We present a new approach to collaborative network attack detection combining state-of-the-art techniques for privacy preserving computation and machine learning. We build on the recent Energy Flow Classifier (EFC) to construct a distributed protocol allowing multiple entities to collaboratively train an attack detection model and later use it to identify potential attacks against their own networks. Differently from traditional approaches, the model is never revealed to any party, avoiding training data leakage. Moreover, the network data being classified and the result of the classification (i.e. attack detected or not) is never revealed to any party but the owner of that data.

In order to achieve these privacy guarantees while maintaining the same high accuracy of the EFC method, we design novel specific-purpose multiparty computation (MPC) protocols. Such protocols allow for entities to jointly compute on their private data while revealing nothing more than the output of the computation to a specific party. Our new MPC techniques allow for executing EFC classification algorithm using only 2 rounds of interaction among the parties with low communication, addressing the main bottlenecks in MPC protocols and significantly reducing the total running time. Our final protocol retains the 96% accuracy of the original EFC approach while allowing for classifying an average of 200 suspicious network flows per second.