Leveraging Sharing Communities to Achieve Federated Learning for Cybersecurity

TL;DR

This paper introduces a federated learning framework for cybersecurity that leverages community model sharing and streaming analytics to improve threat detection while preserving data privacy and adapting to evolving cyber threats.

Contribution

It proposes a novel architectural approach combining community model sharing with streaming analytics for incremental learning in cybersecurity.

Findings

Effective model merging without sharing sensitive data

Adaptive learning through streaming and concept drift handling

Flexible community-based threat detection management

Abstract

Automated cyber threat detection in computer networks is a major challenge in cybersecurity. The cyber domain has inherent challenges that make traditional machine learning techniques problematic, specifically the need to learn continually evolving attacks through global collaboration while maintaining data privacy, and the varying resources available to network owners. We present a scheme to mitigate these difficulties through an architectural approach using community model sharing with a streaming analytic pipeline. Our streaming approach trains models incrementally as each log record is processed, thereby adjusting to concept drift resulting from changing attacks. Further, we designed a community sharing approach which federates learning through merging models without the need to share sensitive cyber-log data. Finally, by standardizing data and Machine Learning processes in a modular way, we provide network security operators the ability to manage cyber threat events and model sensitivity through community member and analytic method weighting in ways that are best suited for their available resources and data.