Event article related to IDUNN: Cyber threat hunting using unsupervised federated learning and adversary emulation

We are excited to announce the publication of a new study associated with the European IDUNN project, addressing critical challenges in cybersecurity. This study introduces a federated learning-based approach for cyber threat hunting at the endpoint level, utilizing the collective intelligence of multiple devices to effectively and confidentially detect attacks on individual machines.

The proposed method includes the development of a security assessment tool that emulates the behavior of adversary groups and Advanced Persistent Threat (APT) actors within the network. This tool provides network security experts with the ability to assess the resilience of their network environment and assists in generating authentic data derived from diverse threats for use in subsequent stages of the federated learning model.

The results of the experiments demonstrate that the proposed model effectively detects cyber threats on devices while safeguarding privacy.

Abstract—The rapid growth of communication networks, coupled with the increasing complexity of cyber threats, necessitates the implementation of proactive measures to protect networks and systems. In this study, we introduce a federated learningbased approach for cyber threat hunting at the endpoint level. The proposed method utilizes the collective intelligence of multiple devices to effectively and confidentially detect attacks on individual machines. A security assessment tool is also developed to emulate the behavior of adversary groups and Advanced Persistent Threat (APT) actors in the network. This tool provides network security experts with the ability to assess their network environment’s resilience and aids in generating authentic data derived from diverse threats for use in subsequent stages of the federated learning (FL) model. The results of the experiments demonstrate that the proposed model effectively detects cyber threats on the devices while safeguarding privacy.

Index Terms—Threat hunting, Cyber threats, Threat actors, Federated learning, adversary emulation.

Link to the publication