Federated Learning for Privacy-Preserving Threat Intelligence Sharing among Organizations

Abstract

Cyber threat intelligence empowers diverse organizations to detect and respond to new and evolving threats proactively. However, issues surrounding privacy and compliance restrictions nonetheless hinder practical implementation. This study explores the adoption of Federated Learning (FL) as a privacy-preserving alternative to traditional CTI sharing strategies. FL protects data sovereignty and conforms to privacy regulations by enabling multiple participating organizations to collaboratively train threat detection models together without disclosing sensitive information. The proposed approach promotes confidentiality while preserving threat detection accuracy by incorporating FL with mechanisms such as differential privacy and secure aggregation. This work highlights a conceptual system design for FL CTI sharing, analyzes the trade-offs between accuracy and privacy, and simulates how models can be evaluated for accuracy in a non-IID environment. The findings reveal that while privacy-preserving mechanisms result in acceptable performance degradation, personalized federated learning (FL) models enhance per-client accuracy in a multi-data setting. This study contributes a secure, flexible, and compliant approach to collaborative CTI sharing among organizations in diverse industries.