Constraint-based Network Topology Generation for Evaluating Federated Intrusion Detection Systems

Federated Intrusion Detection Systems (FIDSs) emerged as a promising approach to collaborative cybersecurity, enabling organizations to train intrusion detection models without sharing sensitive data. However, evaluating such systems faces significant challenges due to the lack of available datasets that capture the heterogeneity of real-world distributed networks. Existing datasets are typically generated using single network topologies, forcing researchers to rely on artificial partitioning strategies that cannot replicate heterogeneous data distributions that exist in practice. To address this limitation, we propose a novel approach for generating heterogeneous network topologies specifically designed to evaluate distributed and federated intrusion detection systems. Because creating realistic topologies from scratch is particularly complex, we construct complex topologies from a library of predefined sub-topologies using constraint programming, and compose them into larger, realistic network structures. We implement a prototype and evaluate its performance across multiple parameters including library size, maximum number of nodes, tree depth, and service constraints. The results highlight that, while the derivation time scales rapidly with most parameters due to the combinatorial nature of the problem, the tool successfully generates large numbers of diverse topologies while maintaining control over their heterogeneity characteristics.