Filtreler

2025 - 20262
Filtreleri Sıfırla

Ayarlar

Yazar: Çamalan, Emre × Konu: Privacy-preserving techniques ×

Arama Sonuçları

Listeleniyor 1 - 2 / 2
  • Küçük Resim
    Yayın
    Privacy-preserving cyber threat intelligence: a framework combining private information retrieval, federated learning, and differential privacy
    (Institute of Electrical and Electronics Engineers Inc., 2025-09-21) Çamalan, Emre; Çeliktaş, Barış
    Threat Intelligence Platforms (TIPs) are essential for sharing indicators of compromise (IoCs), but querying them can leak sensitive organizational data. We propose a privacy-preserving framework that combines Private Information Retrieval (PIR), Federated Learning (FL), and Differential Privacy (DP) to mitigate this risk. Our approach addresses both content-level and metadata-level privacy concerns while supporting collaborative learning across organizations. It ensures that sensitive query patterns remain hidden, local threat data never leaves organizational boundaries, and model updates are protected against inference attacks. The framework integrates with existing TIPs such as MISP and OpenCTI, requiring minimal operational changes. We implement a prototype using a simulated Abuse IP dataset and evaluate it on latency, accuracy, and communication overhead. The system supports private queries in under 300 ms and maintains over 95% model accuracy under DP noise. These results indicate that strong privacy can be achieved with minimal performance trade-offs, making the approach viable for real-world CTI environments.
  • Küçük Resim
    Yayın
    A deployment-oriented privacy-preserving CTI framework: integrating PIR, federated learning, differential privacy, and practical hardenings
    (Institute of Electrical and Electronics Engineers Inc., 2026) Çamalan, Emre; Çeliktaş, Barış
    Threat Intelligence Platforms (TIPs) enable organizations to share indicators of compromise (IoCs), yet the operational CTI lifecycle exposes multiple, largely independent privacy surfaces: query content and access-pattern leakage during IoC lookup, gradient and membership inference risks during collaborative model training, and residual metadata side-channels in network traffic. Existing work addresses these surfaces in isolation; no prior framework orchestrates their joint mitigation within a single, deploymentoriented CTI pipeline under explicit guarantee boundaries. We present a prototype workflow-level privacy orchestration for cyber threat intelligence that coordinates four mechanisms across the query-learn-update lifecycle: (i) Private Information Retrieval (PIR) to hide queried IoC indices, (ii) cross-silo federated learning (FL) to keep raw CTI data local, (iii) a formal client-level Differential Privacy (DP) mechanism for federated model training to protect against inversion and membership inference attacks, and (iv) practical privacy hardenings, namely fixed-shape PIR batching (a traffic-shaping mechanism, not a cryptographic PIR guarantee) and secure aggregation simulated under an honest-but-curious coordinator assumption, to mitigate residual side-channel leakage. The contribution is therefore one of CTI-specific workflow orchestration and systematic evaluation, not of new cryptographic primitives: formal (ε, δ) guarantees apply exclusively to the differentially private federated learning component, while the remaining mechanisms serve as deployment-oriented hardenings under stated assumptions. We implement a working prototype over a two-million-row AbuseIPDB-style IoC dataset. Under a two-server non-colluding assumption, PIR queries complete in approximately 40 seconds with 16MB transfer per fixed batch. Local Random Forest and Logistic Regression baselines reach 89.0% and 77.00% accuracy, respectively, while federated variants with DP-FedAvg (gradient clipping and RDP-based privacy accounting) demonstrate a quantified privacy–utility trade-off across multiple noise levels. A corrected canonical single-round (T=1) baseline establishes the reconciled reference operating point; reviewer-driven multi-round experiments (T ∈ {1, 10, 20}) and an auxiliary clip-norm sensitivity analysis (C ∈ {0.5, 1.0, 2.0}) further characterize how privacy budgets, model utility, and training stability evolve beyond the single-round setting, with all (ε, δ) values computed via RDP composition for the corresponding configuration. The framework aligns with recent advances in secure aggregation and privacy-preserving CTI analytics, and is designed to be compatible with GDPR, CCPA, ISO/IEC 27701, and NIST 800-53 privacy principles, demonstrating prototype-level feasibility for regulation-aware CTI collaboration across organizations.