Secure and Privacy-Conscious Threat Detection via Federated Learning and Graph Neural Networks

Researchers from University of Virginia, George Mason University

Researchers will address the integration of federated learning (FL) and graph neural networks (GNNs) to develop scalable privacy-centric host-based intrusion detection systems (HIDS) for threat detection.

Funded by the CCI Hub

Project Investigators

Principal Investigator (PI): Wajih Ul Hassan, University of Virginia Department of Computer Science.
Co-PI: Zhuangdi Zhu, George Mason University Department of Cyber Security Engineering.

Rationale

Organizations depend on HIDS logs to detect and block advanced persistent threats (APTs). These logs include such sensitive data as IP addresses, process names, and file activities.

Central management of these logs through managed security service providers (MSSPs) on cloud servers could potentially breach user privacy.

FL offers a viable solution by allowing decentralized machine learning models to be trained on distributed data sources without sharing raw data while significantly improving scalability and reducing network overhead compared with traditional intrusion-detection systems.

Projected Outcomes

Develop a testbed to generate logs of real-world APTs and benign activities for intrusion-detection system testing and community sharing.
Construct a decentralized detection system using FL to maintain data locality to enhance privacy and GNNs to analyze provenance graphs for detailed log insights, identifying stealthy behaviors.
Establish a framework for secure, private incident response to validate threats without exposing sensitive logs.

These initiatives aim to significantly advance HIDS technology by combining advanced learning algorithms with stringent privacy safeguards.