A deployment-oriented privacy-preserving CTI framework: integrating PIR, federated learning, differential privacy, and practical hardenings

Basit Öğe Kaydı
dc.authorid0009-0003-5878-5621
dc.authorid0000-0003-2865-6370
dc.contributor.authorÇamalan, Emreen_US
dc.contributor.authorÇeliktaş, Barışen_US
dc.date.accessioned2026-05-05T06:27:51Z
dc.date.available2026-05-05T06:27:51Z
dc.date.issued2026
dc.departmentIşık Üniversitesi, Lisansüstü Eğitim Enstitüsü, Bilgisayar Mühendisliği Yüksek Lisans Programıen_US
dc.departmentIşık University, School of Graduate Studies, Master’s Program in Computer Engineeringen_US
dc.departmentIşık Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Bilgisayar Mühendisliği Bölümüen_US
dc.departmentIşık University, Faculty of Engineering and Natural Sciences, Department of Computer Engineeringen_US
dc.description.abstractThreat Intelligence Platforms (TIPs) enable organizations to share indicators of compromise (IoCs), yet the operational CTI lifecycle exposes multiple, largely independent privacy surfaces: query content and access-pattern leakage during IoC lookup, gradient and membership inference risks during collaborative model training, and residual metadata side-channels in network traffic. Existing work addresses these surfaces in isolation; no prior framework orchestrates their joint mitigation within a single, deploymentoriented CTI pipeline under explicit guarantee boundaries. We present a prototype workflow-level privacy orchestration for cyber threat intelligence that coordinates four mechanisms across the query-learn-update lifecycle: (i) Private Information Retrieval (PIR) to hide queried IoC indices, (ii) cross-silo federated learning (FL) to keep raw CTI data local, (iii) a formal client-level Differential Privacy (DP) mechanism for federated model training to protect against inversion and membership inference attacks, and (iv) practical privacy hardenings, namely fixed-shape PIR batching (a traffic-shaping mechanism, not a cryptographic PIR guarantee) and secure aggregation simulated under an honest-but-curious coordinator assumption, to mitigate residual side-channel leakage. The contribution is therefore one of CTI-specific workflow orchestration and systematic evaluation, not of new cryptographic primitives: formal (ε, δ) guarantees apply exclusively to the differentially private federated learning component, while the remaining mechanisms serve as deployment-oriented hardenings under stated assumptions. We implement a working prototype over a two-million-row AbuseIPDB-style IoC dataset. Under a two-server non-colluding assumption, PIR queries complete in approximately 40 seconds with 16MB transfer per fixed batch. Local Random Forest and Logistic Regression baselines reach 89.0% and 77.00% accuracy, respectively, while federated variants with DP-FedAvg (gradient clipping and RDP-based privacy accounting) demonstrate a quantified privacy–utility trade-off across multiple noise levels. A corrected canonical single-round (T=1) baseline establishes the reconciled reference operating point; reviewer-driven multi-round experiments (T ∈ {1, 10, 20}) and an auxiliary clip-norm sensitivity analysis (C ∈ {0.5, 1.0, 2.0}) further characterize how privacy budgets, model utility, and training stability evolve beyond the single-round setting, with all (ε, δ) values computed via RDP composition for the corresponding configuration. The framework aligns with recent advances in secure aggregation and privacy-preserving CTI analytics, and is designed to be compatible with GDPR, CCPA, ISO/IEC 27701, and NIST 800-53 privacy principles, demonstrating prototype-level feasibility for regulation-aware CTI collaboration across organizations.en_US
dc.description.versionPublisher's Versionen_US
dc.identifier.citationÇamalan, E. & Çeliktaş, B. (2026). A deployment-oriented privacy-preserving CTI framework: integrating PIR, federated learning, differential privacy, and practical hardenings. IEEE Access, 11, 1-26. doi:https://doi.org/10.1109/ACCESS.2026.3686089en_US
dc.identifier.doi10.1109/ACCESS.2026.3686089
dc.identifier.endpage26
dc.identifier.issn2169-3536
dc.identifier.scopus2-s2.0-105036495658
dc.identifier.scopusqualityQ1
dc.identifier.startpage1
dc.identifier.urihttps://hdl.handle.net/11729/7372
dc.identifier.urihttps://doi.org/10.1109/ACCESS.2026.3686089
dc.identifier.volume11
dc.indekslendigikaynakScopusen_US
dc.institutionauthorÇamalan, Emreen_US
dc.institutionauthorÇeliktaş, Barışen_US
dc.institutionauthorid0009-0003-5878-5621
dc.institutionauthorid0000-0003-2865-6370
dc.language.isoenen_US
dc.peerreviewedYesen_US
dc.publicationstatusPublisheden_US
dc.publisherInstitute of Electrical and Electronics Engineers Inc.en_US
dc.relation.ispartofIEEE Accessen_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Öğrencien_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectDifferential privacyen_US
dc.subjectFederated learningen_US
dc.subjectFixed-shape PIRen_US
dc.subjectPrivacy-preserving CTIen_US
dc.subjectPrivate information retrievalen_US
dc.subjectSecure aggregationen_US
dc.subjectThreat intelligenceen_US
dc.subjectDistributed computer systemsen_US
dc.subjectHardeningen_US
dc.subjectInformation leakageen_US
dc.subjectLogistic regressionen_US
dc.subjectMetadataen_US
dc.subjectNetwork securityen_US
dc.subjectPrivacy-preserving techniquesen_US
dc.subjectQuery processingen_US
dc.subjectSide channel attacken_US
dc.subjectDifferential privaciesen_US
dc.subjectFixed-shape private information retrievalen_US
dc.subjectModel trainingen_US
dc.subjectPrivacy preservingen_US
dc.subjectSecure aggregationsen_US
dc.subjectSide-channelen_US
dc.subjectEconomic and social effectsen_US
dc.titleA deployment-oriented privacy-preserving CTI framework: integrating PIR, federated learning, differential privacy, and practical hardeningsen_US
dc.typeArticleen_US
dspace.entity.typePublicationen_US

Dosyalar

Orijinal paket
Listeleniyor 1 - 1 / 1
Küçük Resim
İsim:
A_Deployment_Oriented_Privacy_Preserving_CTI_Framework_Integrating_PIR_Federated_Learning_Differential_Privacy_and_Practical_Hardenings.pdf
Boyut:
1.4 MB
Biçim:
Adobe Portable Document Format
İndir
Lisans paketi
Listeleniyor 1 - 1 / 1
Küçük Resim Yok
İsim:
license.txt
Boyut:
1.17 KB
Biçim:
Item-specific license agreed upon to submission
Açıklama:
İndir

Koleksiyon

Öğrenci Yayınları Makale Koleksiyonu
Lisansüstü Eğitim Enstitüsü Diğer Yayınlar Koleksiyonu
Makale Koleksiyonu | Bilgisayar Mühendisliği Bölümü
Scopus İndeksli Yayınlar Koleksiyonu