Although the Internet of Things (IoT) is one of the fastest-growing technology paradigms, efforts in securing this environment do not advance as fast. A classical type of network security mechanism is the Intrusion Detection System (IDS). However, mainly due to their resource limitations, their incorporation to IoT environments built on top of low-end devices is not easy. To make this incorporation easier, this paper proposes a Distributed Immune Security Architecture (DISA) based on Artificial Immune Systems. DISA incorporates modules across network tiers (e.g. Cloud, Fog, and Edge) for monitoring, aggregation, training, storage of traffic models, and resource control. Using a dataset tailored for the training of Intrusion Detectors, we implemented and validated a distributed Intrusion Detector model combining Federated and Active Learning methods, named Fed-Active. Experimental results show that Fed-Active model reduces training times and achieves predictive performance comparable to those of traditional centralized approaches