_bib6","article-title":"A survey of software-defined smart grid networks: security threats and defense techniques","author":"Agnew","year":"2023"},{"key":"2026011311373079700_bib7","doi-asserted-by":"publisher","first-page":"8014","DOI":"10.3390\/s22208014","article-title":"CPACK: an intelligent cyber-physical access control kit for protecting network","volume":"22","author":"Yu","year":"2022","journal-title":"Sensors"},{"key":"2026011311373079700_bib8","doi-asserted-by":"publisher","first-page":"279","DOI":"10.1002\/9781119857921.ch9","article-title":"Software-defined networking: recent developments and potential synergies","volume-title":"Software Defined Networks: Architecture and Applications","author":"Sandhu","year":"2022"},{"key":"2026011311373079700_bib9","doi-asserted-by":"publisher","first-page":"158","DOI":"10.3390\/network3010008","article-title":"A federated learning-based approach for improving intrusion detection in industrial Internet of Things networks","volume":"3","author":"Rashid","year":"2023","journal-title":"Network"},{"key":"2026011311373079700_bib10","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1007\/978-3-030-96630-0_6","article-title":"Artificial intelligence for cyber security: performance analysis of network intrusion detection","volume-title":"Explainable Artificial Intelligence for Cyber Security: Next Generation Artificial Intelligence","author":"Khan","year":"2022"},{"key":"2026011311373079700_bib11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3453648","article-title":"Application threats to exploit northbound interface vulnerabilities in software defined networks","volume":"54","author":"Rauf","year":"2021","journal-title":"ACM Comput Surv"},{"key":"2026011311373079700_bib12","doi-asserted-by":"publisher","first-page":"2027","DOI":"10.1109\/COMST.2021.3089688","article-title":"Comprehensive survey on machine learning in vehicular network: technology, applications and challenges","volume":"23","author":"Tang","year":"2021","journal-title":"IEEE Commun Surv Tutor"},{"key":"2026011311373079700_bib13","article-title":"Characterizing malicious url campaigns","author":"Almashor","year":"2021"},{"key":"2026011311373079700_bib14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3708982","article-title":"Privacy-preserved and responsible recommenders: from conventional defense to federated learning and blockchain","volume":"57","author":"Ali","year":"2025","journal-title":"ACM Comput Surv"},{"key":"2026011311373079700_bib16","article-title":"Scalable and reliable framework to detect and mitigate DDoS attack in OpenFlow-based SDN network","author":"Hamedani","year":"2023"},{"key":"2026011311373079700_bib17","doi-asserted-by":"publisher","first-page":"e331","DOI":"10.1002\/spy2.331","article-title":"UNSW-NB15 computer security dataset: analysis through visualization","volume":"7","author":"Zoghi","year":"2024","journal-title":"Secur Priv"},{"key":"2026011311373079700_bib18","first-page":"2269","article-title":"Protocol-based deep intrusion detection for DoS and DDoS attacks using UNSW-NB15 and Bot-IoT data-sets","volume":"10","author":"Haider","year":"2021","journal-title":"\u00a0IEEE Access"},{"key":"2026011311373079700_bib19","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1016\/j.procs.2024.11.089","article-title":"IoT intrusion detection system based on machine learning algorithms using the UNSW-NB15 dataset","volume":"251","author":"Anoh","year":"2024","journal-title":"Proc Comput Sci"},{"key":"2026011311373079700_bib20","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1145\/3696500.3696518","article-title":"AHP-weighted conversion of anomaly detection datasets for network security evaluation","volume-title":"Proceedings of the 2024 International Conference on Big Data and Digital Management","author":"Xiong","year":"2024"},{"key":"2026011311373079700_bib21","doi-asserted-by":"publisher","first-page":"331","DOI":"10.1007\/s11227-024-06874-4","article-title":"AE-UNet: a composite lung CT image segmentation framework using attention mechanism and edge detection","volume":"81","author":"Li","year":"2025","journal-title":"J Supercomput"},{"key":"2026011311373079700_bib22","first-page":"530","article-title":"An efficient network intrusion detection and classification system","volume-title":"Mathematics","author":"Ahmad","year":"2022"},{"key":"2026011311373079700_bib23","doi-asserted-by":"crossref","first-page":"16","DOI":"10.1145\/3672919.3672923","article-title":"Intrusion detection of IoT traffic payload based on parallel neural networks","volume-title":"Proceedings of the 2024 3rd International Conference on Cyber Security, Artificial Intelligence and Digital Economy","author":"Zhang","year":"2024"},{"key":"2026011311373079700_bib24","article-title":"Lightweight CNN-BiLSTM based intrusion detection systems for resource-constrained IoT devices","author":"Jouhari","year":"2024","journal-title":"Proceedings of the 2024 International Wireless Communications and Mobile Computing Conference (IWCMC)"},{"key":"2026011311373079700_bib25","doi-asserted-by":"crossref","first-page":"10302","DOI":"10.1109\/TIFS.2024.3488967","article-title":"An interpretable generalization mechanism for accurately detecting anomaly and identifying networking intrusion techniques","volume":"19","author":"Pai","year":"2024","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"2026011311373079700_bib26","first-page":"6","article-title":"Construction of a network intrusion detection system based on a convolutional neural network and a bidirectional gated recurrent unit with attention mechanism","volume":"9","author":"Nikitenko","year":"2024","journal-title":"East Eur J Enter Technol"},{"key":"2026011311373079700_bib27","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1145\/3424311.3424330","article-title":"Network intrusion detection using wrapper-based decision tree for feature selection","volume-title":"Proceedings of the 2020 International Conference on Internet Computing for Science and Engineering","author":"Umar","year":"2020"},{"key":"2026011311373079700_bib28","first-page":"1","article-title":"Enhancing IoT network security through AIDriven intrusion detection with hybrid AutoencoderGAN fusion","volume-title":"Proceedings of the 5th International Conference on Information Management and Machine Intelligence","author":"Mahajan","year":"2023"},{"key":"2026011311373079700_bib29","first-page":"160","article-title":"Adversarial machine learning: a comparative study on contemporary intrusion detection datasets","volume-title":"Proceedings of the 7th International Conference on Information Systems Security and Privacy (ICISSP)","author":"Pacheco","year":"2021"},{"key":"2026011311373079700_bib30","doi-asserted-by":"crossref","DOI":"10.21203\/rs.3.rs-2110380\/v1","article-title":"An efficient machine learning and deep belief network models for wireless intrusion detection system","author":"Saheed","year":"2022"},{"key":"2026011311373079700_bib31","first-page":"1","article-title":"Research on network security situation awareness technology based on neural network model","volume-title":"Proceedings of the 2023 International Conference on Intelligent Sensing and Industrial Automation","author":"Duan","year":"2023"},{"key":"2026011311373079700_bib32","doi-asserted-by":"publisher","first-page":"e13318","DOI":"10.1111\/exsy.13318","article-title":"Progressive search personalization and privacy protection using federated learning","volume":"42","author":"Sarkar","year":"2025","journal-title":"Expert Syst"},{"key":"2026011311373079700_bib33","first-page":"1","article-title":"Design of network security monitoring system based on CNN and exponential weighted DS evidence theory","volume":"9","author":"Yu","year":"2024","journal-title":"J Cyber Secur Technol"},{"key":"2026011311373079700_bib34","doi-asserted-by":"publisher","first-page":"100068","DOI":"10.1016\/j.csa.2024.100068","article-title":"Federated learning-based intrusion detection system for the Internet of Things using unsupervised and supervised deep learning models","volume":"3","author":"Olanrewaju-George","year":"2025","journal-title":"Cyber Secur Appl"},{"key":"2026011311373079700_bib35","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3406601.3406626","article-title":"Network anomaly detection using threshold-based sparse","volume-title":"Proceedings of the 11th International Conference on Advances in Information Technology","author":"Tun","year":"2020"},{"key":"2026011311373079700_bib36","first-page":"1","article-title":"Machine learning based intrusion detection system for IoT applications using explainable AI","volume-title":"Proceedings of the 2023 Asia Conference on Artificial Intelligence, Machine Learning and Robotics","author":"Mukhtar\u00a0Bhatti","year":"2023"},{"key":"2026011311373079700_bib37","doi-asserted-by":"publisher","first-page":"130","DOI":"10.3390\/info14020130","article-title":"CSK-CNN: network intrusion detection model based on two-layer convolution neural network for handling imbalanced dataset","volume":"14","author":"Song","year":"2023","journal-title":"Information"},{"issue":"1","key":"2026011311373079700_bib38","first-page":"658","article-title":"MalCL: leveraging GAN-based generative replay to combat catastrophic forgetting in malware classification","volume":"39","author":"Park","year":"2025","journal-title":"Proc AAAI Conf Artif Intell"},{"key":"2026011311373079700_bib39","first-page":"1","article-title":"An advanced cyber security model using federated machine learning approach for intrusion detection in networks","volume":"00","author":"Laddi","year":"2022","journal-title":"J Comput Cognitive Eng"},{"key":"2026011311373079700_bib40","doi-asserted-by":"crossref","first-page":"1702","DOI":"10.1109\/TVT.2024.3456029","article-title":"A federated meta learning-based secure data consolidation scheme for industrial AIoT leveraging drone","volume":"74","author":"Islam","year":"2024","journal-title":"IEEE T Veh Technol"},{"key":"2026011311373079700_bib41","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1109\/IOTM.001.2300054","article-title":"Clustered and multi-tasked federated distillation for heterogeneous and resource constrained industrial IoT applications","volume":"6","author":"Hamood","year":"2023","journal-title":"IEEE Internet of Things Mag"},{"key":"2026011311373079700_bib42","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1109\/MNET.2025.3526556","article-title":"FLeS: a federated learning-enhanced semantic communication framework for mobile AIGC-driven human digital twins","volume":"39","author":"Okegbile","year":"2025","journal-title":"IEEE Netw"},{"key":"2026011311373079700_bib43","doi-asserted-by":"publisher","first-page":"e7103","DOI":"10.1002\/cpe.7103","article-title":"Network intrusion detection system for Internet of Things based on enhanced flower pollination algorithm and ensemble classifier","volume":"34","author":"Gangula","year":"2022","journal-title":"Concurr Comput Pract Exp"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf041\/66174698\/tyaf041.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/11\/1\/tyaf041\/66174698\/tyaf041.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,13]],"date-time":"2026-01-13T16:37:44Z","timestamp":1768322264000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyaf041\/8407675"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":42,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1,17]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyaf041","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2025]]},"published":{"date-parts":[[2025]]},"article-number":"tyaf041"}}