# Transformer-Based Multi-Source Transfer Learning for Intrusion Detection Models with Privacy and Efficiency Balance

**Authors:** Baoqiu Yang, Guoyin Zhang, Kunpeng Wang

PMC · DOI: 10.3390/e28020136 · 2026-01-24

## TL;DR

This paper introduces TrMulS, a new intrusion detection framework that improves cross-domain adaptability, privacy, and detection accuracy using federated learning and transformers.

## Contribution

The novel TrMulS framework combines federated learning, GANs, and transformers for efficient and private cross-domain intrusion detection.

## Key findings

- TrMulS significantly improves detection accuracy in cross-domain scenarios.
- The framework effectively minimizes feature distribution differences between domains using MMD.
- Experiments on standard datasets validate the model's effectiveness and privacy-preserving capabilities.

## Abstract

The current intrusion detection methods suffer from deficiencies in terms of cross-domain adaptability, privacy preservation, and limited effectiveness in detecting minority-class attacks. To address these issues, a novel intrusion detection model framework, TrMulS, is proposed that integrates federated learning, generative adversarial networks with multispace feature enhancement ability, and transformers with multi-source transfer ability. First, at each institution (source domain), local spatial features are extracted through a CNN, multiple subsets are constructed (to solve the feature singularity problem), and the multihead self-attention mechanism of the transformer is utilized to capture the correlation of features. Second, the synthetic samples of the target domain are generated on the basis of the improved Exchange-GAN, and the cross-domain transfer module is designed by combining the Maximum Mean Discrepancy (MMD) to minimize the feature distribution difference between the source domain and the target domain. Finally, the federated transfer learning strategy is adopted. The model parameters of each local institution are encrypted and uploaded to the target server and then aggregated to generate the global model. These steps iterate until convergence, yielding the globally optimal model. Experiments on the ISCX2012, KDD99 and NSL-KDD intrusion detection standard datasets show that the detection accuracy of this method is significantly improved in cross-domain scenarios. This paper presents a novel paradigm for cross-domain security intelligence analysis that considers efficiency, privacy and balance.

## Full-text entities

- **Genes:** MMD (monocyte to macrophage differentiation associated) [NCBI Gene 23531] {aka MMA, MMD1, PAQR11}, MMD2 (monocyte to macrophage differentiation associated 2) [NCBI Gene 221938] {aka PAQR10}, CIC (capicua transcriptional repressor) [NCBI Gene 23152] {aka MRD45}
- **Diseases:** KDD99 (MESH:C536557), injury to (MESH:D014947), IDS (MESH:C537310), infections (MESH:D007239), Collapse (MESH:D001261)
- **Chemicals:** RTX (MESH:C024353), CO2 (MESH:D002245), GAN (-)
- **Species:** Homo sapiens (human, species) [taxon 9606]
- **Cell lines:** U2R — Homo sapiens (Human), Osteosarcoma, Cancer cell line (CVCL_T430), R2L — Leontopithecus rosalia (Golden lion tamarin), Finite cell line (CVCL_U239), DoS — Homo sapiens (Human), Gastric signet ring cell adenocarcinoma, Cancer cell line (CVCL_5379), ISCX2012 — Homo sapiens (Human), Chronic myelogenous leukemia, BCR-ABL1 positive, Cancer cell line (CVCL_SS08)

## Figures

6 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12939498/full.md

---
Source: https://tomesphere.com/paper/PMC12939498