Privacy-preserving threat intelligence sharing across government agencies using FEGB-Net

Government networks are increasingly targeted by coordinated cyberattacks that exploit similarities in infrastructure and operational practices across agencies. Although early detection at one organization could provide valuable warnings to others, effective threat intelligence sharing is often constrained by data sovereignty and privacy regulations. This paper presents an extension of the federated ensemble graph-based network (FEGB-Net) framework that enables privacy-preserving threat intelligence sharing across government agencies. The proposed approach extracts compact behavioral threat signatures from locally trained federated graph neural network models, protects these signatures using differential privacy, and supports real-time cross-agency threat matching. Experimental evaluation using the CICIDS2017 dataset demonstrates that detection accuracy remains comparable to isolated operation, while coordinated attack detection time is reduced by up to 88.5 %. Privacy analysis confirms that ε-differential privacy with ε = 2.0 limits membership inference attacks to near-random success. The results show that collaborative defense can be achieved without compromising data privacy or sovereignty.

1. Ndubuisi A.F. Strengthening national cybersecurity policies through coordinated threat intelligence sharing and real-time public-private collaboration frameworks. International Journal of Science and Research Archive. 2023;8(2):812–831. https://doi.org/10.30574/ijsra.2023.8.2.0299

2. Alaeifar P., Pal Sh., Jadidi Z., Hussain M., Foo E. Current approaches and future directions for cyber threat intelligence sharing: A survey. Journal of Information Security and Applications. 2024;83. https://doi.org/10.1016/j.jisa.2024.103786

3. McMahan B., Moore E., Ramage D., Hampson S., Arcas B.A. Communication-efficient learning of deep networks from decentralized data. In: Proceedings of the 20th International Conference on Artificial Intelligence and Statistics, AISTATS 2017, 20–22 April 2017, Fort Lauderdale, FL, USA. PMLR; 2017. P. 1273–1282.

4. Li T., Sahu A.K., Zaheer M., et al. Federated optimization in heterogeneous networks. In: Proceedings of the Third Conference on Machine Learning and Systems, MLSys 2020, 02–04 March 2020, Austin, TX, USA. MLSys Proceedings; 2020. URL: https://proceedings.mlsys.org/paper_files/paper/2020/file/1f5fe83998a09396ebe6477d9475ba0c-Paper.pdf

5. Arm A.A.S., Lyapuntsova E.V. A novel hybrid anomaly detection model using federated graph neural networks and ensemble machine learning for network security. Modeling, Optimization and Information Technology. 2025;13(2). (In Russ.). https://doi.org/10.26102/2310-6018/2025.49.2.044

6. Wu Z., Pan Sh., Chen F., et al. A comprehensive survey on graph neural networks. IEEE Transactions on Neural Networks and Learning Systems. 2021;32(1):4–24. https://doi.org/10.1109/TNNLS.2020.2978386

7. Kipf Th.N., Welling M. Semi-supervised classification with graph convolutional networks. arXiv. URL: https://arxiv.org/abs/1609.02907 [Accessed 17th December 2025].

8. Wagner C., Dulaunoy A., Wagener G., Iklody A. MISP: The design and implementation of a collaborative threat intelligence sharing platform. In: WISCS '16: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, 24 October 2016, Vienna, Austria. New York: ACM; 2016. P. 49–56. https://doi.org/10.1145/2994539.2994542

9. Dwork C., Roth A. The algorithmic foundations of differential privacy. Foundations and Trends® in Theoretical Computer Science. 2014;9(3–4):211–487. https://doi.org/10.1561/0400000042

10. Mironov I. Rényi differential privacy. In: 2017 IEEE 30th Computer Security Foundations Symposium (CSF), 21–25 August 2017, Santa Barbara, CA, USA. IEEE; 2017. P. 263–275. https://doi.org/10.1109/CSF.2017.11

11. Melis L., Song C., De Cristofaro E., Shmatikov V. Exploiting unintended feature leakage in collaborative learning. In: 2019 IEEE Symposium on Security and Privacy (SP), 19–23 May 2019, San Francisco, CA, USA. IEEE; 2019. P. 691–706. https://doi.org/10.1109/SP.2019.00029

12. Bonawitz K., Ivanov V., Kreuter B., et al. Practical secure aggregation for privacy-preserving machine learning. In: CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, 30 October – 03 November 2017, Dallas, TX, USA. New York: ACM; 2017. P. 1175–1191. https://doi.org/10.1145/3133956.3133982

13. Sculley D., Holt G., Golovin D., et al. Hidden technical debt in machine learning systems. In: Advances in Neural Information Processing Systems 28: Annual Conference on Neural Information Processing Systems 2015, 07–12 December 2015, Montreal, Quebec, Canada. 2015. P. 2503–2511.

14. Sharafaldin I., Lashkari A.H., Ghorbani A.A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, 22–24 January 2018, Funchal, Madeira, Portugal. SciTePress; 2018. P. 108–116. https://doi.org/10.5220/0006639801080116

15. Malkov Yu.A., Yashunin D.A. Efficient and robust approximate nearest neighbor search using hierarchical navigable small world graphs. IEEE Transactions on Pattern Analysis and Machine Intelligence. 2020;42(4):824–836. https://doi.org/10.1109/TPAMI.2018.2889473

16. Tan A.Z., Yu H., Cui L., Yang Q. Towards personalized federated learning. IEEE Transactions on Neural Networks and Learning Systems. 2023;34(12):9587–9603. https://doi.org/10.1109/TNNLS.2022.3160699

17. Von Scherenberg F., Hellmeier M., Otto B. Data sovereignty in information systems. Electronic Markets. 2024;34(1). https://doi.org/10.1007/s12525-024-00693-4