Gespeichert in:
Bibliographische Detailangaben
1. Verfasser: Mohale, Namit
Format: Preprint
Veröffentlicht: 2026
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2605.17325
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866914575211823104
author Mohale, Namit
author_facet Mohale, Namit
contents Critical infrastructure defense is fundamentally bottlenecked by the operational reality that preventive controls are frequently bypassed by sophisticated supply-chain compromises and stolen administrative credentials. When prevention fails, defense relies entirely on rapid, post-ingress threat detection and automated response across sovereign sectors. We present a novel, federated, high-throughput stream-processing and correlation framework designed to detect coordinated cross-sector threat campaigns and orchestrate containment at machine speed. By utilizing a stateless Pre-Filtering Dispatcher Subsystem (PFDS), in-memory lock-sharded state workers, and a 95% statistical watermark heuristic, our system maintains detection momentum during network partitions to evacuate speculative alerts. Delayed telemetry is subsequently reconciled directly within a version-keyed columnar storage engine via deterministic time-bucket hashing, eliminating state-retraction overhead. We evaluate a prototype of our framework - implemented in Go with an instantiated production-grade columnar analytical store - against a 500,000 events per second workload. The results demonstrate an internal framework processing overhead of under 7 seconds, while achieving total end-to-end operational convergence - accounting for multi-sector detection, correlation, wide-area network (WAN) propagation, windowing stability, VLAN-level response, and hardware level mitigation commitment - within a realistic 12-20 seconds window.
format Preprint
id arxiv_https___arxiv_org_abs_2605_17325
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Federated Stream-Processing and Latency-Gated Response for Cross-Sector Threat Detection and Collaborative Containment
Mohale, Namit
Cryptography and Security
Critical infrastructure defense is fundamentally bottlenecked by the operational reality that preventive controls are frequently bypassed by sophisticated supply-chain compromises and stolen administrative credentials. When prevention fails, defense relies entirely on rapid, post-ingress threat detection and automated response across sovereign sectors. We present a novel, federated, high-throughput stream-processing and correlation framework designed to detect coordinated cross-sector threat campaigns and orchestrate containment at machine speed. By utilizing a stateless Pre-Filtering Dispatcher Subsystem (PFDS), in-memory lock-sharded state workers, and a 95% statistical watermark heuristic, our system maintains detection momentum during network partitions to evacuate speculative alerts. Delayed telemetry is subsequently reconciled directly within a version-keyed columnar storage engine via deterministic time-bucket hashing, eliminating state-retraction overhead. We evaluate a prototype of our framework - implemented in Go with an instantiated production-grade columnar analytical store - against a 500,000 events per second workload. The results demonstrate an internal framework processing overhead of under 7 seconds, while achieving total end-to-end operational convergence - accounting for multi-sector detection, correlation, wide-area network (WAN) propagation, windowing stability, VLAN-level response, and hardware level mitigation commitment - within a realistic 12-20 seconds window.
title Federated Stream-Processing and Latency-Gated Response for Cross-Sector Threat Detection and Collaborative Containment
topic Cryptography and Security
url https://arxiv.org/abs/2605.17325