Federated deep learning for privacy-preserving cyber threat detection in U.S. healthcare networks

The increasing frequency and sophistication of cyberattacks on the U.S. healthcare system pose a significant threat to patient safety and data privacy. Centralizing sensitive patient data from multiple hospitals to train a collective cyber-defense model is often infeasible due to stringent data privacy regulations like HIPAA. This paper proposes a privacy-preserving federated deep learning (FDL) framework for collaborative cyber threat detection across healthcare networks without sharing raw data. In our framework, participating healthcare institutions train local deep learning models, specifically a Long Short-Term Memory (LSTM) network, on their internal network traffic data. Only the model parameter updates (gradients), not the data itself, are sent to a central aggregator server, which uses the Federated Averaging (FedAvg) algorithm to synthesize a global, robust model. We simulated a federated learning environment with five independent hospital nodes using the CIC-IDS-2017 dataset to benchmark performance. The results demonstrate that the federated model achieves a high classification performance, with an F1-score of 97.8%, which is comparable to a model trained on centralized data (98.5%). Furthermore, the federated model showed superior generalization capabilities when tested on unseen data from a new hospital node, outperforming individually trained local models by an average of 15.3%. This study concludes that federated deep learning presents a viable and effective strategy for enhancing collective cybersecurity posture in the healthcare sector while rigorously preserving data privacy and complying with regulatory requirements.