Leveraging Sharing Communities to Achieve Federated Learning for Cybersecurity

Automated cyber threat detection in computer networks is a major challenge in cybersecurity. The cyber domain has inherent challenges that make traditional machine learning techniques problematic, specifically the need to learn continually evolving attacks through global collaboration while maintaining data privacy, and the varying resources available to network owners. We present a scheme to mitigate these difficulties through an architectural approach using community model sharing with a streaming analytic pipeline. Our streaming approach trains models incrementally as each log record is processed, thereby adjusting to concept drift resulting from changing attacks. Further, we designed a community sharing approach which federates learning through merging models without the need to share sensitive cyber-log data. Finally, by standardizing data and Machine Learning processes in a modular way, we provide network security operators the ability to manage cyber threat events and model sensitivity through community member and analytic method weighting in ways that are best suited for their available resources and data.