{"id":"https://openalex.org/W4414604326","doi":"https://doi.org/10.1109/tifs.2025.3614442","title":"CELEST: Federated Learning for Globally Coordinated Threat Detection","display_name":"CELEST: Federated Learning for Globally Coordinated Threat Detection","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4414604326","doi":"https://doi.org/10.1109/tifs.2025.3614442"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2025.3614442","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3614442","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015580240","display_name":"Talha Ongun","orcid":"https://orcid.org/0000-0001-9861-389X"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Talha Ongun","raw_affiliation_strings":["Northeastern University, Boston, MA, USA","Northeastern University, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5025677911","display_name":"Simona Boboila","orcid":"https://orcid.org/0009-0003-3411-8912"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Simona Boboila","raw_affiliation_strings":["Northeastern University, Boston, MA, USA","Northeastern University, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111219674","display_name":"Alina Oprea","orcid":null},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Alina Oprea","raw_affiliation_strings":["Northeastern University, Boston, MA, USA","Northeastern University, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080731595","display_name":"Tina Eliassi\u2010Rad","orcid":"https://orcid.org/0000-0002-1892-1188"},"institutions":[{"id":"https://openalex.org/I12912129","display_name":"Northeastern University","ror":"https://ror.org/04t5xt781","country_code":"US","type":"education","lineage":["https://openalex.org/I12912129"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tina Eliassi-Rad","raw_affiliation_strings":["Northeastern University, Boston, MA, USA","Northeastern University, USA"],"affiliations":[{"raw_affiliation_string":"Northeastern University, Boston, MA, USA","institution_ids":["https://openalex.org/I12912129"]},{"raw_affiliation_string":"Northeastern University, USA","institution_ids":["https://openalex.org/I12912129"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086514103","display_name":"Jason D. Hiser","orcid":null},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jason Hiser","raw_affiliation_strings":["University of Virginia, Charlottesville, VA, USA","University of Virginia, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA, USA","institution_ids":["https://openalex.org/I51556381"]},{"raw_affiliation_string":"University of Virginia, USA","institution_ids":["https://openalex.org/I51556381"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068264173","display_name":"Jack W. Davidson","orcid":null},"institutions":[{"id":"https://openalex.org/I51556381","display_name":"University of Virginia","ror":"https://ror.org/0153tk833","country_code":"US","type":"education","lineage":["https://openalex.org/I51556381"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jack Davidson","raw_affiliation_strings":["University of Virginia, Charlottesville, VA, USA","University of Virginia, USA"],"affiliations":[{"raw_affiliation_string":"University of Virginia, Charlottesville, VA, USA","institution_ids":["https://openalex.org/I51556381"]},{"raw_affiliation_string":"University of Virginia, USA","institution_ids":["https://openalex.org/I51556381"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5015580240"],"corresponding_institution_ids":["https://openalex.org/I12912129"],"apc_list":null,"apc_paid":null,"fwci":4.4663,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.95104875,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":"20","issue":null,"first_page":"10434","last_page":"10448"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9919999837875366,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9846000075340271,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/federated-learning","display_name":"Federated learning","score":0.8080999851226807},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7229999899864197},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6748999953269958},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5072000026702881},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.4316999912261963},{"id":"https://openalex.org/keywords/order","display_name":"Order (exchange)","score":0.4099000096321106},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.3880000114440918},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.3407000005245209}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8708000183105469},{"id":"https://openalex.org/C2992525071","wikidata":"https://www.wikidata.org/wiki/Q50818671","display_name":"Federated learning","level":2,"score":0.8080999851226807},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7229999899864197},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6748999953269958},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5072000026702881},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4814000129699707},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.4316999912261963},{"id":"https://openalex.org/C182306322","wikidata":"https://www.wikidata.org/wiki/Q1779371","display_name":"Order (exchange)","level":2,"score":0.4099000096321106},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.3880000114440918},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34380000829696655},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.3407000005245209},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3407000005245209},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3314000070095062},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.32429999113082886},{"id":"https://openalex.org/C138020889","wikidata":"https://www.wikidata.org/wiki/Q2349659","display_name":"Collaborative learning","level":2,"score":0.3127000033855438},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.2897999882698059},{"id":"https://openalex.org/C77967617","wikidata":"https://www.wikidata.org/wiki/Q4677561","display_name":"Active learning (machine learning)","level":2,"score":0.2890999913215637},{"id":"https://openalex.org/C58489278","wikidata":"https://www.wikidata.org/wiki/Q1172284","display_name":"Data set","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.2563999891281128},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.2540000081062317}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3614442","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3614442","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W1919179112","https://openalex.org/W1985987493","https://openalex.org/W1993861188","https://openalex.org/W2012481173","https://openalex.org/W2040424958","https://openalex.org/W2082550445","https://openalex.org/W2109205796","https://openalex.org/W2131485284","https://openalex.org/W2132870739","https://openalex.org/W2144182447","https://openalex.org/W2146729596","https://openalex.org/W2160289821","https://openalex.org/W2163764145","https://openalex.org/W2167460663","https://openalex.org/W2180566385","https://openalex.org/W2296719434","https://openalex.org/W2493916176","https://openalex.org/W2521519773","https://openalex.org/W2529444969","https://openalex.org/W2533698187","https://openalex.org/W2617416222","https://openalex.org/W2758108284","https://openalex.org/W2760313715","https://openalex.org/W2767079719","https://openalex.org/W2772124517","https://openalex.org/W2804240301","https://openalex.org/W2903094299","https://openalex.org/W2904027722","https://openalex.org/W2912755644","https://openalex.org/W2924514597","https://openalex.org/W2949071206","https://openalex.org/W2951911250","https://openalex.org/W2982426954","https://openalex.org/W2988668989","https://openalex.org/W2994688391","https://openalex.org/W2995022099","https://openalex.org/W3008083409","https://openalex.org/W3014907390","https://openalex.org/W3016632787","https://openalex.org/W3087391814","https://openalex.org/W3121601851","https://openalex.org/W3129207156","https://openalex.org/W3138153888","https://openalex.org/W3138597937","https://openalex.org/W3186817993","https://openalex.org/W3193135755","https://openalex.org/W3201964043","https://openalex.org/W4210432793","https://openalex.org/W4210949749","https://openalex.org/W4221129260","https://openalex.org/W4223522460","https://openalex.org/W4226272105","https://openalex.org/W4385679828","https://openalex.org/W4391724758","https://openalex.org/W4391724779","https://openalex.org/W4408749968"],"related_works":[],"abstract_inverted_index":{"The":[0],"cyber-threat":[1],"landscape":[2],"has":[3],"evolved":[4],"tremendously":[5],"in":[6,63,124,140,161,212],"recent":[7],"years,":[8],"with":[9,86,129,186],"new":[10],"threat":[11,41,164],"variants":[12],"emerging":[13],"daily":[14],"and":[15,57,95,102,154,174,189,208],"large-scale":[16],"coordinated":[17],"campaigns":[18],"becoming":[19],"more":[20],"prevalent.":[21],"In":[22],"this":[23],"study,":[24],"we":[25],"propose":[26],"CELEST":[27,59,109,169,198],"(CollaborativE":[28],"LEarning":[29],"for":[30,39,54,158],"Scalable":[31],"Threat":[32],"detection),":[33],"a":[34,68,80,137,151,200],"federated":[35,61,88,159],"machine":[36],"learning":[37,62,83,89,160],"framework":[38],"global":[40,69,134],"detection":[42,153,165],"over":[43],"HTTP,":[44],"which":[45,215],"is":[46,110,178],"one":[47,125,213],"of":[48,99,202],"the":[49,87,97,133,145,162,182],"most":[50],"commonly":[51],"used":[52],"protocols":[53],"malware":[55],"dissemination":[56],"communication.":[58],"leverages":[60],"order":[64],"to":[65,112,119,144,180,218],"collaboratively":[66],"train":[67],"model":[70,135],"across":[71],"multiple":[72],"clients":[73],"who":[74],"keep":[75],"their":[76],"data":[77,130],"locally.":[78],"Through":[79],"novel":[81],"active":[82],"component":[84],"integrated":[85],"technique,":[90],"our":[91],"system":[92],"continuously":[93],"discovers":[94],"learns":[96],"behavior":[98],"new,":[100],"evolving,":[101],"globally-coordinated":[103],"cyber":[104],"threats.":[105],"We":[106,148,167],"show":[107,175],"that":[108,115,176],"able":[111,179],"expose":[113],"attacks":[114],"are":[116],"largely":[117],"invisible":[118],"individual":[120],"organizations.":[121],"For":[122],"instance,":[123],"challenging":[126],"attack":[127],"scenario":[128],"exfiltration":[131],"malware,":[132],"achieves":[136],"three-fold":[138],"increase":[139],"Precision-Recall":[141],"AUC":[142],"compared":[143],"local":[146],"model.":[147],"also":[149],"design":[150],"poisoning":[152],"mitigation":[155],"method,":[156],"DTrust,":[157],"collaborative":[163],"domain.":[166],"deploy":[168],"on":[170],"two":[171],"university":[172],"networks":[173],"it":[177],"detect":[181],"malicious":[183,206,210,220],"HTTP":[184],"communication":[185],"high":[187],"precision":[188],"low":[190],"false":[191],"positive":[192],"rates.":[193],"Furthermore,":[194],"during":[195],"its":[196],"deployment,":[197],"detected":[199],"set":[201],"42":[203],"previously":[204],"unknown":[205],"URLs":[207],"20":[209],"domains":[211],"day,":[214],"were":[216],"confirmed":[217],"be":[219],"by":[221],"VirusTotal.":[222]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}