Federated Learning for Privacy-Preserving Threat Intelligence Sharing among Organizations

Cyber threat intelligence empowers diverse organizations to detect and respond to new and evolving threats proactively. However, issues surrounding privacy and compliance restrictions nonetheless hinder practical implementation. This study explores the adoption of Federated Learning (FL) as a privacy-preserving alternative to traditional CTI sharing strategies. FL protects data sovereignty and conforms to privacy regulations by enabling multiple participating organizations to collaboratively train threat detection models together without disclosing sensitive information. The proposed approach promotes confidentiality while preserving threat detection accuracy by incorporating FL with mechanisms such as differential privacy and secure aggregation. This work highlights a conceptual system design for FL CTI sharing, analyzes the trade-offs between accuracy and privacy, and simulates how models can be evaluated for accuracy in a non-IID environment. The findings reveal that while privacy-preserving mechanisms result in acceptable performance degradation, personalized federated learning (FL) models enhance per-client accuracy in a multi-data setting. This study contributes a secure, flexible, and compliant approach to collaborative CTI sharing among organizations in diverse industries.

Federated Learning, Threat Intelligence Sharing

1. Abu, M. S., Selamat, S. R., Ariffin, A., & Yusof, R. (2018). Cyber threat intelligence: Issues and challenges. International Journal of Electrical and Computer Engineering (IJECE), 10(1), 371–379. https://doi.org/10.11591/ijeecs.v10.i1.pp371-379 [Google Scholar] [Crossref]

2. Alaeifar, P., Pal, S., Jadidi, Z., Hussain, M., & Foo, E. (2024). Current approaches and future directions for cyber threat intelligence sharing: A survey. Journal of Information Security and Applications, 103786. https://doi.org/10.1016/j.jisa.2024.103786 [Google Scholar] [Crossref]

3. Anomali. (n.d.). Partner datasheet: Carbon Black. https://www.anomali.com/resources/datasheets/partner-datasheet-carbon-black [Google Scholar] [Crossref]

4. Anonymous. (n.d.). FEDPS: Federated data preprocessing via aggregated statistics. OpenReview. https://openreview.net/pdf?id=eeC1bSkUrY [Google Scholar] [Crossref]

5. APNIC. (2016, June 24). Cyber threat intelligence sharing: Understanding the technology. https://blog.apnic.net/2016/06/24/cyber-threat-intelligence-sharing-understanding-the-technology/ [Google Scholar] [Crossref]

6. Chakraborty, O., & Boudguiga, A. (2024). A decentralized federated learning using reputation (Report No. 2024/506). Cryptology ePrint Archive. https://eprint.iacr.org/2024/506.pdf [Google Scholar] [Crossref]

7. Dash, B., Sharma, P., & Ali, A. (2022). Federated learning for privacy-preserving: A review of PII data analysis in FinTech. International Journal of Software Engineering & Applications, 13(4), 1–10. https://doi.org/10.5121/ijsea.2022.13401 [Google Scholar] [Crossref]

8. Divi, S., Lin, Y., Farrukh, H., & Celik, Z. B. (2021). New metrics to evaluate the performance and fairness of personalized federated learning. In FL-ICML Workshop. https://beerkay.github.io/papers/Berkay2021ICMLFLPersonalizedFL.pdf [Google Scholar] [Crossref]

9. Kim, J., Park, J., & Lee, H. (2022). Privacy-preserving federated learning using homomorphic encryption. Applied Sciences, 12(2), 734. https://doi.org/10.3390/app12020734 [Google Scholar] [Crossref]

10. Li, Y., Ibrahim, J., Chen, H., Yuan, D., & Choo, K. K. R. (2024). Holistic evaluation metrics: Use case sensitive evaluation metrics for federated learning. arXiv preprint arXiv:2405.02360. https://arxiv.org/abs/2405.02360 [Google Scholar] [Crossref]

11. Mohammed Khan, R. H. (n.d.). A comprehensive study on federated learning frameworks. [Google Scholar] [Crossref]

12. Nigeria Data Protection Regulation. (2019). Nigeria data protection regulation (NDPR). National Information Technology Development Agency (NITDA). https://nitda.gov.ng/wp-content/uploads/2020/11/NigeriaDataProtectionRegulation11.pdf [Google Scholar] [Crossref]

13. Nguyen, T. D., Nguyen, T. M., & Nguyen, T. T. (2024). Heterogeneity challenges of federated learning for future wireless communication networks. Journal of Sensor and Actuator Networks, 14(2), 37. https://doi.org/10.3390/jsan14020037 [Google Scholar] [Crossref]

14. OpenReview. (n.d.). Federated averaging as expectation-maximization. https://openreview.net/pdf?id=eoQBpdMy81m [Google Scholar] [Crossref]

15. Pei, F., Xie, Y., Shi, M., & Xu, T. (2025). Adaptive aggregation for federated learning using representation ability based on feature alignment. Knowledge-Based Systems, 113560. https://doi.org/10.1016/j.knosys.2025.113560 [Google Scholar] [Crossref]

16. Stojkovski, B., Koenig, V., Lenzini, G., & Rivas, S. (n.d.). What’s in a cyber threat intelligence sharing platform? [Google Scholar] [Crossref]

17. Sukhabogia, S., & Anusha, M. (2021). A theoretical review on the importance of threat intelligence sharing and the challenges intricated. [Google Scholar] [Crossref]

18. Sun, T., Li, D., & Wang, B. (2021). Decentralized federated averaging. arXiv preprint arXiv:2104.11375. https://arxiv.org/abs/2104.11375 [Google Scholar] [Crossref]

19. The Johns Hopkins University Applied Physics Laboratory & Bio-ISAC. (n.d.). Going viral: Bioeconomy defense. https://bioisac.org/wp-content/uploads/2021/10/Going-Viral-Bioeconomy-Defense.pdf [Google Scholar] [Crossref]

20. The MITRE Corporation. (n.d.). Standardizing cyber threat intelligence information with the structured threat information eXpression (STIX™). https://www.mitre.org/sites/default/files/publications/stix.pdf [Google Scholar] [Crossref]

21. Trocoso-Pastoriza, J. R., Mermoud, A., Bouyé, R., Marino, F., Bossuat, J. P., Lenders, V., & Hubaux, J. P. (2022). Orchestrating collaborative cybersecurity: A secure framework for distributed privacy-preserving threat intelligence sharing. In European Symposium on Research in Computer Security. https://arxiv.org/pdf/2209.02753 [Google Scholar] [Crossref]

22. Wei, K., Li, J., Ma, C., Ding, M., Wei, S., Wu, F., Chen, G., & Ranbaduge, T. (2022). Vertical federated learning: Challenges, methodologies, and experiments. arXiv preprint arXiv:2202.04309. https://arxiv.org/abs/2202.04309 [Google Scholar] [Crossref]

23. Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., & Chandra, V. (2018). Federated learning with non-IID data. arXiv preprint arXiv:1806.00582. https://arxiv.org/abs/1806.00582 [Google Scholar] [Crossref]

24. Zscaler. (n.d.). The ISAC advantage for collective threat intelligence. https://www.zscaler.com/cxorevolutionaries/insights/isac-advantage-collective-threat-intelligence [Google Scholar] [Crossref]

• “Next-Generation Cybersecurity Through Blockchain and AI Synergy: A Paradigm Shift in Intelligent Threat Mitigation and Decentralised Security”
• Forensic Payroll Analytics for IPPIS: A Hybrid Anomaly-Detection Framework to Expose Payroll Fraud, Improve Data Governance, and Protect Employee Rights
• Factors Influencing Data Protection on Global Trade
• Development Of Artificial Intelligence-Based Model for Forensic Analysis of Cross-Platform Deepfakes
• Cyber Threats and Nigeria’s National Security: Assessing the Role of Regional Cooperation in West Africa