This work proposes PenTiDef, a novel framework addressing the dual challenges of privacy leakage and poisoning attacks that undermine robustness in decentralized federated intrusion detection systems. PenTiDef uniquely integrates distributed differential privacy (DDP), latent space representations (LSR) of neural networks, and a blockchain-based smart contract mechanism to enable privacy-preserving, tamper-resistant model aggregation without relying on a central server. The framework simultaneously facilitates malicious update detection and trustworthy consensus among participants. Experimental evaluations on the CIC-IDS2018 and Edge-IIoTSet datasets demonstrate that PenTiDef significantly outperforms existing approaches such as FLARE and FedCC, exhibiting superior robustness and scalability under diverse attack scenarios and non-IID data distributions, while effectively eliminating single points of failure.

The increasing deployment of Federated Learning (FL) in Intrusion Detection Systems (IDS) introduces new challenges related to data privacy, centralized coordination, and susceptibility to poisoning attacks. While significant research has focused on protecting traditional FL-IDS with centralized aggregation servers, there remains a notable gap in addressing the unique challenges of decentralized FL-IDS (DFL-IDS). This study aims to address the limitations of traditional centralized FL-IDS by proposing a novel defense framework tailored for the decentralized FL-IDS architecture, with a focus on privacy preservation and robustness against poisoning attacks. We propose PenTiDef, a privacy-preserving and robust defense framework for DFL-IDS, which incorporates Distributed Differential Privacy (DDP) to protect data confidentiality and utilizes latent space representations (LSR) derived from neural networks to detect malicious updates in the decentralized model aggregation context. To eliminate single points of failure and enhance trust without a centralized aggregation server, PenTiDef employs a blockchain-based decentralized coordination mechanism that manages model aggregation, tracks update history, and supports trust enforcement through smart contracts. Experimental results on CIC-IDS2018 and Edge-IIoTSet demonstrate that PenTiDef consistently outperforms existing defenses (e.g., FLARE, FedCC) across various attack scenarios and data distributions. These findings highlight the potential of PenTiDef as a scalable and secure framework for deploying DFL-based IDS in adversarial environments. By leveraging privacy protection, malicious behavior detection in hidden data, and working without a central server, it provides a useful security solution against real-world attacks from untrust participants.