Sharing Machine Learning Models IoC for Cyber Threats Mitigation

Topic Description:

Research begins with the collection and analysis of indicators of compromise (IoC) from monitored network systems, which are then used to build a threat model of detected attacks. The model will then be shared and distributed to other networks to proactively improve the security of the network environment against detected threats.

The research includes the collection and analysis of threat data from anomaly detection systems. This data will be used to build a threat model using machine learning techniques or large language models (LLM). The created threat model will be distributed to other networks to proactively adapt the security of the networks against the detected threats.

Since the system shares sensitive data retrieved from detection systems, the solution requires ensuring the privacy of this data using federated learning.

References:

• R. -H. Hsu et al., "A Privacy-Preserving Federated Learning System for Android Malware Detection Based on Edge Computing," 2020 15th Asia Joint Conference on Information Security (AsiaJCIS), Taipei, Taiwan, 2020, pp. 128-136.
• Preuveneers, Davy, and Wouter Joosen. 2021. "Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence" Journal of Cybersecurity and Privacy 1, no. 1: 140-163.
• Xiong, Wenjun, et al. "Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix." Software and Systems Modeling 21.1 (2022): 157-177.