Automated cyber threat detection in computer networks is a major challenge in
cybersecurity. The cyber domain has inherent challenges that make traditional
machine learning techniques problematic, specifically the need to learn
continually evolving attacks through global collaboration while maintaining
data privacy, and the varying resources available to network owners. We present
a scheme to mitigate these difficulties through an architectural approach using
community model sharing with a streaming analytic pipeline. Our streaming
approach trains models incrementally as each log record is processed, thereby
adjusting to concept drift resulting from changing attacks. Further, we
designed a community sharing approach which federates learning through merging
models without the need to share sensitive cyber-log data. Finally, by
standardizing data and Machine Learning processes in a modular way, we provide
network security operators the ability to manage cyber threat events and model
sensitivity through community member and analytic method weighting in ways that
are best suited for their available resources and data.

By admin