Massachusetts Institute
AI Insights
- The system, called MALCDF, is designed to provide a practical and end-to-end defense workflow for detecting and responding to cyber threats. [3]
- Cybersecurity: The practice of protecting computer systems, networks, and sensitive information from unauthorized access, use, disclosure, disruption, modification, or destruction. [3]
- Autonomous Cyber Defence Agent: An AI-powered system designed to detect and respond to cyber threats without human intervention. [3]
- The framework's modularity and container-friendliness make it adaptable to various workloads and environments, allowing it to be scaled up or down as needed. [3]
- MALCDF outperforms a lightweight ML-IDS and a single-LLM setup on accuracy while keeping outputs easy to review. [2]
- The paper presents a novel approach to cybersecurity using a set of coordinated Large Language Models (LLMs) agents. [1]
Abstract
Traditional, centralized security tools often miss adaptive, multi-vector attacks. We present the Multi-Agent LLM Cyber Defense Framework (MALCDF), a practical setup where four large language model (LLM) agents-Detection, Intelligence, Response, and Analysis-work together in real time. Agents communicate over a Secure Communication Layer (SCL) with encrypted, ontology-aligned messages, and produce audit-friendly outputs (e.g., MITRE ATT&CK mappings). For evaluation, we keep the test simple and consistent: all reported metrics come from the same 50-record live stream derived from the CICIDS2017 feature schema. CICIDS2017 is used for configuration (fields/schema) and to train a practical ML baseline. The ML-IDS baseline is a Lightweight Random Forest IDS (LRF-IDS) trained on a subset of CICIDS2017 and tested on the 50-record stream, with no overlap between training and test records. In experiments, MALCDF reaches 90.0% detection accuracy, 85.7% F1-score, and 9.1% false-positive rate, with 6.8s average per-event latency. It outperforms the lightweight ML-IDS baseline and a single-LLM setup on accuracy while keeping end-to-end outputs consistent. Overall, this hands-on build suggests that coordinating simple LLM agents with secure, ontology-aligned messaging can improve practical, real-time cyber defense.
Traditional, centralized security tools often miss adaptive, multi-vector attacks. We present the Multi-Agent LLM Cyber Defense Framework (MALCDF), a practical setup where four large language model (LLM) agents-Detection, Intelligence, Response, and Analysis-work together in real time. Agents communicate over a Secure Communication Layer (SCL) with encrypted, ontology-aligned messages, and produce audit-friendly outputs (e.g., MITRE ATT&CK mappings). For evaluation, we keep the test simple and consistent: all reported metrics come from the same 50-record live stream derived from the CICIDS2017 feature schema. CICIDS2017 is used for configuration (fields/schema) and to train a practical ML baseline. The ML-IDS baseline is a Lightweight Random Forest IDS (LRF-IDS) trained on a subset of CICIDS2017 and tested on the 50-record stream, with no overlap between training and test records. In experiments, MALCDF reaches 90.0% detection accuracy, 85.7% F1-score, and 9.1% false-positive rate, with 6.8s average per-event latency. It outperforms the lightweight ML-IDS baseline and a single-LLM setup on accuracy while keeping end-to-end outputs consistent. Overall, this hands-on build suggests that coordinating simple LLM agents with secure, ontology-aligned messaging can improve practical, real-time cyber defense.
Why we are recommending this paper?
Due to your Interest in: Distributed Systems
This paper presents a novel framework utilizing LLMs for real-time cyber defense, aligning directly with the user's interest in distributed systems and high-throughput security solutions. The multi-agent approach suggests a robust architecture capable of handling complex, adaptive attacks.
Due to your Interest in: Distributed Systems
This paper presents a novel framework utilizing LLMs for real-time cyber defense, aligning directly with the user's interest in distributed systems and high-throughput security solutions. The multi-agent approach suggests a robust architecture capable of handling complex, adaptive attacks.
Universidade do Porto
Abstract
The growing sophistication, frequency, and diversity of cyberattacks increasingly exceed the capacity of individual entities to fully understand and counter them. While existing solutions, such as Security Information and Event Management (SIEM) systems, Security Orchestration, Automation, and Response (SOAR) platforms, and Security Operation Center (SOC), play a vital role in mitigating known threats, they often struggle to effectively address emerging and unforeseen attacks. To increase the effectiveness of cyber defense, it is essential to foster greater information sharing between entities; however, this requires addressing the challenge of exchanging sensitive data without compromising confidentiality or operational security. To address the challenges of secure and confidential Cyber Threat Intelligence (CTI) sharing, we propose a novel architecture that federates Intrusion Tolerant Systems (ITSs) and leverages concepts from Malware Information Sharing Platform (MISP) to empower SOCs. This framework enables controlled collaboration and data privacy while enhancing collective defenses. As a proof of concept, we evaluate one module by applying Differential Privacy (DP) to Federated Learning (FL), observing a manageable accuracy drop from 98.42% to 85.98% (average loss 12.44%) while maintaining reliable detection of compromised messages. These results highlight the viability of secure data sharing and establishes a foundation for the future full-scale implementation of LegionITS.
The growing sophistication, frequency, and diversity of cyberattacks increasingly exceed the capacity of individual entities to fully understand and counter them. While existing solutions, such as Security Information and Event Management (SIEM) systems, Security Orchestration, Automation, and Response (SOAR) platforms, and Security Operation Center (SOC), play a vital role in mitigating known threats, they often struggle to effectively address emerging and unforeseen attacks. To increase the effectiveness of cyber defense, it is essential to foster greater information sharing between entities; however, this requires addressing the challenge of exchanging sensitive data without compromising confidentiality or operational security. To address the challenges of secure and confidential Cyber Threat Intelligence (CTI) sharing, we propose a novel architecture that federates Intrusion Tolerant Systems (ITSs) and leverages concepts from Malware Information Sharing Platform (MISP) to empower SOCs. This framework enables controlled collaboration and data privacy while enhancing collective defenses. As a proof of concept, we evaluate one module by applying Differential Privacy (DP) to Federated Learning (FL), observing a manageable accuracy drop from 98.42% to 85.98% (average loss 12.44%) while maintaining reliable detection of compromised messages. These results highlight the viability of secure data sharing and establishes a foundation for the future full-scale implementation of LegionITS.
Why we are recommending this paper?
Due to your Interest in: Distributed Systems
Given the user's focus on resilience, this paper's exploration of a federated intrusion-tolerant system architecture is highly relevant. The work addresses the increasing complexity of cyberattacks, a key concern for building robust and scalable systems.
Due to your Interest in: Distributed Systems
Given the user's focus on resilience, this paper's exploration of a federated intrusion-tolerant system architecture is highly relevant. The work addresses the increasing complexity of cyberattacks, a key concern for building robust and scalable systems.
Texas A&M University
AI Insights
- The study proposes a human-centered framework to quantify the functional criticality of community lifelines, focusing on how residents use facilities in their daily routines. [2]
Abstract
Lifeline infrastructure underpins the continuity of daily life, yet conventional criticality assessments remain largely asset-centric, inferring importance from physical capacity or network topology rather than actual behavioral reliance. This disconnect frequently obscures the true societal cost of disruption, particularly in underserved communities where residents lack service alternatives. This study bridges the gap between engineering risk analysis and human mobility analysis by introducing functional criticality, a human-centered metric that quantifies the behavioral indispensability of specific facilities based on large-scale visitation patterns. Leveraging 1.02 million anonymized mobility records for Harris County, Texas, we operationalize lifeline criticality as a function of visitation intensity, catchment breadth, and origin-specific substitutability. Results reveal that dependence is highly concentrated: a small subset of super-critical facilities (2.8% of grocery stores and 14.8% of hospitals) supports a disproportionate share of routine access. By coupling these behavioral scores with probabilistic flood hazard models for 2020 and 2060, we demonstrate a pronounced risk-multiplier effect. While physical flood depths increase only moderately under future climate scenarios, the population-weighted vulnerability of access networks surges by 67.6%. This sharp divergence establishes that future hazards will disproportionately intersect with the specific nodes communities rely on most. The proposed framework advances resilience assessment by embedding human behavior directly into the definition of infrastructure importance, providing a scalable foundation for equitable, adaptive, and human-centered resilience planning.
Lifeline infrastructure underpins the continuity of daily life, yet conventional criticality assessments remain largely asset-centric, inferring importance from physical capacity or network topology rather than actual behavioral reliance. This disconnect frequently obscures the true societal cost of disruption, particularly in underserved communities where residents lack service alternatives. This study bridges the gap between engineering risk analysis and human mobility analysis by introducing functional criticality, a human-centered metric that quantifies the behavioral indispensability of specific facilities based on large-scale visitation patterns. Leveraging 1.02 million anonymized mobility records for Harris County, Texas, we operationalize lifeline criticality as a function of visitation intensity, catchment breadth, and origin-specific substitutability. Results reveal that dependence is highly concentrated: a small subset of super-critical facilities (2.8% of grocery stores and 14.8% of hospitals) supports a disproportionate share of routine access. By coupling these behavioral scores with probabilistic flood hazard models for 2020 and 2060, we demonstrate a pronounced risk-multiplier effect. While physical flood depths increase only moderately under future climate scenarios, the population-weighted vulnerability of access networks surges by 67.6%. This sharp divergence establishes that future hazards will disproportionately intersect with the specific nodes communities rely on most. The proposed framework advances resilience assessment by embedding human behavior directly into the definition of infrastructure importance, providing a scalable foundation for equitable, adaptive, and human-centered resilience planning.
Why we are recommending this paper?
Due to your Interest in: Resilience
This paper's focus on understanding the functional criticality of lifelines, particularly in relation to mobility and population density, directly addresses the need for understanding system dependencies and potential failure points. The human-centered resilience approach is particularly pertinent.
Due to your Interest in: Resilience
This paper's focus on understanding the functional criticality of lifelines, particularly in relation to mobility and population density, directly addresses the need for understanding system dependencies and potential failure points. The human-centered resilience approach is particularly pertinent.
Radboud University
Abstract
Resilience in coupled systems is increasingly critical in addressing global challenges such as climate change and pandemics. These systems show unpredictable behaviour due to dynamic complexity and deep uncertainty across spatiotemporal scales. Despite growing interest, few studies systematically integrate both concepts when assessing resilience. This paper conducts an integrative review of 102 English-language publications to identify gaps in current approaches. Findings reveal that most papers address lower levels of uncertainty and rarely consider dynamic complexity and deep uncertainty simultaneously, which limits the effectiveness of resilience strategies. To advance systems research, we propose a conceptual framework and practical tools to support researchers and decision-makers in evaluating and improving resilience. The paper also outlines future research directions for more robust, adaptive, and integrative resilience assessments.
Resilience in coupled systems is increasingly critical in addressing global challenges such as climate change and pandemics. These systems show unpredictable behaviour due to dynamic complexity and deep uncertainty across spatiotemporal scales. Despite growing interest, few studies systematically integrate both concepts when assessing resilience. This paper conducts an integrative review of 102 English-language publications to identify gaps in current approaches. Findings reveal that most papers address lower levels of uncertainty and rarely consider dynamic complexity and deep uncertainty simultaneously, which limits the effectiveness of resilience strategies. To advance systems research, we propose a conceptual framework and practical tools to support researchers and decision-makers in evaluating and improving resilience. The paper also outlines future research directions for more robust, adaptive, and integrative resilience assessments.
Why we are recommending this paper?
Due to your Interest in: Resilience
This paper’s investigation into resilience in coupled systems, considering deep uncertainty and dynamic complexity, is a valuable contribution to understanding complex, real-world systems. It aligns with the user’s interest in systems that exhibit unpredictable behavior.
Due to your Interest in: Resilience
This paper’s investigation into resilience in coupled systems, considering deep uncertainty and dynamic complexity, is a valuable contribution to understanding complex, real-world systems. It aligns with the user’s interest in systems that exhibit unpredictable behavior.
Hunan University
AI Insights
- MMA (Multi-Path Accelerator) is a software-layer extension that accelerates intra-server GPU-host memory transfers by exploiting multiple heterogeneous interconnects inside a server. [2]
Abstract
The limited bandwidth of PCIe has emerged as the critical bottleneck for large language model (LLM) performance, such as prefix cache fetching and model switching. Although intra-server multipath data transfer between GPU and host memory is theoretically possible, heterogeneous protocols such as PCIe and NVLink currently limit the bandwidth between host memory and GPUs to that of a single PICe link. This limitation resuals in underutilized intra-server bandwidth. To address this issue, we propose Multipath Memory Access (MMA), a scheme that, to the best of our knowledge, is the first to enalbe efficient multipath data transfer between GPU and host memory. MMA supports seamless deployment via dynamic library injection, enabling LLM applications to benefit from MMA without requiring any code modification. In our testbed, MMA significantly improves the data transfer bandwidth between the GPU and memory, achieving a peak bandwidth of 245 GB/s-representing a 4.62x speedup compared to the natice single-path bandwidth. End-to-end evaluations demonstrate that MMA reduces the time-to-first-token (TTFT) for LLM serving by 1.14x to 2.38x and decreases model-switching latency in vLLM's sleep mode by 1.12x to 2.48x.
The limited bandwidth of PCIe has emerged as the critical bottleneck for large language model (LLM) performance, such as prefix cache fetching and model switching. Although intra-server multipath data transfer between GPU and host memory is theoretically possible, heterogeneous protocols such as PCIe and NVLink currently limit the bandwidth between host memory and GPUs to that of a single PICe link. This limitation resuals in underutilized intra-server bandwidth. To address this issue, we propose Multipath Memory Access (MMA), a scheme that, to the best of our knowledge, is the first to enalbe efficient multipath data transfer between GPU and host memory. MMA supports seamless deployment via dynamic library injection, enabling LLM applications to benefit from MMA without requiring any code modification. In our testbed, MMA significantly improves the data transfer bandwidth between the GPU and memory, achieving a peak bandwidth of 245 GB/s-representing a 4.62x speedup compared to the natice single-path bandwidth. End-to-end evaluations demonstrate that MMA reduces the time-to-first-token (TTFT) for LLM serving by 1.14x to 2.38x and decreases model-switching latency in vLLM's sleep mode by 1.12x to 2.48x.
Why we are recommending this paper?
Due to your Interest in: High throughput
Addressing the critical bandwidth bottlenecks in LLM services, this paper directly relates to achieving low-latency performance, a core requirement for the user’s interests. The focus on GPU and host-memory transfer is highly relevant to optimizing system throughput.
Due to your Interest in: High throughput
Addressing the critical bandwidth bottlenecks in LLM services, this paper directly relates to achieving low-latency performance, a core requirement for the user’s interests. The focus on GPU and host-memory transfer is highly relevant to optimizing system throughput.
ETH Zurich
Abstract
In the Directed Latency problem, we are given an asymmetric metric on a set of vertices (or clients), and a given depot $s$. We seek a path $P$ starting at $s$ and visiting all the clients so as to minimize the sum of client waiting times (also known as latency) before being visited on the path. In contrast to the symmetric version of this problem (also known as the Deliveryperson problem and the Repairperson problem in the literature), there are significant gaps in our understanding of Directed Latency. The best approximation factor has remained at $O(\log n)$, where $n$ is the number of clients, for more than a decade [Friggstad, Salavatipour, and Svitkina, '13]. Only recently, [Friggstad and Swamy, '22] presented a constant-factor approximation but in quasi-polynomial time. Both results follow similar ideas: they consider buckets with geometrically-increasing distances, build paths in each bucket, and then stitch together all these paths to get a feasible solution. [Friggstad and Swamy, '22] showed if we guess a vertex from each bucket and augment a standard LP relaxation with these guesses, then one can reduce the stitching cost. Unfortunately, there are logarithmically many buckets so the running time of their algorithm is quasi-polynomial. In this paper, we present the first constant-factor approximation for Directed Latency in polynomial time by introducing a completely new way of bucketing which helps us strengthen a standard LP relaxation with less aggressive guessing. Although the resulting LP is no longer a relaxation of Directed Latency, it still admits a good solution. We present a rounding algorithm for fractional solutions of our LP, crucially exploiting the way we restricted the feasibility region of the LP formulation.
In the Directed Latency problem, we are given an asymmetric metric on a set of vertices (or clients), and a given depot $s$. We seek a path $P$ starting at $s$ and visiting all the clients so as to minimize the sum of client waiting times (also known as latency) before being visited on the path. In contrast to the symmetric version of this problem (also known as the Deliveryperson problem and the Repairperson problem in the literature), there are significant gaps in our understanding of Directed Latency. The best approximation factor has remained at $O(\log n)$, where $n$ is the number of clients, for more than a decade [Friggstad, Salavatipour, and Svitkina, '13]. Only recently, [Friggstad and Swamy, '22] presented a constant-factor approximation but in quasi-polynomial time. Both results follow similar ideas: they consider buckets with geometrically-increasing distances, build paths in each bucket, and then stitch together all these paths to get a feasible solution. [Friggstad and Swamy, '22] showed if we guess a vertex from each bucket and augment a standard LP relaxation with these guesses, then one can reduce the stitching cost. Unfortunately, there are logarithmically many buckets so the running time of their algorithm is quasi-polynomial. In this paper, we present the first constant-factor approximation for Directed Latency in polynomial time by introducing a completely new way of bucketing which helps us strengthen a standard LP relaxation with less aggressive guessing. Although the resulting LP is no longer a relaxation of Directed Latency, it still admits a good solution. We present a rounding algorithm for fractional solutions of our LP, crucially exploiting the way we restricted the feasibility region of the LP formulation.
AI Insights
- The authors also discuss potential directions for future research and improvements to their approach. [3]
- The paper presents a new algorithm for solving the Steiner Forest Problem (SFP) on general graphs, which is a fundamental problem in combinatorial optimization. [2]
- The authors also provide a detailed analysis of the performance of their algorithm, including a proof of its correctness, a bound on its running time, and an estimate of its approximation ratio. [1]
Why we are recommending this paper?
Due to your Interest in: Low latency
Due to your Interest in: Low latency
ETH Zrich
Abstract
Resource disaggregation is a promising technique for improving the efficiency of large-scale computing systems. However, this comes at the cost of increased memory access latency due to the need to rely on the network fabric to transfer data between remote nodes. As such, it is crucial to ascertain an application's memory latency sensitivity to minimize the overall performance impact. Existing tools for measuring memory latency sensitivity often rely on custom ad-hoc hardware or cycle-accurate simulators, which can be inflexible and time-consuming. To address this, we present EDAN (Execution DAG Analyzer), a novel performance analysis tool that leverages an application's runtime instruction trace to generate its corresponding execution DAG. This approach allows us to estimate the latency sensitivity of sequential programs and investigate the impact of different hardware configurations. EDAN not only provides us with the capability of calculating the theoretical bounds for performance metrics, but it also helps us gain insight into the memory-level parallelism inherent to HPC applications. We apply EDAN to applications and benchmarks such as PolyBench, HPCG, and LULESH to unveil the characteristics of their intrinsic memory-level parallelism and latency sensitivity.
Resource disaggregation is a promising technique for improving the efficiency of large-scale computing systems. However, this comes at the cost of increased memory access latency due to the need to rely on the network fabric to transfer data between remote nodes. As such, it is crucial to ascertain an application's memory latency sensitivity to minimize the overall performance impact. Existing tools for measuring memory latency sensitivity often rely on custom ad-hoc hardware or cycle-accurate simulators, which can be inflexible and time-consuming. To address this, we present EDAN (Execution DAG Analyzer), a novel performance analysis tool that leverages an application's runtime instruction trace to generate its corresponding execution DAG. This approach allows us to estimate the latency sensitivity of sequential programs and investigate the impact of different hardware configurations. EDAN not only provides us with the capability of calculating the theoretical bounds for performance metrics, but it also helps us gain insight into the memory-level parallelism inherent to HPC applications. We apply EDAN to applications and benchmarks such as PolyBench, HPCG, and LULESH to unveil the characteristics of their intrinsic memory-level parallelism and latency sensitivity.
Why we are recommending this paper?
Due to your Interest in: Low latency
Due to your Interest in: Low latency
Help us improve your experience!
This project is on its early stages your feedback can be pivotal on the future of the project.
Let us know what you think about this week's papers and suggestions!
Give Feedback