Federated Cyber Defense: Privacy-Preserving Ransomware Detection Across Distributed Systems
- URL: http://arxiv.org/abs/2511.01583v1
- Date: Mon, 03 Nov 2025 13:54:13 GMT
- Title: Federated Cyber Defense: Privacy-Preserving Ransomware Detection Across Distributed Systems
- Authors: Daniel M. Jimenez-Gutierrez, Enrique Zuazua, Joaquin Del Rio, Oleksii Sliusarenko, Xabi Uribe-Etxebarria,
- Abstract summary: Training high-performing AI detectors requires diverse datasets, which are often distributed across multiple organizations.<n>Centralization is often impractical due to security, privacy regulations, data ownership issues, and legal barriers to cross-organizational sharing.<n>In this paper, we evaluate Federated Learning (FL) using the Sherpa.ai FL platform, which enables multiple organizations to collaboratively train a ransomware detection model.
- Score: 0.20878272814614088
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Detecting malware, especially ransomware, is essential to securing today's interconnected ecosystems, including cloud storage, enterprise file-sharing, and database services. Training high-performing artificial intelligence (AI) detectors requires diverse datasets, which are often distributed across multiple organizations, making centralization necessary. However, centralized learning is often impractical due to security, privacy regulations, data ownership issues, and legal barriers to cross-organizational sharing. Compounding this challenge, ransomware evolves rapidly, demanding models that are both robust and adaptable. In this paper, we evaluate Federated Learning (FL) using the Sherpa.ai FL platform, which enables multiple organizations to collaboratively train a ransomware detection model while keeping raw data local and secure. This paradigm is particularly relevant for cybersecurity companies (including both software and hardware vendors) that deploy ransomware detection or firewall systems across millions of endpoints. In such environments, data cannot be transferred outside the customer's device due to strict security, privacy, or regulatory constraints. Although FL applies broadly to malware threats, we validate the approach using the Ransomware Storage Access Patterns (RanSAP) dataset. Our experiments demonstrate that FL improves ransomware detection accuracy by a relative 9% over server-local models and achieves performance comparable to centralized training. These results indicate that FL offers a scalable, high-performing, and privacy-preserving framework for proactive ransomware detection across organizational and regulatory boundaries.
Related papers
- FuSeFL: Fully Secure and Scalable Cross-Silo Federated Learning [0.696125353550498]
Federated Learning (FL) enables collaborative model training without centralizing client data, making it attractive for privacy-sensitive domains.<n>We present FuSeFL, a fully secure and scalable FL scheme designed for cross-silo settings.
arXiv Detail & Related papers (2025-07-18T00:50:44Z) - A Virtual Cybersecurity Department for Securing Digital Twins in Water Distribution Systems [39.58317527488534]
Digital twins (DTs) help improve real-time monitoring and decision-making in water distribution systems.<n>Their connectivity makes them easy targets for cyberattacks such as scanning, denial-of-service (DoS), and unauthorized access.<n>We present a Virtual Cybersecurity Department (VCD), an affordable and automated framework designed for SMEs.
arXiv Detail & Related papers (2025-04-28T21:14:48Z) - Lancelot: Towards Efficient and Privacy-Preserving Byzantine-Robust Federated Learning within Fully Homomorphic Encryption [10.685816010576918]
We propose Lancelot, an innovative and computationally efficient BRFL framework that employs fully homomorphic encryption (FHE) to safeguard against malicious client activities while preserving data privacy.
Our extensive testing, which includes medical imaging diagnostics and widely-used public image datasets, demonstrates that Lancelot significantly outperforms existing methods, offering more than a twenty-fold increase in processing speed, all while maintaining data privacy.
arXiv Detail & Related papers (2024-08-12T14:48:25Z) - Effective Intrusion Detection in Heterogeneous Internet-of-Things Networks via Ensemble Knowledge Distillation-based Federated Learning [52.6706505729803]
We introduce Federated Learning (FL) to collaboratively train a decentralized shared model of Intrusion Detection Systems (IDS)
FLEKD enables a more flexible aggregation method than conventional model fusion techniques.
Experiment results show that the proposed approach outperforms local training and traditional FL in terms of both speed and performance.
arXiv Detail & Related papers (2024-01-22T14:16:37Z) - Privacy-Preserving Intrusion Detection in Software-defined VANET using Federated Learning with BERT [0.0]
The present study introduces a novel approach for intrusion detection using Federated Learning (FL) capabilities.
FL-BERT has yielded promising results, opening avenues for further investigation in this particular area of research.
Our results suggest that FL-BERT is a promising technique for enhancing attack detection.
arXiv Detail & Related papers (2024-01-14T18:32:25Z) - Ransomware Detection Using Federated Learning with Imbalanced Datasets [0.0]
This paper presents a weighted cross-entropy loss function approach to mitigate dataset imbalance.
A detailed performance evaluation study is then presented for the case of static analysis using the latest Windows-based ransomware families.
arXiv Detail & Related papers (2023-11-13T21:21:39Z) - A survey on hardware-based malware detection approaches [45.24207460381396]
Hardware-based malware detection approaches leverage hardware performance counters and machine learning prowess.
We meticulously analyze the approach, unraveling the most common methods, algorithms, tools, and datasets that shape its contours.
The discussion extends to crafting mixed hardware and software approaches for collaborative efficacy, essential enhancements in hardware monitoring units, and a better understanding of the correlation between hardware events and malware applications.
arXiv Detail & Related papers (2023-03-22T13:00:41Z) - CrowdGuard: Federated Backdoor Detection in Federated Learning [39.58317527488534]
This paper presents a novel defense mechanism, CrowdGuard, that effectively mitigates backdoor attacks in Federated Learning.
CrowdGuard employs a server-located stacked clustering scheme to enhance its resilience to rogue client feedback.
The evaluation results demonstrate that CrowdGuard achieves a 100% True-Positive-Rate and True-Negative-Rate across various scenarios.
arXiv Detail & Related papers (2022-10-14T11:27:49Z) - RL-DistPrivacy: Privacy-Aware Distributed Deep Inference for low latency
IoT systems [41.1371349978643]
We present an approach that targets the security of collaborative deep inference via re-thinking the distribution strategy.
We formulate this methodology, as an optimization, where we establish a trade-off between the latency of co-inference and the privacy-level of data.
arXiv Detail & Related papers (2022-08-27T14:50:00Z) - Analyzing Machine Learning Approaches for Online Malware Detection in
Cloud [0.0]
We present online malware detection based on process level performance metrics and analyze the effectiveness of different machine learning models.
Our analysis conclude that neural network models can most accurately detect the malware that have on the process level features of virtual machines in the cloud.
arXiv Detail & Related papers (2021-05-19T17:28:12Z) - A Secure Federated Learning Framework for 5G Networks [44.40119258491145]
Federated Learning (FL) has been proposed as an emerging paradigm to build machine learning models using distributed training datasets.
There are two critical security threats: poisoning and membership inference attacks.
We propose a blockchain-based secure FL framework to create smart contracts and prevent malicious or unreliable participants from involving in FL.
arXiv Detail & Related papers (2020-05-12T13:27:23Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.