Privacy-Preserving Anomaly Detection in Cloud Services Using Hierarchical Federated Learning with Differential Privacy

Identifying abnormal behaviors plays a vital role in ensuring cloud infrastructure remains secure and operationally stable. Conventional methods that aggregate data at a single location create substantial privacy concerns, especially within shared cloud platforms hosting multiple organizations with confidential operational information. This paper proposes HierFedDP, a hierarchical federated learning framework integrated with a two-stage differential privacy mechanism for privacy-preserving anomaly detection in cloud services. Our approach employs a three-tier architecture consisting of local clients, edge servers, and a central cloud server, where clients apply local differential privacy to their updates before transmission. We introduce an edge aggregation frequency parameter that enables edge servers to perform multiple local aggregation rounds before communicating with the central cloud. Experiments on the CICIDS2017 dataset demonstrate that HierFedDP achieves detection performance comparable to standard local differential privacy approaches while reducing wide-area network (WAN) communication overhead by 49%. This significant communication reduction, achieved without sacrificing privacy guarantees or detection accuracy, makes HierFedDP particularly suitable for bandwidth-constrained, geo-distributed cloud deployments.