Applied IT & Engineering
Information and engineering sciences | Online ISSN 3068-0115
31
Citations
44.8k
Views
27
Articles
Volume 3 Number 1 2025
RESEARCH ARTICLE (Open Access)
NS-ZTFedIDS: A Neuro-Symbolic Federated Zero Trust Framework for Explainable Intrusion Detection in SDN and Optical Communication Networks
Md. Arifur Rahman1*, Md. Iqbal Hossan2, Md. Serajul Kabir Chowdhury3, B. M. Taslimul Haque4
Applied IT & Engineering 3 (1) 1-8 https://doi.org/10.25163/engineering.3110775
Submitted: 06 October 2025 Revised: 10 December 2025 Accepted: 17 December 2025 Published: 19 December 2025
Abstract
Background: Modern software-defined and fiber-optic communication networks face an accelerating threat landscape that traditional, centralized intrusion detection systems were simply not designed to handle. The architectural concentration that makes SDN operationally powerful simultaneously expands its attack surface, while privacy constraints, regulatory boundaries, and the sheer heterogeneity of distributed infrastructure make centralized data pooling increasingly impractical as a security strategy.
Methods: This study proposes NS-ZTFedIDS — a Neuro-Symbolic Zero Trust Federated Intrusion Detection System integrating Federated Learning with FedAvg aggregation and differential privacy (ε = 0.5), Graph Attention Networks for topology-aware anomaly detection, Zero Trust contextual features (Policy Compliance Score, Identity Confidence Score, Micro-Segment Boundary Crossing, Session Risk Tier), neuro-symbolic guardrails for physics-aware autonomous response validation, and SHAP/LLM-based explainability. The framework was evaluated across three benchmark datasets — NSL-KDD, CICIDS2017, CIC-IDS2018 — and simulated SDN/optical traffic, comprising 1,200,000 flow records distributed across ten non-IID federated nodes.
Results: NS-ZTFedIDS achieved 97.3% classification accuracy, F1-score of 0.969, ROC-AUC of 0.988, and a false positive rate of 2.8%, outperforming all five baselines — including a centralized equivalent. Lateral movement detection reached F1 = 0.962. Ablation confirmed that Zero Trust features and graph encoding were the primary performance drivers.Conclusion: NS-ZTFedIDS demonstrates that federated privacy preservation, graph-based reasoning, policy-aware symbolic constraints, and explainability can be co-integrated without architectural compromise, offering a credible path toward autonomous, trustworthy cyber defense for critical communication infrastructure.
Keywords: Federated Learning · Zero Trust Architecture · Intrusion Detection · Neuro-Symbolic AI · Explainable Artificial Intelligence
References
Akhter, J., Annie Jerusha, Y., Syed Ibrahim, S. P., & Varadharajan, V. (2024, September). Explainable AI for applied federated learning in network intrusion detection. In International Conference on Smart Cities (pp. 308–322). Springer Nature Singapore.
Alatawi, M. N. (2025). SAFEL-IoT: Secure adaptive federated learning with explainability for anomaly detection in 6G-enabled Smart Industry 5.0. Electronics, 14(11), 2153.
Alketbi, K. S., & Mehmood, A. (2025). A comprehensive survey of explainable artificial intelligence techniques for malicious insider threat detection. IEEE Access.
Almadhor, A., Altalbe, A., Bouazzi, I., Hejaili, A. A., & Kryvinska, N. (2024). Strengthening network DDoS attack detection in heterogeneous IoT environment with federated XAI learning approach. Scientific Reports, 14(1), 24322.
Attique, D., Hao, W., Ping, W., Javeed, D., & Adil, M. (2024, June). Ex-DFL: An explainable deep federated-based intrusion detection system for industrial IoT. In 2024 21st International Joint Conference on Computer Science and Software Engineering (JCSSE) (pp. 358–364). IEEE.
Bilal, M. A., Islam, I. U., Iltaf, N., Khan, M. J., & Khan, J. (2025). Federated learning with explainable AI for malicious traffic detection in IoT networks. IEEE Access.
Blika, A., Palmos, S., Doukas, G., Lamprou, V., Pelekis, S., Kontoulis, M., & Askounis, D. (2024). Federated learning for enhanced cybersecurity and trustworthiness in 5G and 6G networks: A comprehensive survey. IEEE Open Journal of the Communications Society, 6, 3094–3130.
Chatzimiltis, S., Shojafar, M., Mashhadi, M. B., & Tafazolli, R. (2025). AI-on-RAN for cyber defense: An XAI-LLM framework for interpretable anomaly detection. IEEE Transactions on Network Science and Engineering, 13, 3301–3319.
Ducange, P., Fazzolari, M., Marcelloni, F., & Miglionico, G. C. (2025, June). Leveraging explainability of AI-based intrusion detection systems in a federated environment. In 2025 International Joint Conference on Neural Networks (IJCNN) (pp. 1–9). IEEE.
Fatema, K., Anannya, M., Dey, S. K., Su, C., & Mazumder, R. (2024, October). Securing networks: A deep learning approach with explainable AI (XAI) and federated learning for intrusion detection. In International Conference on Data Security and Privacy Protection (pp. 260–275). Springer Nature Singapore.
Fatema, K., Dey, S. K., Anannya, M., Khan, R. T., Rashid, M. M., Su, C., & Mazumder, R. (2025). Federated XAI IDS: An explainable and safeguarding privacy approach to detect intrusion combining federated learning and SHAP. Future Internet, 17(6), 234.
GK, S. K., Muniyal, B., & Rajarajan, M. (2025). Explainable federated framework for enhanced security and privacy in connected vehicles against advanced persistent threats. IEEE Open Journal of Vehicular Technology.
Govea, J., Gutierrez, R., Villegas-Ch, W., & Navarro, A. M. (2025). Hybrid AI for predictive cyber risk assessment: Federated graph-transformer architecture with explainability. IEEE Access.
Gwassi, O. A. H., Uçan, O. N., & Navarro, E. A. (2025). Cyber-XAI-Block: An end-to-end cyber threat detection and FL-based risk assessment framework for IoT enabled smart organization using XAI and blockchain technologies. Multimedia Tools and Applications, 84(23), 26527–26568.
Jarjis, A., & Becerikli, Y. (2025, June). Dynamic and explainable federated learning for IoT anomaly detection: A comparative study with centralized machine learning models. In The International Conference on Innovations in Computing Research (pp. 211–227). Springer Nature Switzerland.
Javed, S., Mukhtar, N., Iqbal, S., Naqvi, S. A. A., Ishtiaq, A., Siddiqui, S. Y., & Ammar, M. (2025). Secure and interpretable intrusion detection through federated and ensemble machine learning with XAI. Journal of Computing & Biomedical Informatics, 9(01).
Kalejaiye, A. N. (2025). Federated learning in cybersecurity: Privacy-preserving collaborative models for threat intelligence across geopolitically sensitive organizational boundaries. International Journal of Advanced Research, Publications and Reviews, 2(07), 227–250.
Kalakoti, R., Bahsi, H., & Nõmm, S. (2024, September). Explainable federated learning for botnet detection in IoT networks. In 2024 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 01–08). IEEE.
Marry, P., Mounika, Y., Nanditha, S., Shiva, R., & Saikishore, R. (2024, July). Federated learning-driven decentralized intelligence for explainable anomaly detection in industrial operations. In 2024 2nd International Conference on Sustainable Computing and Smart Systems (ICSCSS) (pp. 874–880). IEEE.
Nomikos, N., Xylouris, G., Patsourakis, G., Nikolakakis, V., Giannopoulos, A., Mandilaris, C., & Trakadas, P. (2025). A distributed trustable framework for AI-aided anomaly detection. Electronics, 14(3), 410.
Oki, A., Ogawa, Y., Ota, K., & Dong, M. (2024). Evaluation of applying federated learning to distributed intrusion detection systems through explainable AI. IEEE Networking Letters, 6(3), 198–202.
Praharaj, L., Gupta, M., & Gupta, D. (2025, May). Explainability-aware adversarial threats and mitigation in federated learning based anomaly detection for cooperative smart farming. In 2025 10th International Conference on Fog and Mobile Edge Computing (FMEC) (pp. 186–193). IEEE.
Rahman, M. W., & Hossain, M. S. (2024). An explainable AI framework for insider threat detection using behavioral business analytics. 1(8), 70–97.
Rajagopalan, N. (2025). Federated learning and explainable AI-driven intrusion detection with Hyperband optimization. Journal of Computer Virology and Hacking Techniques, 21(1), 1–25.
Rezaei, H., Taheri, R., & Shojafar, M. (2025). FedLLMGuard: A federated large language model for anomaly detection in 5G networks. Computer Networks, 269, 111473.
Sarker, M. A. A., Shanmugam, B., Azam, S., & Thennadil, S. (2024). Enhancing smart grid load forecasting: An attention-based deep learning model integrated with federated learning and XAI for security and interpretability. Intelligent Systems with Applications, 23, 200422.
Shallom, K., & Ikemefuna, C. D. (2025). Enhancing malware detection using federated learning and explainable AI for privacy-preserving threat intelligence. World Journal of Advanced Research and Reviews.
Tom, A. K., Khraisat, A., Jan, T., Whaiduzzaman, M., Nguyen, T. D., & Alazab, A. (2025). Survey of federated learning for cyber threat intelligence in industrial IoT: Techniques, applications and deployment models. Future Internet, 17(9), 409.
Villegas-Ch, W., Jaramillo-Alcazar, A., Navarro, A. M., & Mera-Navarrete, A. (2025). Integrating explainable artificial intelligence in anomaly detection for threat management in e-commerce platforms. IEEE Access.
Yazdinejad, A., Dehghantanha, A., Zarrinkalam, F., & Srivastava, G. (2025). Symbiotic federated learning for giant AI threat detection in 6G-IoT infrastructures. IEEE Internet of Things Journal.
Yazdinejad, A., Mohammadabadi, Z. D., Dehghantanha, A., & Srivastava, G. (2025). An explainable and privacy-preserving federated learning model for threat detection in cyber-physical-social systems. IEEE Transactions on Computational Social Systems.
Article metrics
View details
0
Downloads
0
Citations
31
Views
0
Save
Save
0
Citation
Citation
31
View
View
0
Share
Share