BFLS: Blockchain and Federated Learning for sharing threat detection models as Cyber Threat Intelligence

Abstract

Recently, Cyber Threat Intelligence (CTI) sharing has become an important weapon for cyber defenders to mitigate the increasing number of cyber attacks in a proactive and collaborative manner. However, with the dramatic increase in the deployment of shared communications between organizations, data has been a major priority to detect threats in the CTI sharing platform. In the modern environment, a valuable asset is the user’s threat data. Privacy policies are necessary to ensure the security of user data in the threat intelligence sharing community. Federated learning acts as a special machine learning technique for privacy preservation and offers to contextualize data in a CTI sharing platform. Therefore, this article proposes a new approach to threat intelligence sharing called BFLS (Blockchain and Federated Learning for sharing threat detection models as Cyber Threat Intelligence), where blockchain-based CTI sharing platforms are used for security and privacy. Federated learning technology is adopted for scalable machine learning applications, such as threat detection. Furthermore, users can obtain a well-trained threat detection model without sending personal data to the central server. Experimental results on the ISCX-IDS-2012 and CIC-DDoS-2019 datasets showed that BFLS can securely share CTI and has high accuracy in threat detection. The accuracies of BFLS are 98.92% and 98.56% on the two datasets, respectively.