Network Intrusion Detection System Research Articles

Deep learning-based intrusion detection system for in-vehicle networks with knowledge graph and statistical methods

Deep learning-based intrusion detection system for in-vehicle networks with knowledge graph and statistical methods

Multi-Agent Locally Trained Progressive Instance Selected Assisted Federated Learning Architecture for Intrusion Detection in Industrial-IoT

In this work the focus is made on designing and developing a robust federated learning model (FLM) and architecture for multi-type network intrusion detection system (MT-NIDS) for IIoT applications. Unlike traditional intrusion detection systems, where the key focus is made on detecting and classifying single type of intrusion or attack condition, this research targets to perform multi-type network intrusion detection. This as a result can contribute a fit-to-all NIDS solution for IIoT environment.

An Efficient Network Intrusion Detection and Classification System using Machine Learning

In today's digital landscape, network security is of paramount importance, with intrusion detection systems (IDS) playing a crucial role in protecting sensitive data from malicious attacks. Traditional IDS, often reliant on signature-based methods, struggle with high false positive rates, difficulty in adapting to novel threats, and significant computational demands. This paper explores the development of an efficient network intrusion detection and classification system utilizing machine learning techniques to address these challenges. By leveraging datasets such as NSL-KDD and UNSW-NB15, our study employs a combination of supervised learning algorithms, including Support Vector Machines (SVM), Random Forests, and Neural Networks, alongside comprehensive data preprocessing and feature engineering strategies. The evaluation of our models through metrics like accuracy, precision, recall, and ROC-AUC demonstrates a marked improvement in detection capabilities and computational efficiency. Our findings suggest that machine learning-based IDS can significantly enhance network security by reducing false positives and adapting to emerging threats more effectively than traditional systems. This research not only underscores the potential of advanced machine learning techniques in IDS but also provides a robust framework for future developments in the field. In the rapidly evolving landscape of cybersecurity, effective network intrusion detection and classification systems are critical for safeguarding sensitive data and maintaining operational integrity. This paper presents a novel approach utilizing machine learning techniques to enhance the efficiency and accuracy of intrusion detection systems (IDS). By employing a combination of supervised and unsupervised learning algorithms, our system can identify and classify both known and unknown threats in real-time. We leverage advanced feature selection methods to optimize the performance of our models, ensuring high detection rates with minimal false positives. Our experimental results, validated on benchmark datasets, demonstrate significant improvements in detection accuracy and processing speed compared to traditional IDS solutions. The proposed system not only strengthens network defenses but also provides a scalable and adaptive framework for future cybersecurity challenges..

Semi-Supervised Intrusion Detection System for In-Vehicle Networks Based on Variational Autoencoder and Adversarial Reinforcement Learning

Despite the affordability, simplicity, and efficiency of controller area network (CAN) protocols, the security vulnerability remains a major challenge. Currently, a machine learning-based intrusion detection system (IDS) is considered an effective approach for improving security in CAN by identifying malicious attacks. However, earlier studies that relied on supervised learning methods required considerable amounts of labeled data. Data collection from vehicles is time-consuming and expensive. Furthermore, the obtained data exhibited a class imbalance, which presents further challenges in the analysis and model training. Thus, we propose a semi-supervised learning-based IDS that combines variational autoencoder (VAE) and adversarial reinforcement learning for the multi-class classification of both known and unknown attacks. The proposed system capitalizes on the diverse patterns inherent in unlabeled data, transforming this data space into one that is more conducive to classification. Concurrently, adversarial agents in the reinforcement learning algorithm interact competitively, progressively enhancing their ability to intelligently classify and select samples. To reduce the reliance on labeled data and effectively exploit them, we utilize a pseudo-labeling process for pre-training. Experimental results indicate that the proposed model achieves more effective classification while requiring less labeled data compared to other baseline models for known attacks. By inheriting the advantages of VAE, promising results demonstrate that the proposed system detects unknown attacks containing similar or completely different characteristics with high F1 scores exceeding 0.9 and 0.84, respectively. Finally, the proposed system was demonstrated to be a lightweight model for the expeditious detection of malevolent messages introduced into in-vehicle networks to ensure minimal latency.

AI techniques applied to network intrusion detection system by using genetic approaches

The ability to identify and assess potential security risks to a communication network is a critical function of network intrusion detection systems. The data it provides regarding the frequency and type of assaults is a valuable addition to other network security measures, including firewalls. Typically, an NIDS will have a sensor that scans all incoming and outgoing packets on the monitored network, flags those that seem suspicious, and then sends the flagged packets and an alert message to a server system, which will then store them and analyse them in conjunction with other events. First, we standardised the protocol structure. Then, we used a genetic approach to generate mutation and cross-over values for device identification. Finally, we used a modified J48 decision tree algorithm to conduct our search. The developed algorithms/ones outperform the existing methods in terms of performance. As an initial step in detecting an intrusion, the 64-byte structured protocol standardisation technique is created. The wire shark tool is used to monitor the communication process network, taking into account all potential transactions. An array is created from the recorded packets. Included in the array are details about the frames, as well as the protocol type, hardware device type, source and destination IP addresses, MAC addresses, and data. This information is transformed by the 64-byte protocol structured standardisation. Because all of the necessary attributes are determined in the same place by this common protocol structure procedure, finding the MAC and IP addresses in packets should take as little time as possible. As a second step, the product and device details are supplied by the least and most important 16 bits of the MAC address. Using the cross-over and mutation functions, the genetic iv method compares the invader device to the Current Active Directory List (CADL).

A Robust Hybrid Approach for Malware Detection: Leveraging CNN and LSTM for Encrypted Traffic Analysis

The rapid growth in Internet usage and advancements in network technologies have escalated the risk of network attacks. As the adoption of encryption protocols increases, so does the difficulty in identifying malware within encrypted traffic. Malware represents a significant danger in cyberspace, as it compromises personal data and harms computer systems. Network attacks involve unauthorized access to networks, often aiming to disrupt or damage them, with potentially severe consequences. To counter these threats, researchers, developers, and security experts are constantly innovating new malware detection techniques. Recently, deep learning has gained traction in network security and intrusion detection systems (IDSs), with models such as Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) showing promise in detecting malicious traffic. Despite these advancements, extracting relevant features from diverse malware types remains a challenge. Current solutions demand substantial computational resources and are often inefficient for large datasets. Additionally, existing image-based feature extraction methods consume significant resources. This study tackles these issues by employing a 1D CNN alongside LSTM for the detection and classification of encrypted malicious traffic. Using the Malware Analysis benchmark dataset, which consists of 42,797 malware and 1,079 goodware API call sequences, the proposed model achieved an accuracy of 99.2%, surpassing other state-of-the-art models

Optimizing Machine Learning-Based Intrusion Detection Systems for Enhanced Security in Cloud Computing Environments.

In today’s cloud computing environments, robust network security is crucial due to the inherently distributed and dynamic nature of cloud systems. Traditional Network Intrusion Detection Systems (NIDS) often face challenges in handling large-scale, rapidly evolving data and sophisticated attack vectors unique to cloud settings. This paper presents an optimized Machine Learning (ML)-based NIDS framework designed specifically for cloud infrastructures, leveraging feature selection, dimensionality reduction, and algorithmic tuning techniques to enhance detection accuracy and reduce false positives. Integrating supervised and unsupervised learning methods, this NIDS system can detect both known and novel attack types efficiently. By utilizing cloud-specific datasets and real-time traffic monitoring, it adapts well to the scalability and elasticity requirements of cloud environments. Additionally, the system incorporates automated optimization techniques, such as hyperparameter tuning and ensemble learning, to further enhance performance. Experimental results show improvements in detection rates, reduced computational overhead, and better scalability, making it a promising solution for modern cloud-based infrastructures.

Enhancing Network Threat Detection with Random Forest-Based NIDS and Permutation Feature Importance

Network Intrusion Detection Systems (NIDS) are critical for protecting computer networks from unauthorized activities. Traditional NIDS rely on rule-based signatures, which can be limiting in detecting emerging threats. This study investigates the effectiveness of the random forest classifier in advancing NIDS capabilities through machine learning. Using the CICIDS-2017 dataset, the data are preprocessed to enhance their quality by removing redundancies. feature selection and permutation importance were employed to identify the most relevant features. The methodology involves rigorous testing and analysis of the random forest classifier’s performance, focusing on f1-score rates compared to other machine learning models. Results demonstrate that by optimizing class weights, applying a custom prediction function and leveraging 26 key features, the random forest classifier achieves an outstanding 99.8% in the weighted f1-score and 93.31% in the macro f1-score in various attack types. This research highlights the potential of machine learning to significantly enhance NIDS effectiveness, offering a robust defense mechanism against evolving cybersecurity threats in modern networks.

Cyber Network Sentinel: Unveiling the Realm of Intrusion Detection and Threat Mitigation

Abstract— In an era characterized by escalating cyber threats, the imperative for robust Intrusion Detection Systems (IDS) has become undeniable. This paper introduces the "Cyber Network Sentinel," a Network Intrusion Detection System (NIDS) designed to vigilantly monitor network traffic for anomalies and promptly alert administrators to potential threats. By leveraging tools like nmap, Wireshark, Burp Suite, Metasploit, Aircrack-ng, and Sparrow WiFi, the NIDS offers a comprehensive defense against unauthorized access attempts and suspicious activities. Keywords— nmap, wireshark, burp suite, metasploit, air crackling, sparrow wifi

Network intrusion detection system using machine learning models and data mining strategies: comprehensive study

Cybersecurity concerns have increased as a result of the development of computat ing and intelligent gadgets and the growing interconnectivity of numerous systems. This study investigates the use of data mining techniques and machine learning models in building intrusion detection systems for network security. By investigating the use of several machine learning approaches, such as naive Bayes, random forest, support vec tor machines, decision tree, k-nearest neighbours, and XGBoost, this study seeks to answer this problem. Furthermore, data mining techniques including association rule mining and clustering algorithms are investigated. The network intrusion detection dataset, which can be downloaded from Kaggle, is used to train and evaluate the sys tem. The primary aim of this study is to provide a more effective and adaptable solution to the network intrusion problem, with the ultimate goal of developing a system that can accurately and efficiently detect and respond to network intrusions. Проблемы кибербезопасности увеличились в результате развития вычислительных и интеллектуальных гаджетов и возросшей взаимосвязности многочисленных систем. В этом исследовании изучается использование методов получения данных и моделей машинного обучения при создании систем обнаружения вторжений для сетевой безопасности. Изучая использование нескольких подходов машинного обучения, таких как наивный байесовский алгоритм, случайный лес, метод опорных векторов, дерево решений, метод k-ближайших соседей и XGBoost, предлагаемое исследование пытается ответить на эту проблему. Кроме того, исследуются методы получения данных, включая алгоритмы нахождения ассоциативных правил и кластеризации. Набор данных обнаружения сетевых вторжений, который можно загрузить с веб-сайта Kaggle, используется для обучения и оценки системы. Основная цель этого исследования — предоставить более эффективное и адаптируемое решение проблемы сетевых вторжений, с конечной целью разработки системы, которая может точно и эффективно обнаруживать и реагировать на сетевые вторжения.

Hybrid Intelligent Anomaly Detection System Using Attention based Deep Learning Approach for Cyber Attacks Prevention

Objectives: Network Intrusion Detection System (NIDS) plays an important role in finding and preventing cyber-attacks, which helps to improve the entire security posture of an organization’s network infrastructure. The development of Deep Learning (DL) techniques possess the ability of IDS to detect attacks without delay and protects from intrusions even in real-time environment. Methods: The present study proposes an improved IDS framework called Enhanced Gated Recurrent Unit Hyper-Model combined Attention Bidirectional Long-Short Term Memory (EGHAB) approach, to effectively address the detection of attacks with maximum accuracy and minimal error rate. The proposed model is enhanced by using methods like numericalization and normalisation for pre-processing the input data, Genetic Algorithm (GA) for extracting intricate features from the input data, and the EGHAB classifier, which works on the principles of both Gated Recurrent Unit (GRU) and Bidirectional Long-Short Term Memory (BiLSTM) models along with attention mechanism. Findings: The EGHAB model efficiently learns the abnormal behaviour of network and classified the attack and non-attack data using the publicly available NSL-KDD dataset and a generated real time data set, scapy. And it achieved 99.94% accuracy over NSL KDD dataset during multiclass classification and 93.3% on real time data set with reduced Error rate. Additionally, to examine the efficacy, the proposed approach is compared with other existing methods and proved its improved performance. Novelty: A combined ensemble classifier with GRU, BiLSTM and attention mechanism is designed to predict the attacks in earlier stage rather than due over. The model achieved better accuracy and reduced false assumption using anomaly prediction mechanism. Keywords: Cyber Attack, Anomaly Detection, Deep learning, Gated Recurrent Unit, Bi­ Directional Long­-Short Term Memory, Attention mechanism

BIDS: An efficient Intrusion Detection System for in-vehicle networks using a two-stage Binarised Neural Network on low-cost FPGA

Automotive networks are crucial for ensuring safety as the number of Electronic Control Units (ECUs) grows to support vehicle intelligence. The Controller Area Network (CAN) is commonly used for efficient in-vehicle communication among ECUs. However, its broadcast nature and lack of a dedicated security layer make it vulnerable to attacks. This paper proposes a novel CAN bus Intrusion Detection System (IDS), named BNN-based IDS (BIDS), which efficiently provides both unknown attack detection and known attack classification using a hierarchical two-stage Binarised Neural Network (BNN) and Generative Adversarial Network (GAN). BIDS was validated on three datasets, and its implementation achieves an average inference time of less than 0.170 ms with minimal resource utilisation on a low-cost Field Programmable Gate Array (FPGA). This rapid inference speed enables real-time inference on individual CAN messages using a sliding window technique, eliminating the need to wait for multiple accumulated CAN messages required for data preprocessing. Evaluation metrics demonstrate that our IDS achieves high accuracy in both identifying unseen attacks and categorising known attacks. Furthermore, our FPGA implementation consumes merely 2.09 W, which is a 57% reduction compared to a cutting-edge FPGA-based IDS that is capable of detecting unknown attacks using the same dataset.

Enhanced intrusion detection framework for securing IoT network using principal component analysis and CNN

ABSTRACT The Internet of Things (IoT) has transformed our world by connecting smart devices and enabling seamless interactions. This reliance, however, has led to new security issues and types of attacks. It is of the utmost importance to safeguard the security of IoT networks, with network intrusion detection systems (NIDS) having a significant impact. This paper proposes a novel approach integrating Principal Component Analysis (PCA), Pearson Correlation Coefficient (PCC), and Convolutional Neural Network (CNN) to overcome these security issues. Our innovative method reduces data dimensionality and selects highly correlated features using PCC and PCA, addressing overfitting and improving model performance while maintaining high computational speed and low costs. Our approach uniquely distinguishes between benign and threat packets by employing 1D-CNN, 2D-CNN, and 3D-CNN algorithms trained on Edge-IIoTset and NSL-KDD benchmark datasets. The findings from our experiments indicate that the proposed framework significantly enhances accuracy, precision, recall, and F1-score compared to existing models for both binary and multiclass classifications. Our binary classification models achieved exceptional performance, with an average accuracy of 99.76%, 99.79% precision, 99.89% recall, and 99.85% F1-score on the Edge-IIoTset dataset. On the NSL-KDD dataset, the models attained 99.20% accuracy, 98.07% precision, 97.95% recall, and 97.71% F1-score. For multiclass classification, the proposed model demonstrated an average accuracy of 99.41%, precision of 98.61%, recall of 98.49%, and an F1-score of 98.56% on the Edge-IIoTset dataset. On the NSL-KDD dataset, the model achieved 92.43% accuracy, 93.21% precision, 93.60% recall, and a 93.7% F1-score. Our research introduces a significant advancement that substantially improves NIDS capabilities, making IoT networks safer and more connected.

Gradient correlation based detection of adversarial attacks on vehicular networks

The controller area network (CAN) bus, which controls real-time communication and data transmission among vehicle electronic control units, lacks security mechanisms and is highly vulnerable to attacks. Existing in-vehicle network intrusion detection systems (IDSs) typically rely on deep learning models for detection, which are susceptible to interference from adversarial attacks owing to the vulnerability of the models themselves, thereby compromising the detection performance. In this study, we propose an adversarial attack detection method based on gradient correlation that achieves a high accuracy rate using a linear approach to detect adversarial samples. The experimental results show that the proposed model does not require retraining of the original detection model and demonstrates better detection performance for multiple adversarial attacks.

Analyzing Resampling Techniques for Addressing the Class Imbalance in NIDS using SVM with Random Forest Feature Selection

The purpose of Network Intrusion Detection Systems (NIDS) is to ensure and protect computer networks from harmful actions. A major concern in NIDS development is the class imbalance problem, i.e., normal traffic dominates the communication data plane more than intrusion attempts. Such a state of affairs can pose certain hazards to the effectiveness of detection algorithms, including those useful for detecting less frequent but still highly dangerous intrusions. This paper aims to utilize resampling techniques to tackle this problem of class imbalance in NIDS using a Support Vector Machine (SVM) classifier alongside utilizing features selected by Random Forest to improve the feature subset selection process. The analysis highlights the combativeness of each sampling method, offering insights into their efficiency and practicality for real-world applications. Four resampling techniques are analyzed. Such techniques include Synthetic Minority Over-sampling Technique (SMOTE), Random Under-sampling (RUS), Random Over-sampling (ROS) and SMOTE with two different combinations i.e., RUS SMOTE and RUS ROS. Feature selection was done using Random Forest, which was improved by Bayesian methods to create subsets of features with feature rankings determined by Cumulative Feature Importance Score (CFIS). The CIDDS-2017 dataset is used for the performance evaluation, and the metrics used include accuracy, precision, recall, F-measure and CPU time. The algorithm that performs best overall in the CFIS feature subsets is SMOTE, and the features that give the best result are selected at the 90% level with 25 features. This subset accomplishes a relative accuracy enhancement of 0.08% than the other approaches. The RUS+ROS technique is also fine but somehow slower than SMOTE. On the other hand, RUS+SMOTE shows relatively poor results although it consumes less time in terms of computational time compared to other methods, giving about 50% of the performance shown by the other methods. This paper's novelty is adapting the RUS method as a standalone test for screening new and potentially contaminated datasets. The standalone RUS method is more efficient in terms of computations; the algorithm returned the best result of 98.13% accuracy at 85% at the CFIS level of 34 features with a computation time of 137.812 s. It is also noted that SMOTE is considered to be proficient among all resampling techniques used for handling the problem of class imbalance in NIDS, vice 90% CFIS feature subset. Future research directions could include using these techniques in different data sets and other machine learning and deep learning methods together with ROC curve analysis to provide useful pointers to NIDS designers on how to select the right data mining tools and strategies for their projects.

Comparative Analysis of Feature Selection Techniques for LSTM Based Network Intrusion Detection Models

Network intrusion systems are inevitable in protecting enterprise assets and improving cybersecurity. The research community is always on the lookout for new approaches to improve network intrusion detection. Network intrusion systems with deep learning models are the major advancement in this field. There are many varieties of network intrusion detection systems with deep learning models that are used nowadays. Even though researchers are investing heavily in their efforts on developing better network intrusion detection systems, rapid advancement in network intrusion attempts warrant further studies in this area. In this study, I am trying to explore the impact of the different most common feature selection methods on the performance of the LSTM-based network intrusion detection system. Benchmark network intrusion dataset UNSW-NB15 was explored for this study. This study explored 8 types of LSTM models in combination with different feature selection methods. The outcome of the study was very interesting as the LSTM model without applying any feature selection method, outperformed other combinations of models.

A privacy-preserving Self-Supervised Learning-based intrusion detection system for 5G-V2X networks

In light of the ongoing transformation in the automotive industry, driven by the adoption of 5G and the proliferation of connected vehicles, network security has emerged as a critical concern. This is particularly true for the implementation of cutting-edge 5G services such as Network Slicing (NS), Software Defined Networking (SDN), and Multi-access Edge Computing (MEC). As these advanced services become more prevalent, they introduce new vulnerabilities that can be exploited by cyber attackers. Consequently, Network Intrusion Detection Systems (NIDSs) are pivotal in safeguarding vehicular networks against cyber threats. Still, their efficacy hinges on extensive data, which often contains sensitive and confidential information such as vehicle positions and owner’s behaviors, raising privacy concerns. To address this issue, we propose a Privacy-Preserving Self-Supervised Learning (SSL) based Intrusion Detection System for 5G-V2X networks. The majority of works in the literature relying on Federated Learning (FL) and often overlook data labeling on the end devices. Our methodology leverages SSL to pre-train NIDSs using unlabeled data. Post-training is then performed with a minimal amount of labeled data, which can be carefully crafted by an expert. This novel technique allows the training of NIDSs with huge datasets without compromising privacy, consequently enhancing the efficacy of cyber-attack protection. Our innovative SSL pre-training methodology has yielded remarkable results, demonstrating a substantial improvement of up to 9% in accuracy across a diverse range of training dataset sizes, including scenarios with as few as 200 data samples. Our approach highlights the potential to enhance automotive network security significantly, showcasing groundbreaking achievements that set a new standard in the field of automotive cybersecurity.

Edge-featured multi-hop attention graph neural network for intrusion detection system

With the development of the Internet, the application of computer technology has rapidly become widespread, driving the progress of Internet of Things (IoT) technology. The attacks present on networks have become more complex and stealthy. However, traditional network intrusion detection systems with singular functions are no longer sufficient to meet current demands. While some machine learning-based network intrusion detection systems have emerged, traditional machine learning methods cannot effectively respond to the complex and dynamic nature of network attacks. Intrusion detection systems utilizing deep learning can better enhance detection capabilities through diverse data learning and training. To capture the topological relationships in network data, using graph neural networks (GNNs) is most suitable. Most existing GNNs for intrusion detection use multi-layer network training, which may lead to over-smoothing issues. Additionally, current intrusion detection solutions often lack efficiency. To mitigate the issues mentioned above, this paper proposes an Edge-featured Multi-hop Attention Graph Neural Network for Intrusion Detection System (EMA-IDS), aiming to improve detection performance by capturing more features from data flows. Our method enhances computational efficiency through attention propagation and integrates node and edge features, fully leveraging data characteristics. We carried out experiments on four public datasets, which are NF-CSE-CIC-IDS2018-v2, NF-UNSW-NB15-v2, NF-BoT-IoT, and NF-ToN-IoT. Compared with existing models, our method demonstrated superior performance.

ANALIZA STATYSTYK SIECI KOMPUTEROWYCH W CELU IDENTYFIKACJI PRZEPŁYWÓW INFORMACJI ZAKŁÓCAJĄCYCH STABILNOŚĆ W WOJSKOWYCH SIECIACH LOKALNYCH

The increasing complexity and scope of military computer networks necessitate robust methods to ensure network stability and security. This study presents a comprehensive analysis of computer network statistics in military local networks to develop a method for detecting information flows that disrupt stability. By leveraging advanced statistical techniques and machine learning algorithms, this research aims to enhance the cybersecurity posture of military local networks globally. Military networks are vital for communication, data exchange, and operational coordination. However, the dynamic nature of network traffic and the persistent threat of cyberattacks pose significant challenges to maintaining network stability. Traditional monitoring techniques often fail to meet the unique requirements of military networks, which demand high levels of security and rapid response capabilities. This study employs a multi-faceted approach to detect anomalies in network traffic, utilizing statistical methods such as Z-score analysis, Principal Component Analysis (PCA), and Autoregressive Integrated Moving Average (ARIMA) models. Machine learning techniques, including Support Vector Machines (SVM), Random Forests, Neural Networks, K-means clustering, and Reinforcement Learning, are also applied to identify patterns indicative of stability-disrupting information flows. The integration of statistical and machine learning methods forms a hybrid model that enhances anomaly detection, providing a robust framework for network security. The research problem is formulated as follows: does data collection include comprehensive network traffic data from various segments of military local area networks, including packet flows, transmission rates, and error rates over a specified period? Statistical analysis identifies patterns in the network traffic, which are then used to train machine learning models to classify normal and abnormal traffic. The research hypothesis states that machine learning models achieve high accuracy in detecting stability-disrupting information flows, with a precision rate exceeding 90%. The models identified several instances of stability-disrupting events, correlating these with known security incidents to validate the effectiveness of the detection method. This study underscores the importance of continuous monitoring and analysis of network statistics to ensure stability and security. The proposed method can be integrated with existing network monitoring and intrusion detection systems, providing a comprehensive approach to network security. Future research can build on these findings to develop more sophisticated models and explore additional factors influencing network stability, including the incorporation of advanced machine learning techniques, such as deep learning, and the exploration of other network metrics, like latency and packet loss. This comprehensive approach aims to enhance the security and operational reliability of military local networks.

FedNIDS: A Federated Learning Framework for Packet-based Network Intrusion Detection System

Network intrusion detection systems (NIDS) play a critical role in discerning between benign and malicious network traffic. Deep neural networks (DNNs), anchored on large and diverse datasets, exhibit promise in enhancing the detection accuracy of NIDS by capturing intricate network traffic patterns. However, safeguarding distributed computer networks against emerging cyber threats is increasingly challenging. Despite the abundance of diverse network data, decentralization persists due to data privacy and security concerns. This confers an asymmetric advantage to adversaries, as distributed networks face the formidable task of securely and efficiently sharing non-independently and identically distributed data to counter cyber-attacks. To address this, we propose the Federated NIDS ( FedNIDS ), a novel two-stage framework that combines the power of federated learning and DNNs. It aims to enhance the detection accuracy of known attacks, robustness and resilience to novel attack patterns, and privacy preservation, using packet-level granular data. In the first stage, a global DNN model is collaboratively trained on distributed data, and the second stage adapts it to novel attack patterns. Our experiments on real-world intrusion datasets demonstrate the effectiveness of FedNIDS by achieving an average F1 score of 0.97 across distributed networks and quickly disseminating novel attack information within four rounds of communication.