PDaSP Track 1: Practical Secure Multiparty Computations for Graph-based Intrusion Detection Systems

Cyberattacks on computer networks pose growing threats to critical infrastructure, businesses, and personal data across the United States. Computer security systems that monitor network traffic to detect suspicious activity are essential for protecting against these attacks, but they face a significant challenge: detecting sophisticated attacks often requires analyzing data from multiple organizations, devices, or locations simultaneously. However, sharing network data raises serious privacy concerns because this information can reveal sensitive details about individuals, businesses, and government operations. This project addresses this challenge by developing advanced privacy protection methods that allow organizations to work together to detect cyberattacks without exposing sensitive information. This work serves the national interest by strengthening cybersecurity defenses across critical infrastructure, supporting economic competitiveness through improved data protection, advancing national security through enhanced threat detection capabilities, and enabling compliance with privacy regulations while maintaining robust cyber defenses.

This project develops privacy-preserving techniques for graph-based intrusion detection systems that model network traffic and device relationships as interconnected graphs. The research activities include developing specialized cryptographic protocols for essential operations such as sparse matrix multiplications that are fundamental to graph-based analysis. The project will utilize different data partitioning strategies and computational models to perform most operations locally on unencrypted data, minimizing the computational overhead of cryptographic protocols. The team will implement selective revelation of intermediate computational results under differential privacy protection to improve system efficiency while maintaining privacy guarantees. The research extends these protocols to protect the complete training process of graph convolutional neural networks used in intrusion detection, providing comprehensive privacy protection with enhanced computational efficiency. Additionally, the project will support privacy-preserving data provenance in graph-traversal-based detection systems by modeling graph traversal algorithms as matrix operations implemented through the specialized cryptographic protocols. The team will validate these approaches using real-world network datasets and evaluate their effectiveness in collaborative intrusion detection scenarios while measuring privacy preservation and computational performance across diverse network environments.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Award Number: 2453148
Principal Investigator: Zhou Li
Funds Obligated: $238,925
State: CA