Federated Learning as enabler for Collaborative Security between not Fully-Trusting Distributed Parties
Our PhD student Léo Lavaur (IMT Atlantique, Topic T9: Federated approaches for defending cyber-attacks) participated in the C&ESAR conferences at the ECW held from 15 to 17 November 2022 in Rennes where he presented his paper :
“Federated Learning as enabler for Collaborative Security between not Fully-Trusting Distributed Parties”
Léo Lavaur1,2, Benjamin Costé3, Marc-Oliver Pahl1,2, Yann Busnel1 and Fabien Autrel1
- 1IMT-Atlantique, IRISA
- 2Chaire Cybersécurité des Infrastructures Critiques (Cyber CNI)
- 3Airbus CyberSecurity
Literature shows that trust typically relies on knowledge about the communication partner. Federated
learning is an approach for collaboratively improving machine learning models. It allows collaborators
to share Machine Learning models without revealing secrets, as only the abstract models and not the
data used for their creation is shared. Federated learning thereby provides a mechanism to create trust
without revealing secrets, such as specificities of local industrial systems.
A fundamental challenge, however, is determining how much trust is justified for each contributor
to collaboratively optimize the joint models. By assigning equal trust to each contribution, divergence of
a model from its optimum can easily happen—caused by errors, bad observations, or cyberattacks. Trust
also depends on how much an aggregated model contributes to the objectives of a party. For example, a
model trained for an OT system is typically useless for monitoring IT systems.
This paper shows first directions how heterogeneous distributed data sources could be integrated
using federated learning methods. With an extended abstract, it shows current research directions and open issues from a cyber-analyst’s perspective.
Every year since 1997, the French Ministry of Defense organizes a cybersecurity conference, called C&ESAR. This conference is now one of the main events of the European Cyber Week (ECW) organized every fall in Rennes, Brittany, France.
The goal of C&ESAR is to bring together governmental, industrial, and academic stakeholders interested in cybersecurity. This event, both educational and scientific, gathers experts, researchers, practitioners and decision-makers. This inter-disciplinary approach allows operational practitioners to learn about and anticipate future technological inflection points, and for industry and academia to confront research and product development to operational realities. Every year, C&ESAR explores a different topic within the field of cybersecurity.
About the chair Cybersecurity of Critical Networked Infrastructures (cyberCNI.fr)
The Cyber CNI Chair at IMT Atlantique does research, innovation, and teaching in the field of cybersecurity for critical networked infrastructures. Such infrastructures include industrial processes, financial systems, building automation, energy networks, water treatment plants, or transportation.
The chair covers the full stack from sensors and actuators and their signals over industrial control systems, distributed services at the edge or cloud, to user interfaces with collaborative Mixed Reality, and security policies. The chair currently hosts 9 PhD students, 4 PostDocs, 11 Professors, 1 engineer, and 1 internship student.
The chair runs a large testbed that enables applied research together with the industry partners. The industry partners of the current third funding round are Airbus, BNP Paribas, EDF, and SNCF. The chaire is located in Brittany, France. Brittany is the cybersecurity region number 1 in France. The chair Cyber CNI is strongly embedded in the cybersecurity ecosystem through its partnerships with the Pôle d’Excellence Cyber (PEC) and the Brittany Region.
The chair provides a unique environment for cybersecurity research with lots of development possibilities.
- Les AFTERS by Pôle Excellence Cyber - April 7, 2023
- Federated Learning as enabler for Collaborative Security between not Fully-Trusting Distributed Parties - February 10, 2023
- [RU2/22] Anthony DAVID : Virtual Reality for cybersecurity data vizualisation - December 21, 2022