{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T02:30:45Z","timestamp":1771468245111,"version":"3.50.1"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T00:00:00Z","timestamp":1753228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T00:00:00Z","timestamp":1753228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100009043","name":"University of Patras","doi-asserted-by":"crossref","id":[{"id":"10.13039\/100009043","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,8]]},"abstract":"Abstract<\/jats:title>\n Effective malware detection is a key priority for Security Operations Centers (SOC). Machine learning (ML) has emerged as a very powerful tool, widely adopted by many malware detection systems. ML models require extensive and high-quality data to perform well. SOCs are often dependent on their proprietary datasets for training and face challenges to obtain sufficient data, due to privacy and Intellectual Property (IP) concerns, limiting their malware detection capabilities. To address these challenges, this paper introduces the adoption of Cross-Silo Federated Learning (FL), a ML technique that enables different participating SOCs to collaboratively train ML malware detection models without explicitly sharing their private data. The deployment of two distinct FL setups, namely Horizontal Federated Learning (HFL) and Vertical Federated Learning (VFL), is explored to address data sample and feature sharing limitations, respectively. The effectiveness of the proposed architectures is evaluated against two large openly available benchmark datasets and compared to conventional Centralized Learning. Finally, a concrete compelling incentive for SOCs to participate in such federations is provided.<\/jats:p>","DOI":"10.1007\/s10207-025-01101-4","type":"journal-article","created":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T13:26:10Z","timestamp":1753277170000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Cross-Silo Federated Learning in Security Operations Centers for effective malware detection"],"prefix":"10.1007","volume":"24","author":[{"given":"Georgios","family":"Xenos","sequence":"first","affiliation":[]},{"given":"Dimitrios","family":"Serpanos","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,23]]},"reference":[{"key":"1101_CR1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108693","volume":"204","author":"V Rey","year":"2022","unstructured":"Rey, V., S\u00e1nchez S\u00e1nchez, P.M., Huertas Celdr\u00e1n, A., Bovet, G.: Federated learning for malware detection in IoT devices. Comput. Netw. 204, 108693 (2022). https:\/\/doi.org\/10.1016\/j.comnet.2021.108693","journal-title":"Comput. Netw."},{"key":"1101_CR2","doi-asserted-by":"publisher","first-page":"3977","DOI":"10.1109\/TIFS.2023.3287395","volume":"18","author":"W Fang","year":"2023","unstructured":"Fang, W., He, J., Li, W., Lan, X., Chen, Y., Li, T., Huang, J., Zhang, L.: Comprehensive android malware detection based on federated learning architecture. IEEE Trans. Inform. Forensic Secur. 18, 3977\u20133990 (2023). https:\/\/doi.org\/10.1109\/TIFS.2023.3287395","journal-title":"IEEE Trans. Inform. Forensic Secur."},{"key":"1101_CR3","doi-asserted-by":"publisher","first-page":"7164","DOI":"10.1109\/JIOT.2022.3229005","volume":"10","author":"M Abdel-Basset","year":"2023","unstructured":"Abdel-Basset, M., Hawash, H., Sallam, K.M., Elgendi, I., Munasinghe, K., Jamalipour, A.: Efficient and lightweight convolutional networks for IoT malware detection: a federated learning approach. IEEE Internet Things J. 10, 7164\u20137173 (2023). https:\/\/doi.org\/10.1109\/JIOT.2022.3229005","journal-title":"IEEE Internet Things J."},{"key":"1101_CR4","doi-asserted-by":"crossref","unstructured":"Hsu, R.-H., Wang, Y.-C., Fan, C.-I., Sun, B., Ban, T., Takahashi, T., Wu, T.-W., Kao, S.-W.: A Privacy-Preserving Federated Learning System for Android Malware Detection Based on Edge Computing. In: 2020 15th Asia Joint Conference on Information Security (AsiaJCIS). pp. 128\u2013136. IEEE, Taipei, Taiwan (2020)","DOI":"10.1109\/AsiaJCIS50894.2020.00031"},{"key":"1101_CR5","doi-asserted-by":"publisher","first-page":"2980","DOI":"10.3390\/app11072980","volume":"11","author":"D Serpanos","year":"2021","unstructured":"Serpanos, D., Michalopoulos, P., Xenos, G., Ieronymakis, V.: Sisyfos: a modular and extendable open malware analysis platform. Appl. Sci. 11, 2980 (2021). https:\/\/doi.org\/10.3390\/app11072980","journal-title":"Appl. Sci."},{"key":"1101_CR6","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007). pp. 421\u2013430. IEEE, Miami Beach, FL, USA (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"1101_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.103703","volume":"139","author":"S Gulmez","year":"2024","unstructured":"Gulmez, S., Gorgulu Kakisim, A., Sogukpinar, I.: XRan: explainable deep learning-based ransomware detection using dynamic analysis. Comput. Secur. 139, 103703 (2024). https:\/\/doi.org\/10.1016\/j.cose.2024.103703","journal-title":"Comput. Secur."},{"key":"1101_CR8","unstructured":"Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.: Malware detection by eating a whole EXE, arxiv: http:\/\/arxiv.org\/abs\/1710.09435, (2017)"},{"key":"1101_CR9","doi-asserted-by":"publisher","first-page":"325","DOI":"10.1016\/j.icte.2020.11.001","volume":"6","author":"BM Khammas","year":"2020","unstructured":"Khammas, B.M.: Ransomware detection using random forest technique. ICT Express. 6, 325\u2013331 (2020). https:\/\/doi.org\/10.1016\/j.icte.2020.11.001","journal-title":"ICT Express."},{"key":"1101_CR10","doi-asserted-by":"crossref","unstructured":"Li, W., Ge, J., Dai, G.: Detecting Malware for Android Platform: An SVM-Based Approach. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing. pp. 464\u2013469. IEEE, New York, NY, USA (2015)","DOI":"10.1109\/CSCloud.2015.50"},{"key":"1101_CR11","doi-asserted-by":"crossref","unstructured":"Yuan, Z., Lu, Y., Wang, Z., Xue, Y.: Droid-Sec: deep learning in android malware detection. In: Proceedings of the 2014 ACM conference on SIGCOMM. pp. 371\u2013372. ACM, Chicago Illinois USA (2014)","DOI":"10.1145\/2619239.2631434"},{"key":"1101_CR12","unstructured":"Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications, arxiv: http:\/\/arxiv.org\/abs\/1902.04885, (2019)"},{"key":"1101_CR13","doi-asserted-by":"publisher","first-page":"3615","DOI":"10.1109\/TKDE.2024.3352628","volume":"36","author":"Y Liu","year":"2024","unstructured":"Liu, Y., Kang, Y., Zou, T., Pu, Y., He, Y., Ye, X., Ouyang, Y., Zhang, Y.-Q., Yang, Q.: Vertical federated learning: concepts, advances, and challenges. IEEE Trans. Knowl. Data Eng. 36, 3615\u20133634 (2024). https:\/\/doi.org\/10.1109\/TKDE.2024.3352628","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"1101_CR14","unstructured":"Kone\u010dn\u00fd, J., McMahan, H.B., Ramage, D., Richt\u00e1rik, P.: Federated optimization: distributed machine learning for on-device intelligence, arxiv: http:\/\/arxiv.org\/abs\/1610.02527, (2016)"},{"key":"1101_CR15","unstructured":"McMahan, H.B., Moore, E., Ramage, D., Hampson, S., Arcas, B.A. y: Communication-efficient learning of deep networks from decentralized data, arxiv: http:\/\/arxiv.org\/abs\/1602.05629, (2023)"},{"key":"1101_CR16","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1007\/978-3-030-63076-8_17","volume-title":"Federated Learning","author":"G Long","year":"2020","unstructured":"Long, G., Tan, Y., Jiang, J., Zhang, C.: Federated learning for open banking. In: Yang, Q., Fan, L., Yu, H. (eds.) Federated Learning, pp. 240\u2013254. Springer International Publishing, Cham (2020)"},{"key":"1101_CR17","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s41666-020-00082-4","volume":"5","author":"J Xu","year":"2021","unstructured":"Xu, J., Glicksberg, B.S., Su, C., Walker, P., Bian, J., Wang, F.: Federated learning for healthcare informatics. J. Healthc. Inform. Res. 5, 1\u201319 (2021). https:\/\/doi.org\/10.1007\/s41666-020-00082-4","journal-title":"J. Healthc. Inform. Res."},{"key":"1101_CR18","doi-asserted-by":"publisher","first-page":"6230","DOI":"10.3390\/s20216230","volume":"20","author":"JC Jiang","year":"2020","unstructured":"Jiang, J.C., Kantarci, B., Oktug, S., Soyata, T.: Federated learning in smart city sensing: challenges and opportunities. Sensors. 20, 6230 (2020). https:\/\/doi.org\/10.3390\/s20216230","journal-title":"Sensors."},{"key":"1101_CR19","doi-asserted-by":"publisher","first-page":"2455","DOI":"10.1109\/JSYST.2023.3236995","volume":"17","author":"J Li","year":"2023","unstructured":"Li, J., Tong, X., Liu, J., Cheng, L.: An efficient federated learning system for network intrusion detection. IEEE Syst. J. 17, 2455\u20132464 (2023). https:\/\/doi.org\/10.1109\/JSYST.2023.3236995","journal-title":"IEEE Syst. J."},{"key":"1101_CR20","doi-asserted-by":"publisher","first-page":"2545","DOI":"10.1109\/JIOT.2021.3077803","volume":"9","author":"V Mothukuri","year":"2022","unstructured":"Mothukuri, V., Khare, P., Parizi, R.M., Pouriyeh, S., Dehghantanha, A., Srivastava, G.: Federated-learning-based anomaly detection for IoT security attacks. IEEE Internet Things J. 9, 2545\u20132554 (2022). https:\/\/doi.org\/10.1109\/JIOT.2021.3077803","journal-title":"IEEE Internet Things J."},{"key":"1101_CR21","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103597","volume":"137","author":"R Doriguzzi-Corin","year":"2024","unstructured":"Doriguzzi-Corin, R., Siracusa, D.: FLAD: adaptive federated learning for DDoS attack detection. Comput. Secur. 137, 103597 (2024). https:\/\/doi.org\/10.1016\/j.cose.2023.103597","journal-title":"Comput. Secur."},{"key":"1101_CR22","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2023.101015","volume":"25","author":"A Alamer","year":"2024","unstructured":"Alamer, A.: A privacy-preserving federated learning with a secure collaborative for malware detection models using Internet of Things resources. Internet of Things. 25, 101015 (2024). https:\/\/doi.org\/10.1016\/j.iot.2023.101015","journal-title":"Internet of Things."},{"key":"1101_CR23","series-title":"Intrusions and Defenses","first-page":"97","volume-title":"The 27th International Symposium on Research in Attacks","author":"M Botacin","year":"2024","unstructured":"Botacin, M., Gomes, H.: Cross-regional malware detection via model distilling and federated learning. In: The 27th International Symposium on Research in Attacks. Intrusions and Defenses, pp. 97\u2013113. ACM, Padua Italy (2024)"},{"key":"1101_CR24","doi-asserted-by":"crossref","unstructured":"Serpanos, D., Xenos, G.: Federated Learning in Malware Detection. In: 2023 IEEE 28th International Conference on Emerging Technologies and Factory Automation (ETFA). pp. 1\u20134. IEEE, Sinaia, Romania (2023)","DOI":"10.1109\/ETFA54631.2023.10275578"},{"key":"1101_CR25","doi-asserted-by":"crossref","unstructured":"Serpanos, D., Xenos, G.: Vertical Federated Learning in Malware Detection for Smart Cities. In: 2023 IEEE International Smart Cities Conference (ISC2). pp. 1\u20135. IEEE, Bucharest, Romania (2023)","DOI":"10.1109\/ISC257844.2023.10293429"},{"key":"1101_CR26","unstructured":"Harang, R., Rudd, E.M.: SOREL-20M: A Large scale benchmark dataset for malicious PE detection, arxiv: http:\/\/arxiv.org\/abs\/2012.07634, (2020)"},{"key":"1101_CR27","unstructured":"Beutel, D.J., Topal, T., Mathur, A., Qiu, X., Fernandez-Marques, J., Gao, Y., Sani, L., Li, K.H., Parcollet, T., Gusm\u00e3o, P.P.B. de, Lane, N.D.: Flower: a friendly federated learning research framework, arxiv: http:\/\/arxiv.org\/abs\/2007.14390, (2022)"},{"key":"1101_CR28","doi-asserted-by":"crossref","unstructured":"Ansel, J., Yang, E., He, H., Gimelshein, N., Jain, A., Voznesensky, M., Bao, B., Bell, P., Berard, D., Burovski, E., Chauhan, G., Chourdia, A., Constable, W., Desmaison, A., DeVito, Z., Ellison, E., Feng, W., Gong, J., Gschwind, M., Hirsh, B., Huang, S., Kalambarkar, K., Kirsch, L., Lazos, M., Lezcano, M., Liang, Y., Liang, J., Lu, Y., Luk, C.K., Maher, B., Pan, Y., Puhrsch, C., Reso, M., Saroufim, M., Siraichi, M.Y., Suk, H., Zhang, S., Suo, M., Tillet, P., Zhao, X., Wang, E., Zhou, K., Zou, R., Wang, X., Mathews, A., Wen, W., Chanan, G., Wu, P., Chintala, S.: PyTorch 2: Faster Machine Learning Through Dynamic Python Bytecode Transformation and Graph Compilation. In: Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2. pp. 929\u2013947. ACM, La Jolla CA USA (2024)","DOI":"10.1145\/3620665.3640366"},{"key":"1101_CR29","unstructured":"Anderson, H.S., Roth, P.: EMBER: an open dataset for training static PE malware machine learning Models, arxiv: http:\/\/arxiv.org\/abs\/1804.04637, (2018)"},{"key":"1101_CR30","unstructured":"Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization, arxiv:http:\/\/arxiv.org\/abs\/1412.6980, (2017)"},{"key":"1101_CR31","doi-asserted-by":"crossref","unstructured":"Anwar, A., Moser, B., Herurkar, D., Raue, F., Hegiste, V., Legler, T., Dengel, A.: FedAD-Bench: a unified benchmark for federated unsupervised anomaly detection in tabular data, arxiv:http:\/\/arxiv.org\/abs\/2408.04442, (2024)","DOI":"10.1109\/FLTA63145.2024.10839838"},{"key":"1101_CR32","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1186\/s40537-024-00933-6","volume":"11","author":"F Folino","year":"2024","unstructured":"Folino, F., Folino, G., Pisani, F.S., Pontieri, L., Sabatino, P.: Efficiently approaching vertical federated learning by combining data reduction and conditional computation techniques. J. Big Data. 11, 77 (2024). https:\/\/doi.org\/10.1186\/s40537-024-00933-6","journal-title":"J. Big Data."},{"key":"1101_CR33","doi-asserted-by":"crossref","unstructured":"Li, K.H., De Gusm\u00e3o, P.P.B., Beutel, D.J., Lane, N.D.: Secure aggregation for federated learning in flower. In: Proceedings of the 2nd ACM International Workshop on Distributed Machine Learning. pp. 8\u201314. ACM, Virtual Event Germany (2021)","DOI":"10.1145\/3488659.3493776"},{"key":"1101_CR34","unstructured":"Fu, J., Hong, Y., Ling, X., Wang, L., Ran, X., Sun, Z., Wang, W.H., Chen, Z., Cao, Y.: Differentially private federated learning: a systematic review, arxiv:http:\/\/arxiv.org\/abs\/2405.08299, (2024)"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01101-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-025-01101-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-025-01101-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,5]],"date-time":"2025-09-05T11:32:47Z","timestamp":1757071967000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-025-01101-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,23]]},"references-count":34,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,8]]}},"alternative-id":["1101"],"URL":"https:\/\/doi.org\/10.1007\/s10207-025-01101-4","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,23]]},"assertion":[{"value":"23 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"185"}}