LegionITS: A Federated Intrusion-Tolerant System Architecture

• URL: http://arxiv.org/abs/2512.14242v1
• Date: Tue, 16 Dec 2025 09:52:08 GMT
• Title: LegionITS: A Federated Intrusion-Tolerant System Architecture
• Authors: Tadeu Freitas, Carlos Novo, Manuel E. Correia, Rolando Martins,
• Abstract summary: We propose a novel architecture that federates Intrusion Tolerant Systems (ITSs) and Malware Information Sharing Platform (MISP) to empower SOCs.<n>As a proof of concept, we evaluate one module by applying Differential Privacy (DP) to Federated Learning (FL), observing a manageable accuracy drop from 98.42% to 85.98%.
• Score: 0.6524460254566903
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: The growing sophistication, frequency, and diversity of cyberattacks increasingly exceed the capacity of individual entities to fully understand and counter them. While existing solutions, such as Security Information and Event Management (SIEM) systems, Security Orchestration, Automation, and Response (SOAR) platforms, and Security Operation Center (SOC), play a vital role in mitigating known threats, they often struggle to effectively address emerging and unforeseen attacks. To increase the effectiveness of cyber defense, it is essential to foster greater information sharing between entities; however, this requires addressing the challenge of exchanging sensitive data without compromising confidentiality or operational security. To address the challenges of secure and confidential Cyber Threat Intelligence (CTI) sharing, we propose a novel architecture that federates Intrusion Tolerant Systems (ITSs) and leverages concepts from Malware Information Sharing Platform (MISP) to empower SOCs. This framework enables controlled collaboration and data privacy while enhancing collective defenses. As a proof of concept, we evaluate one module by applying Differential Privacy (DP) to Federated Learning (FL), observing a manageable accuracy drop from 98.42% to 85.98% (average loss 12.44%) while maintaining reliable detection of compromised messages. These results highlight the viability of secure data sharing and establishes a foundation for the future full-scale implementation of LegionITS.

Related papers

• Multi-Agent-Driven Cognitive Secure Communications in Satellite-Terrestrial Networks [58.70163955407538]
  Malicious eavesdroppers pose a serious threat to private information via satellite-terrestrial networks (STNs)<n>We propose a cognitive secure communication framework driven by multiple agents that coordinates spectrum scheduling and protection through real-time sensing.<n>We exploit generative adversarial networks to produce adversarial matrices, and employ learning-aided power control to set real and adversarial signal powers for protection layer.
  arXiv  Detail & Related papers  (2026-01-06T10:30:41Z)
• Byzantine-Robust Federated Learning Framework with Post-Quantum Secure Aggregation for Real-Time Threat Intelligence Sharing in Critical IoT Infrastructure [0.0]
  Traditional federated learning approaches for IoT security suffer from two critical vulnerabilities: susceptibility to Byzantine attacks and inadequacy against future quantum computing threats.<n>This paper presents a novel Byzantine-robust federated learning framework integrated with post-quantum secure aggregation.<n>The proposed framework combines a adaptive weighted aggregation mechanism with lattice-based cryptographic protocols to simultaneously defend against model poisoning attacks and quantum adversaries.
  arXiv  Detail & Related papers  (2026-01-03T03:13:46Z)
• On the Security and Privacy of Federated Learning: A Survey with Attacks, Defenses, Frameworks, Applications, and Future Directions [1.7056096558557128]
  Federated Learning (FL) is an emerging distributed machine learning paradigm enabling clients to train a global model collaboratively without sharing their raw data.<n>While FL enhances data privacy by design, it remains vulnerable to various security and privacy threats.<n>Security-enhancing methods aim to improve FL robustness against malicious behaviors such as byzantine attacks, poisoning, and Sybil attacks.<n>Privacy-preserving techniques focus on protecting sensitive data through cryptographic approaches, differential privacy, and secure aggregation.
  arXiv  Detail & Related papers  (2025-08-19T11:06:20Z)
• Open Challenges in Multi-Agent Security: Towards Secure Systems of Interacting AI Agents [0.0]
  Decentralized AI agents will soon interact across internet platforms, creating security challenges beyond traditional cybersecurity and AI safety frameworks.<n>We introduce textbfmulti-agent security, a new field dedicated to securing networks of decentralized AI agents against threats that emerge or amplify through their interactions.
  arXiv  Detail & Related papers  (2025-05-04T12:03:29Z)
• Llama-3.1-FoundationAI-SecurityLLM-Base-8B Technical Report [50.268821168513654]
  We present Foundation-Sec-8B, a cybersecurity-focused large language model (LLMs) built on the Llama 3.1 architecture.<n>We evaluate it across both established and new cybersecurity benchmarks, showing that it matches Llama 3.1-70B and GPT-4o-mini in certain cybersecurity-specific tasks.<n>By releasing our model to the public, we aim to accelerate progress and adoption of AI-driven tools in both public and private cybersecurity contexts.
  arXiv  Detail & Related papers  (2025-04-28T08:41:12Z)
• Toward Mixture-of-Experts Enabled Trustworthy Semantic Communication for 6G Networks [82.3753728955968]
  We introduce a novel Mixture-of-Experts (MoE)-based SemCom system. This system comprises a gating network and multiple experts, each specializing in different security challenges. The gating network adaptively selects suitable experts to counter heterogeneous attacks based on user-defined security requirements. A case study in vehicular networks demonstrates the efficacy of the MoE-based SemCom system.
  arXiv  Detail & Related papers  (2024-09-24T03:17:51Z)
• SeCTIS: A Framework to Secure CTI Sharing [13.251593345960265]
  The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. We design a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing) to enable businesses to collaborate, preserving the privacy of their CTI data.
  arXiv  Detail & Related papers  (2024-06-20T08:34:50Z)
• Secure Aggregation is Not Private Against Membership Inference Attacks [66.59892736942953]
  We investigate the privacy implications of SecAgg in federated learning. We show that SecAgg offers weak privacy against membership inference attacks even in a single training round. Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection.
  arXiv  Detail & Related papers  (2024-03-26T15:07:58Z)
• The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
  Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge. This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI) We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
  arXiv  Detail & Related papers  (2024-01-03T07:47:22Z)
• Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing [7.977316321387031]
  Cyber Threat Intelligence (CTI) sharing is an important activity to reduce information asymmetries between attackers and defenders. Current literature assumes access to centralized databases containing all the information, but this is not always feasible. We propose a novel framework for extracting CTI from distributed data on incidents, vulnerabilities and indicators of compromise.
  arXiv  Detail & Related papers  (2022-09-06T17:44:20Z)
• A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
  SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
  arXiv  Detail & Related papers  (2021-01-19T18:31:35Z)
• SMEs' Confidentiality Concerns for Security Information Sharing [1.3452510519858993]
  Small and medium-sized enterprises are considered an essential part of the EU economy, however, highly vulnerable to cyberattacks. This paper presents the results of semi-structured interviews with seven chief information security officers of SMEs to evaluate the impact of online consent communication on motivation for information sharing. The findings demonstrate that online consent with multiple options for indicating a suitable level of agreement improved motivation for information sharing.
  arXiv  Detail & Related papers  (2020-07-13T10:59:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.