Result Details
PREACT TM05000014-V1: Edge IoC Processor
Ryšavý Ondřej, doc. Ing., Ph.D., DIFS (FIT)
Burgetová Ivana, Ing., Ph.D., DIFS (FIT)
Rychlý Marek, RNDr., Ph.D., DIFS (FIT)
Matoušek Petr, doc. Ing., Ph.D., M.A., DIFS (FIT)
The result is a software tool Edge IoC Processor, developed within the PREACT project, designed for detection, processing, and sharing of Indicators of Compromise (IoC) in a distributed cybersecurity environment. It is a client-side component deployed within customer infrastructure, integrated with the Flowmon ADS system and connected to the central Threat Model Hub.
The main contribution of the result is enabling secure and scalable sharing of security events across multiple organizations while preserving sensitive data. The system implements advanced privacy-preserving mechanisms, including data anonymization, filtering rules, and quota enforcement, ensuring compliance with security policies and minimizing the risk of data leakage.
The solution supports cross-organization correlation of security events and enriches local detections with global context, improving detection accuracy and accelerating threat identification. It also includes a Smart Event Summary module that leverages Large Language Models (LLMs) to transform low-level technical data into human-readable explanations for security analysts.
The result has been implemented as a functional prototype and integrated into an experimental version of the Flowmon ADS system. It is intended for further development and commercial application in advanced cybersecurity threat detection and intelligence sharing.
cybersecurity; threat intelligence; anomaly detection; privacy-preserving data processing; edge computing; network traffic analysis; explainable AI; security event processing; data anonymization; incident analysis