Label Poisoning Attacks Against Zero-Day Detection in Collaborative Intrusion Detection Systems
Abstract
Collaborative Intrusion Detection Systems (IDSs), such as Counselors Networks (CNs), enhance zero-day attack detection through the exchange of recommendations among autonomous nodes. However, this mechanism becomes vulnerable to label poisoning attacks, which can propagate through exchanged advice. This paper formalizes the advice poisoning attack and evaluates its impact on CN-based IDSs by analyzing learning dynamics and detection performance in a cyber-physical scenario involving unmanned aerial vehicles. Experiments conducted on a three-node CN, considering poisoning rates of 0%, 50%, and 100%, reveal an increase in conflicts among classifiers under selective poisoning, as well as a severe degradation in zero-day attack detection as the poisoning rate increases, ultimately collapsing the collaborative intelligence.References
Belenguer, A., Garcia-Teodoro, P., Diaz-Verdejo, J., and Maciá-Fernández, G. (2025). Federated learning for intrusion detection systems: A comprehensive review. Computer Networks, 241:110204.
Chen, L., Zhai, W., Bu, X., Sun, M., and Zhu, C. (2025). A lightweight robust training method for defending model poisoning attacks in federated learning assisted uav networks. Drones, 9(8):528.
da Silva, L. M. and Branco, K. R. (2025). Collaborative intrusion detection system for unmanned aerial vehicles swarm security. In Concurso de Teses e Dissertações (CTD), pages 134–143. SBC.
Feng, C., Li, Y., Gao, Y., Celdrán, A. H., von der Assen, J., Bovet, G., and Stiller, B. (2025). Dmpa: Model poisoning attacks on decentralized federated learning for model differences. arXiv preprint arXiv:2502.04771.
Hassler, S. C., Mughal, U. A., and Ismail, M. (2024). Cyber-physical intrusion detection system for unmanned aerial vehicles. IEEE Transactions on Intelligent Transportation Systems, 25(6):6106–6117.
Jha, R. D., Hayase, J., and Oh, S. (2023). Label poisoning is all you need. In Proceedings of the 37th International Conference on Neural Information Processing Systems, NIPS ’23, Red Hook, NY, USA. Curran Associates Inc.
Lavaur, L., Busnel, Y., and Autrel, F. (2025). Investigating the impact of label-flipping attacks against federated learning for collaborative intrusion detection. Computers & Security, 156:104462.
Liu, Z., Liu, Z., and Yang, X. (2023). Poisoning attack based on data feature selection in federated learning. In 2023 13th International Conference on Cloud Computing, Data Science & Engineering (Confluence), pages 106–110. IEEE.
McMahan, H. B., Moore, E., Ramage, D., Hampson, S., and Arcas, B. A. y. (2017). Communication-efficient learning of deep networks from decentralized data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS), volume 54 of Proceedings of Machine Learning Research, pages 1273–1282, Fort Lauderdale, FL, USA. PMLR.
Quincozes, S. E., dos Santos, C. R. P., Nunes, R. C., de Albuquerque, C. V. N., Passos, D. G., and Mossé, D. (2019). A counselors-based intrusion detection architecture. In Ziviani, A., de Albuquerque, C. V. N., and Moraes, I. M., editors, 9th Latin American Network Operations and Management Symposium (LANOMS 2019), Niterói, Rio de Janeiro, Brazil, September 25–27, 2019, pages 1–8. IFIP.
Quincozes, S. E., Raniery, C., Ceretta Nunes, R., Albuquerque, C., Passos, D., and Mossé, D. (2021). Counselors network for intrusion detection. International Journal of Network Management, 31(3):e2111.
Rodríguez-Barroso, N., Stipcich, G., Vicent, J., Binos, E., Cazorla, M., Marín, L., Serrano, J., and Lobo, J. L. (2023). Survey on federated learning threats: Concepts, taxonomy on attacks and defences, experimental study and challenges. Information Fusion, 89:1–38.
Tan, S., Hao, F., Gu, T., Li, L., and Liu, M. (2023). Collusive model poisoning attack in decentralized federated learning. IEEE Transactions on Industrial Informatics, 20(4):5989–5999.
Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., and Fischer, M. (2015). A taxonomy and survey of collaborative intrusion detection systems. ACM Computing Surveys, 47(4):1–33.
Xue, L., Zhong, L., Zhang, J., Chen, Z., Cheng, H., and Li, J. (2025). Decentralized federated learning for adversarial anomaly detection in consumer-grade uav-assisted mec systems. IEEE Transactions on Consumer Electronics, 71(4):10797–10811.
Yang, R., He, H., Wang, Y., Qu, Y., and Zhang, W. (2023). Dependable federated learning for IoT intrusion detection against poisoning attacks. Computers & Security, 132:103381.
Chen, L., Zhai, W., Bu, X., Sun, M., and Zhu, C. (2025). A lightweight robust training method for defending model poisoning attacks in federated learning assisted uav networks. Drones, 9(8):528.
da Silva, L. M. and Branco, K. R. (2025). Collaborative intrusion detection system for unmanned aerial vehicles swarm security. In Concurso de Teses e Dissertações (CTD), pages 134–143. SBC.
Feng, C., Li, Y., Gao, Y., Celdrán, A. H., von der Assen, J., Bovet, G., and Stiller, B. (2025). Dmpa: Model poisoning attacks on decentralized federated learning for model differences. arXiv preprint arXiv:2502.04771.
Hassler, S. C., Mughal, U. A., and Ismail, M. (2024). Cyber-physical intrusion detection system for unmanned aerial vehicles. IEEE Transactions on Intelligent Transportation Systems, 25(6):6106–6117.
Jha, R. D., Hayase, J., and Oh, S. (2023). Label poisoning is all you need. In Proceedings of the 37th International Conference on Neural Information Processing Systems, NIPS ’23, Red Hook, NY, USA. Curran Associates Inc.
Lavaur, L., Busnel, Y., and Autrel, F. (2025). Investigating the impact of label-flipping attacks against federated learning for collaborative intrusion detection. Computers & Security, 156:104462.
Liu, Z., Liu, Z., and Yang, X. (2023). Poisoning attack based on data feature selection in federated learning. In 2023 13th International Conference on Cloud Computing, Data Science & Engineering (Confluence), pages 106–110. IEEE.
McMahan, H. B., Moore, E., Ramage, D., Hampson, S., and Arcas, B. A. y. (2017). Communication-efficient learning of deep networks from decentralized data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS), volume 54 of Proceedings of Machine Learning Research, pages 1273–1282, Fort Lauderdale, FL, USA. PMLR.
Quincozes, S. E., dos Santos, C. R. P., Nunes, R. C., de Albuquerque, C. V. N., Passos, D. G., and Mossé, D. (2019). A counselors-based intrusion detection architecture. In Ziviani, A., de Albuquerque, C. V. N., and Moraes, I. M., editors, 9th Latin American Network Operations and Management Symposium (LANOMS 2019), Niterói, Rio de Janeiro, Brazil, September 25–27, 2019, pages 1–8. IFIP.
Quincozes, S. E., Raniery, C., Ceretta Nunes, R., Albuquerque, C., Passos, D., and Mossé, D. (2021). Counselors network for intrusion detection. International Journal of Network Management, 31(3):e2111.
Rodríguez-Barroso, N., Stipcich, G., Vicent, J., Binos, E., Cazorla, M., Marín, L., Serrano, J., and Lobo, J. L. (2023). Survey on federated learning threats: Concepts, taxonomy on attacks and defences, experimental study and challenges. Information Fusion, 89:1–38.
Tan, S., Hao, F., Gu, T., Li, L., and Liu, M. (2023). Collusive model poisoning attack in decentralized federated learning. IEEE Transactions on Industrial Informatics, 20(4):5989–5999.
Vasilomanolakis, E., Karuppayah, S., Mühlhäuser, M., and Fischer, M. (2015). A taxonomy and survey of collaborative intrusion detection systems. ACM Computing Surveys, 47(4):1–33.
Xue, L., Zhong, L., Zhang, J., Chen, Z., Cheng, H., and Li, J. (2025). Decentralized federated learning for adversarial anomaly detection in consumer-grade uav-assisted mec systems. IEEE Transactions on Consumer Electronics, 71(4):10797–10811.
Yang, R., He, H., Wang, Y., Qu, Y., and Zhang, W. (2023). Dependable federated learning for IoT intrusion detection against poisoning attacks. Computers & Security, 132:103381.
Published
2026-05-25
How to Cite
SIERVO, Giovanni H. M. de L.; CHESSIO, Maria Eduarda S.; QUINCOZES, Silvio E.; MOSSÉ, Daniel; QUINCOZES, Vagner E.; ALBUQUERQUE, Célio; PASSOS, Diego.
Label Poisoning Attacks Against Zero-Day Detection in Collaborative Intrusion Detection Systems. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 44. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 295-308.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2026.19949.
