To address privacy-sensitive DDoS detection in multi-domain heterogeneous networks, this paper proposes a federated learning (FL) framework synergized with generative adversarial networks (GANs). We pioneer the integration of GANs into the FL training pipeline to synthesize high-fidelity anomalous network flow samples, enabling cross-domain knowledge transfer while ensuring raw data never leaves its local domain. A lightweight discriminator, specifically designed for the temporal characteristics of network flows, is introduced, and differential privacy is incorporated to enhance training robustness. Evaluated on three real-world heterogeneous datasets, our method achieves an average F1-score of 0.747—outperforming state-of-the-art baselines by 12.6%—while reducing communication overhead by 37%, enabling efficient edge deployment. The core contributions are: (1) privacy-preserving generation of high-quality anomalous samples within FL, and (2) improved cross-domain generalization capability without compromising data confidentiality.

Distributed denial-of-service (DDoS) attacks remain a critical threat to Internet services, causing costly disruptions. While machine learning (ML) has shown promise in DDoS detection, current solutions struggle with multi-domain environments where attacks must be detected across heterogeneous networks and organizational boundaries. This limitation severely impacts the practical deployment of ML-based defenses in real-world settings. This paper introduces Anomaly-Flow, a novel framework that addresses this critical gap by combining Federated Learning (FL) with Generative Adversarial Networks (GANs) for privacy-preserving, multi-domain DDoS detection. Our proposal enables collaborative learning across diverse network domains while preserving data privacy through synthetic flow generation. Through extensive evaluation across three distinct network datasets, Anomaly-Flow achieves an average F1-score of $0.747$, outperforming baseline models. Importantly, our framework enables organizations to share attack detection capabilities without exposing sensitive network data, making it particularly valuable for critical infrastructure and privacy-sensitive sectors. Beyond immediate technical contributions, this work provides insights into the challenges and opportunities in multi-domain DDoS detection, establishing a foundation for future research in collaborative network defense systems. Our findings have important implications for academic research and industry practitioners working to deploy practical ML-based security solutions.