Cyber-attacks on computer networks pose growing threats to critical infrastructure, businesses, and personal data across the United States. Detecting sophisticated attacks requires analyzing data from multiple organizations simultaneously — but sharing network data can expose sensitive details about individuals, businesses, and government operations. This project will develop privacy-preserving techniques for graph-based intrusion detection systems (GIDS) that enable organizations to collaborate on threat detection without compromising privacy. The main thrusts of this project include:
- Cryptographic protocols: We will design specialized secure multiparty computation protocols for sparse matrix multiplications fundamental to graph-based analysis, utilizing different data partitioning strategies to minimize cryptographic overhead.
- Differential privacy: We will integrate differential privacy protection to improve efficiency while maintaining privacy guarantees.
- GNN training: We will extend these protocols to protect the complete training process of graph convolutional neural networks used in intrusion detection.
- Data provenance: We will support privacy-preserving data provenance in graph-traversal-based detection systems.
- End-to-end frontend: We will provide a PyTorch-based frontend that allows users to specify GNN models in familiar high-level APIs, which are automatically compiled into our secure computation backend.
- Evaluation: We will evaluate the developed approaches using real-world network datasets and evaluate effectiveness in collaborative intrusion detection scenarios.