This work addresses the insufficient resilience of federated learning (FL) against poisoning attacks in cybersecurity applications. To this end, we develop the first reproducible and scalable FL testbed tailored for edge devices—integrating Raspberry Pi and NVIDIA Jetson hardware—to support distributed intrusion detection system development and adversarial evaluation. Methodologically, we implement gradient- and label-level poisoning attacks within the Flower framework and systematically quantify model robustness under diverse attack scenarios. Our contributions are threefold: (1) the first empirical validation of FL’s practicality on resource-constrained edge devices while preserving data privacy; (2) a comprehensive characterization of FL’s high sensitivity to multiple poisoning strategies; and (3) the proposal of lightweight, deployable mitigation mechanisms. Collectively, these results establish an evidence-based foundation and concrete technical pathways toward secure and trustworthy edge-based federated learning.

This paper presents the design and implementation of a Federated Learning (FL) testbed, focusing on its application in cybersecurity and evaluating its resilience against poisoning attacks. Federated Learning allows multiple clients to collaboratively train a global model while keeping their data decentralized, addressing critical needs for data privacy and security, particularly in sensitive fields like cybersecurity. Our testbed, built using Raspberry Pi and Nvidia Jetson hardware by running the Flower framework, facilitates experimentation with various FL frameworks, assessing their performance, scalability, and ease of integration. Through a case study on federated intrusion detection systems, the testbed's capabilities are shown in detecting anomalies and securing critical infrastructure without exposing sensitive network data. Comprehensive poisoning tests, targeting both model and data integrity, evaluate the system's robustness under adversarial conditions. The results show that while federated learning enhances data privacy and distributed learning, it remains vulnerable to poisoning attacks, which must be mitigated to ensure its reliability in real-world applications.