Leveraging Sharing Communities to Achieve Federated Learning for Cybersecurity
This work addresses cybersecurity challenges for network operators by enabling privacy-aware, resource-efficient threat detection, though it appears incremental in its architectural approach.
The paper tackles automated cyber threat detection by proposing a federated learning scheme that trains models incrementally on streaming log data to adapt to evolving attacks, achieving privacy-preserving collaboration through community model sharing without sharing sensitive data.
Automated cyber threat detection in computer networks is a major challenge in cybersecurity. The cyber domain has inherent challenges that make traditional machine learning techniques problematic, specifically the need to learn continually evolving attacks through global collaboration while maintaining data privacy, and the varying resources available to network owners. We present a scheme to mitigate these difficulties through an architectural approach using community model sharing with a streaming analytic pipeline. Our streaming approach trains models incrementally as each log record is processed, thereby adjusting to concept drift resulting from changing attacks. Further, we designed a community sharing approach which federates learning through merging models without the need to share sensitive cyber-log data. Finally, by standardizing data and Machine Learning processes in a modular way, we provide network security operators the ability to manage cyber threat events and model sensitivity through community member and analytic method weighting in ways that are best suited for their available resources and data.