Entente: Cross-silo Intrusion Detection on Network Log Graphs with Federated Learning
Jiacen Xu
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Privacy & Measurement
Organizations operating across multiple regions face a fundamental tension: they need to collaborate on intrusion detection to catch cross-silo attacks, but regulations like **GDPR** prohibit sharing the network log data required for centralized training. This talk presents **Entente**, a federated learning framework specifically tailored for **graph-based network intrusion detection systems (GRAINS)** that enables cross-silo collaboration without data sharing. Named after the World War I diplomatic agreements where sovereign nations collaborated without merging their authority, Entente achieves **94-84% AP and over 99% AUC**, outperforming all federated learning baselines and even beating some centralized training approaches.
AI review
A federated learning framework for graph-based intrusion detection that achieves reasonable detection metrics and robustness against poisoning. While technically competent, this is primarily an ML systems paper with no offensive contribution, no novel attack technique, and no exploitation. The security relevance is indirect -- it's about making IDS training work across silos, not about finding or exploiting vulnerabilities. The Barabasi-Albert reference graph trick is clever engineering but not security research.