Generative AI–Guided Sentinel for Self-Optimizing Federated Cybersecurity and Intelligent Threat Detection

Akter Rokaya, Md Al Samiul Amin Rishat, Singh Sudhanshu, Abhishank Singh, Bian Naizheng

Abstract

As cyber threats become increasingly sophisticated and pervasive, adaptive, intelligent, and privacy-preserving intrusion detection systems (IDSs) are more critical than ever, particularly in ecosystem-based networks. However, existing federated cybersecurity systems continue to face several challenges, including reduced data processing efficiency caused by data heterogeneity, difficulties in real-time threat detection, and complex configuration management.
To address these challenges, we propose a novel Self-Improving Federated Cybersecurity Sentinel framework that integrates Federated Learning (FL) with Generative Artificial Intelligence (GAI) to enable dynamic and context-aware optimization. Large Language Models (LLMs) play a central role in the proposed framework by enabling prompt-driven analytics for real-time intrusion detection, feature relevance assessment, automated anomaly investigation, and adaptive optimization of FL parameters.
Experimental evaluations conducted on the UNSW-NB15 dataset demonstrate that the proposed framework achieves a precision of 0.96 and an F1-score of 0.98, while simultaneously reducing configuration adjustment time by approximately 68%. These results indicate that the framework significantly simplifies the tuning process and enhances detection performance. Overall, this study represents a substantial advancement toward fully autonomous and robust cybersecurity systems. Future work will focus on improving the generalizability of the framework across diverse threat scenarios and incorporating explainable AI components to enhance transparency and interpretability.

 

Keywords: Federated Learning, Large Language Model, Cybersecurity, Intrusion Detection, Generative AI.

 

DOI https://doi.org/10.55463/issn.1674-2974.52.12.1


Full Text:

PDF


References


MASEER Z. K., YUSOF R., BAHAMAN N., MOSTAFA S. A., and FOOZY C. F. M. Benchmarking of machine learning for anomaly-based intrusion detection systems in the CICIDS2017 dataset. IEEE Access, 2021, 9: 22351–22370. https://doi.org/10.1109/access.2021.3056614

JANATI M. and MESSAOUDI F. Intrusion detection system-based network behavior analysis: A systemic literature review. 2025. https://doi.org/10.14569/ijacsa.2025.0160378

CHINNASAMY R., SUBRAMANIAN M., EASWARAMOORTHY S. V., and CHO J. Deep learning-driven methods for network-based intrusion detection systems: A systematic review. ICT Express, 2025. https://doi.org/10.1016/j.icte.2025.01.005

RANJAN A. K. and DUBEY A. K. Evolution and advancements in intrusion detection systems: From traditional methods to deep learning and federated learning approaches. ACCENTS Transactions on Information Security, 2024, 9(36): 15–19. https://doi.org/10.19101/tis.2024.935002

YURDEM B., KUZLU M., GULLU M. K., CATAK F. O., and TABASSUM M. Federated learning: Overview, strategies, applications, tools and future directions. Heliyon, 2024. DOI: 10.1016/j.heliyon.2024.e38137

WANI, R. U. Z., and CAN, O. FED-EHR: A Privacy-Preserving Federated Learning Framework for Decentralized Healthcare Analytics. Electronics, 2025, 14(16), 3261. https://doi.org/10.3390/electronics14163261

ROKAYA A., ISLAM S. M. T., ZHANG H., SUN L., ZHU M., and ZHAO L. Acceptance of chatbot based on emotional intelligence through machine learning algorithm. Proceedings of the 2022 2nd International Conference on Frontiers of Electronics, Information and Computation Technologies (ICFEICT), 2022: 610–616. https://doi.org/10.1109/icfeict57213.2022.00111

KARUNAMURTHY A., VIJAYAN K., KSHIRSAGAR P. R., and TAN K. T. An optimal federated learning-based intrusion detection for IoT environment. Scientific Reports, 2025, 15(1): 8696. https://doi.org/10.1038/s41598-025-93501-8

DONG T., LI S., QIU H., and LU J. An interpretable federated learning-based network intrusion detection framework. arXiv preprint arXiv:2201.03134, 2022.

https://doi.org/10.48550/arXiv.2201.03134

LI T., SAHU A. K., TALWALKAR A., and SMITH V. Federated learning: Challenges, methods, and future directions. IEEE Signal Processing Magazine, 2020, 37(3): 50–60. 10.1109/MSP.2020.2975749

NAKKA K. K. et al. Federated hyperparameter optimization through reward-based strategies: Challenges and insights. Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2024: 4236–4244. https://doi.org/10.1109/cvprw63382.2024.00427

CHOWDHURY O., RISHAT M. A. S. A., AL-AMIN M., and AZAM M. H. B. The decentralized Shariah-based banking system in Bangladesh using blockchain technology. I. J. Information Engineering and Electronic Business, 2023, 15(3): 12–28. https://doi.org/10.5815/ijieeb.2023.03.02

SJOSTROM J. and KORNINGS L. Evaluating Zeek and Suricata for intrusion detection in 5G core networks. 2025.

LANDAUER M., WURZENBERGER, M., SKOPIK, F., HOTWAGNER, W., and HÖLD, G.. AMiner: A modular log data analysis pipeline for anomaly-based intrusion detection. Digital Threats: Research and Practice, 2023, 4(1): 1–16. https://doi.org/10.1145/3567675

TURK F. Analysis of intrusion detection systems in UNSW-NB15 and NSL-KDD datasets with machine learning algorithms. Bitlis Eren Üniversitesi Fen Bilimleri Dergisi, 2023, 12(2): 465–477. https://doi.org/10.17798/bitlisfen.1240469

RACHERLA S., SRIPATHI, P., FARUQUI, N., KABIR, M. A., WHAIDUZZAMAN, M., and SHAH, S. A Deep-IDS: A real-time intrusion detector for IoT nodes using deep learning. IEEE Access, 2024. https://doi.org/10.1109/access.2024.3396461

LI Q., CAI R., and ZHU Y. GHPPFL: A privacy preserving federated learning based on gradient compression and homomorphic encryption in consumer app security. IEEE Transactions on Consumer Electronics, 2025. https://doi.org/10.1109/tce.2025.3562767

SISKA V., LORÜNSER, T., KRENN, S., and FABIANEK, C. Integrating secure multiparty computation into data spaces. Proceedings of CLOSER, 2024: 346–357. https://doi.org/10.5220/0012734600003711

KULYNYCH B., GOMEZ, J. F., KAISSIS, G., DU PIN CALMON, F., and TRONCOSO, C. Attack-aware noise calibration for differential privacy. Advances in Neural Information Processing Systems, 2024, 37: 134868–134901. 10.52202/079017-4286

ZHU J., REGANTI, A., HUANG, E. W., DICKENS, C., RAO, N., SUBBIAN, K., and KOUTRA, D. Simplifying distributed neural network training on massive graphs: Randomized partitions improve model aggregation. ACM Transactions on Knowledge Discovery from Data, 2025, 19(1), 1–26. https://doi.org/10.1145/3701563

DUTTA S., INNAN, N., YAHIA, S. B., SHAFIQUE, M., and NEIRA, D. E. B. MQFL-FHE: Multimodal quantum federated learning framework with fully homomorphic encryption. arXiv preprint arXiv:2412.01858, 2024. https://doi.org/10.48550/arXiv.2412.01858

RADANLIEV P., DE ROURE, D., MAPLE, C., NURSE, J. R., NICOLESCU, R., and ANI, U. AI security and cyber risk in IoT systems. Frontiers in Big Data, 2024, 7: 1402745. https://doi.org/10.3389/fdata.2024.1402745

AMIN M. S., KIM, S., RISHAT, M. A. S. A., TANG, Z., and AHN, H. A systematic literature review of privacy information disclosure in AI-integrated Internet of Things (IoT) technologies. Sustainability, 2024, 17(1): 8. https://doi.org/10.3390/su17010008

MICROSOFT SECURITY BLOG. Microsoft Security Copilot Early Access Program is now available, 2023.

LIU S., GAO C., and LI Y. AgentHPO: Large language model agent for hyper-parameter optimization. Proceedings of the Second Conference on Parsimony and Learning, 2025.

AKHTAR S., KHAN S., and PARKINSON S. LLM-based event log analysis techniques: A survey. arXiv preprint arXiv:2502.00677, 2025. https://doi.org/10.48550/arXiv.2502.00677

YOO R. M., VIGGIANO, B.T., PUNDI, K.N., FRIES, J.A., ZAHEDIVASH, A., PODCHIYSKA, T., DIN, N. and SHAH, N.H. Scalable approach to consumer wearable postmarket surveillance: Development and validation study. JMIR Medical Informatics, 2024, 12: e51171. https://doi.org/10.2196/51171

SARHAN M., LAYEGHY S., MOUSTAFA N., and PORTMANN M. Cyber threat intelligence sharing scheme based on federated learning for network intrusion detection. Journal of Network and Systems Management, 2023, 31(1): 3. https://doi.org/10.21203/rs.3.rs-1631421/v1

ALKHPOR H. K. and ALSERHANI F. M. Collaborative federated learning-based model for alert correlation and attack scenario recognition. Electronics, 2023, 12(21): 4509. https://doi.org/10.3390/electronics12214509

NGUYEN T. A., LE, L. T., NGUYEN, T. D., BAO, W., SENEVIRATNE, S., HONG, C. S., and TRAN, N. H. Federated PCA on Grassmann manifold for IoT anomaly detection. IEEE/ACM Transactions on Networking, 2024. https://doi.org/10.1109/infocom53939.2023.10229026

ANWAR R. W., ABRAR M., SALAM A., and ULLAH F. Federated learning with LSTM for intrusion detection in IoT-based wireless sensor networks: A multi-dataset analysis. PeerJ Computer Science, 2025, 11: e2751. https://doi.org/10.7717/peerj-cs.2751

ZHANG X., ZHAO, R., JIANG, Z., SUN, Z., DING, Y., NGAI, E. C., and YANG, S. H. AOC-IDS: Autonomous online framework with contrastive learning for intrusion detection. Proceedings of IEEE INFOCOM, 2024: 581–590. https://doi.org/10.1109/infocom52122.2024.10621346

WANG F., WENG Q., ZHANG M., SHAO Y., ALOMARI Z., MAKANJU A., and LI Z. LlamaIDS: Real-time detection model of zero-day intrusions using large language models. 2024.

STEIN K., MAHYARI A. A., FRANCIA G., and EL-SHEIKH E. Towards novel malicious packet recognition: A few-shot learning approach. Proceedings of IEEE MILCOM, 2024: 847–852. https://doi.org/10.1109/milcom61039.2024.10774059

CHOWDHURY O., RISHAT M. A. S. A., AZAM M. H. B., and AMIN M. A. The rise of blockchain technology in Shariah-based banking system. Proceedings of the International Conference on Computing Advances, 2022: 1–10. https://doi.org/10.1145/3542954.3543005


Refbacks

  • There are currently no refbacks.