Federated Stream-Processing and Latency-Gated Response for Cross-Sector Threat Detection and Collaborative Containment
arXiv SecurityArchived May 19, 2026✓ Full text saved
arXiv:2605.17325v1 Announce Type: new Abstract: Critical infrastructure defense is fundamentally bottlenecked by the operational reality that preventive controls are frequently bypassed by sophisticated supply-chain compromises and stolen administrative credentials. When prevention fails, defense relies entirely on rapid, post-ingress threat detection and automated response across sovereign sectors. We present a novel, federated, high-throughput stream-processing and correlation framework design
Full text archived locally
✦ AI Summary· Claude Sonnet
Computer Science > Cryptography and Security
[Submitted on 17 May 2026]
Federated Stream-Processing and Latency-Gated Response for Cross-Sector Threat Detection and Collaborative Containment
Namit Mohale
Critical infrastructure defense is fundamentally bottlenecked by the operational reality that preventive controls are frequently bypassed by sophisticated supply-chain compromises and stolen administrative credentials. When prevention fails, defense relies entirely on rapid, post-ingress threat detection and automated response across sovereign sectors. We present a novel, federated, high-throughput stream-processing and correlation framework designed to detect coordinated cross-sector threat campaigns and orchestrate containment at machine speed. By utilizing a stateless Pre-Filtering Dispatcher Subsystem (PFDS), in-memory lock-sharded state workers, and a 95% statistical watermark heuristic, our system maintains detection momentum during network partitions to evacuate speculative alerts. Delayed telemetry is subsequently reconciled directly within a version-keyed columnar storage engine via deterministic time-bucket hashing, eliminating state-retraction overhead. We evaluate a prototype of our framework - implemented in Go with an instantiated production-grade columnar analytical store - against a 500,000 events per second workload. The results demonstrate an internal framework processing overhead of under 7 seconds, while achieving total end-to-end operational convergence - accounting for multi-sector detection, correlation, wide-area network (WAN) propagation, windowing stability, VLAN-level response, and hardware level mitigation commitment - within a realistic 12-20 seconds window.
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2605.17325 [cs.CR]
(or arXiv:2605.17325v1 [cs.CR] for this version)
https://doi.org/10.48550/arXiv.2605.17325
Focus to learn more
Submission history
From: Namit Mohale [view email]
[v1] Sun, 17 May 2026 08:32:08 UTC (1,435 KB)
Access Paper:
HTML (experimental)
view license
Current browse context:
cs.CR
< prev | next >
new | recent | 2026-05
Change to browse by:
cs
References & Citations
NASA ADS
Google Scholar
Semantic Scholar
Export BibTeX Citation
Bookmark
Bibliographic Tools
Bibliographic and Citation Tools
Bibliographic Explorer Toggle
Bibliographic Explorer (What is the Explorer?)
Connected Papers Toggle
Connected Papers (What is Connected Papers?)
Litmaps Toggle
Litmaps (What is Litmaps?)
scite.ai Toggle
scite Smart Citations (What are Smart Citations?)
Code, Data, Media
Demos
Related Papers
About arXivLabs
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)