# AnomLocal: A hybrid local-global anomaly detection model for network security using federated learning

**Authors:** Sulaiman Alamro

PMC · DOI: 10.1371/journal.pone.0339981 · PLOS One · 2026-02-02

## TL;DR

AnomLocal is a new cybersecurity model that combines local and global learning to detect network anomalies more accurately and privately.

## Contribution

AnomLocal introduces a hybrid local-global anomaly detection framework using federated learning to enhance privacy and accuracy in distributed networks.

## Key findings

- AnomLocal achieves 93.5% accuracy, 92.8% precision, and 91.5% recall on the UNSW-NB15 dataset.
- The framework reduces detection latency by 25%, enabling real-time operation in large-scale environments.

## Abstract

Securing distributed network infrastructures has become a major priority in modern cybersecurity, where diverse data sources and increasingly sophisticated attacks challenge the reliability of traditional anomaly detection systems. Centralised and local-only detection models often fail to balance environment-specific accuracy with cross-network generalisation, leading to reduced performance and privacy risks. This study presents AnomLocal, a hybrid anomaly detection framework that combines local learning with global federated aggregation to deliver scalable, privacy-preserving, and adaptive network protection. Each client node independently trains a neural model on its local data and shares only model parameters for aggregation through an enhanced FedAvg mechanism, ensuring global learning without exposing sensitive information. Experimental evaluation on the UNSW-NB15 dataset shows that AnomLocal achieves 93.5% accuracy, 92.8% precision, and 91.5% recall, outperforming both centralised and standalone local models. The framework also reduces detection latency by 25%, supporting real-time operation in large-scale distributed environments. By effectively unifying local sensitivity with global adaptability, AnomLocal provides a robust, interpretable, and efficient solution for next-generation distributed intrusion detection systems.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12863697/full.md

## Figures

13 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12863697/full.md

## References

51 references — full list in the complete paper: https://tomesphere.com/paper/PMC12863697/full.md

---
Source: https://tomesphere.com/paper/PMC12863697