1: \begin{abstract}

2:     \acf{fl} has been recently receiving increasing consideration from the cybersecurity community as a way to collaboratively train deep learning models with distributed profiles of cyber threats, with no disclosure of training data. Nevertheless, the adoption of \ac{fl} in cybersecurity is still in its infancy, and a range of practical aspects have not been properly addressed yet. Indeed, the Federated Averaging algorithm at the core of the \ac{fl} concept requires the availability of test data to control the \ac{fl} process. Although this might be feasible in some domains, test network traffic of newly discovered attacks cannot be always shared without disclosing sensitive information.

3:     In this paper, we address the convergence of the \ac{fl} process in dynamic cybersecurity scenarios, where the trained model must be frequently updated with new recent attack profiles to empower all members of the federation with the latest detection features. To this aim, we propose \acs{ourtool} (\acl{ourtool}), an \ac{fl} solution for cybersecurity applications based on an adaptive mechanism that orchestrates the \ac{fl} process by dynamically assigning more computation to those members whose attacks profiles are harder to learn, without the need of sharing any test data to monitor the performance of the trained model. Using a recent dataset of \acs{ddos} attacks, we demonstrate that \acs{ourtool} outperforms state-of-the-art \ac{fl} algorithms in terms of convergence time and accuracy across a range of unbalanced datasets of heterogeneous \acs{ddos} attacks. We also show the robustness of our approach in a realistic scenario, where we retrain the deep learning model multiple times to introduce the profiles of new attacks on a pre-trained model.

4:     \end{abstract}

5: