{"paper":{"title":"Federated Stream-Processing and Latency-Gated Response for Cross-Sector Threat Detection and Collaborative Containment","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"A federated stream-processing framework detects coordinated cross-sector threats and achieves containment in 12-20 seconds despite network partitions.","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Namit Mohale","submitted_at":"2026-05-17T08:32:08Z","abstract_excerpt":"Critical infrastructure defense is fundamentally bottlenecked by the operational reality that preventive controls are frequently bypassed by sophisticated supply-chain compromises and stolen administrative credentials. When prevention fails, defense relies entirely on rapid, post-ingress threat detection and automated response across sovereign sectors. We present a novel, federated, high-throughput stream-processing and correlation framework designed to detect coordinated cross-sector threat campaigns and orchestrate containment at machine speed. By utilizing a stateless Pre-Filtering Dispatch"},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"By utilizing a stateless Pre-Filtering Dispatcher Subsystem (PFDS), in-memory lock-sharded state workers, and a 95% statistical watermark heuristic, our system maintains detection momentum during network partitions to evacuate speculative alerts and achieves total end-to-end operational convergence within a realistic 12-20 seconds window.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"The 500,000 events per second synthetic workload and prototype implementation in Go accurately represent the challenges, data patterns, and operational conditions of real-world multi-sector threat detection and collaborative containment.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"A federated stream-processing system with PFDS, in-memory sharded workers, and statistical watermarking achieves end-to-end cross-sector threat detection and containment in 12-20 seconds on a 500k events/sec prototype workload.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"A federated stream-processing framework detects coordinated cross-sector threats and achieves containment in 12-20 seconds despite network partitions.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"c8c70a366143feaa0e85abf553ee347c096fb2962dba788e32aa4e8ad719241a"},"source":{"id":"2605.17325","kind":"arxiv","version":1},"verdict":{"id":"1197a7a7-9eef-40cf-86bd-7f484cb221f5","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-19T23:44:45.807199Z","strongest_claim":"By utilizing a stateless Pre-Filtering Dispatcher Subsystem (PFDS), in-memory lock-sharded state workers, and a 95% statistical watermark heuristic, our system maintains detection momentum during network partitions to evacuate speculative alerts and achieves total end-to-end operational convergence within a realistic 12-20 seconds window.","one_line_summary":"A federated stream-processing system with PFDS, in-memory sharded workers, and statistical watermarking achieves end-to-end cross-sector threat detection and containment in 12-20 seconds on a 500k events/sec prototype workload.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"The 500,000 events per second synthetic workload and prototype implementation in Go accurately represent the challenges, data patterns, and operational conditions of real-world multi-sector threat detection and collaborative containment.","pith_extraction_headline":"A federated stream-processing framework detects coordinated cross-sector threats and achieves containment in 12-20 seconds despite network partitions."},"integrity":{"clean":false,"summary":{"advisory":1,"critical":0,"by_detector":{"doi_compliance":{"total":1,"advisory":1,"critical":0,"informational":0}},"informational":0},"endpoint":"/pith/2605.17325/integrity.json","findings":[{"note":"DOI in the printed bibliography is fragmented by whitespace or line breaks. A longer candidate (10.1109/AC-CESS.2024.3454211) was visible in the surrounding text but could not be confirmed against doi.org as printed.","detector":"doi_compliance","severity":"advisory","ref_index":3,"audited_at":"2026-05-19T23:52:41.527262Z","detected_doi":"10.1109/AC-CESS.2024.3454211","finding_type":"recoverable_identifier","verdict_class":"incontrovertible","detected_arxiv_id":null}],"available":true,"detectors_run":[{"name":"doi_title_agreement","ran_at":"2026-05-20T00:01:20.649528Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"doi_compliance","ran_at":"2026-05-19T23:52:41.527262Z","status":"completed","version":"1.0.0","findings_count":1},{"name":"claim_evidence","ran_at":"2026-05-19T21:41:57.813939Z","status":"completed","version":"1.0.0","findings_count":0},{"name":"ai_meta_artifact","ran_at":"2026-05-19T21:33:23.746834Z","status":"skipped","version":"1.0.0","findings_count":0}],"snapshot_sha256":"819fbeabc5ce773e2ba3025ee5ebfdceeb50d8be381dc2954610a382dbfb6cbe"},"references":{"count":12,"sample":[{"doi":"","year":2015,"title":"T. Akidau, R. Bradshaw, C. Chambers, S. Chernyak, R.J. Fernández- Moctezuma, R. Lax et al. ‘‘The Dataflow Model: A Practical Approach to Balancing Correctness, Latency, and Cost in Massive-Scale, Unbo","work_id":"20c1af1b-06b4-4a52-ae95-94752dac95db","ref_index":1,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"10.1109/ictc66702.2025.11388140","year":2025,"title":"O. Babayomi and D.-S. Kim. ‘‘Federated Anomaly Detection and Mit- igation for EV Charging Forecasting Under Cyberattacks’’, 2025. /em- phInternational Conference on Information and Communication Tech-","work_id":"e88e7c28-297e-479d-bc0a-a937cb5e33f7","ref_index":2,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"10.1109/ac-","year":2024,"title":"Enhancing Digital Image Forgery Detection Us- ing Transfer Learning","work_id":"686153ec-89bd-4634-8bdd-4f80ae648276","ref_index":3,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"10.1109/ojcs.2025.3618157","year":2025,"title":"K. Thirasak, T. Chuaphanngam, D. Chainarong and S. Fugkeaw, ‘‘TF2ML: Threat Filtering With Two-Stage Machine Learning for Effi- cient Provenance-Aware Threat Detection and Response’’,IEEE Open Journal","work_id":"3623392d-a34e-41fd-8b30-8ec1903e7586","ref_index":4,"cited_arxiv_id":"","is_internal_anchor":false},{"doi":"","year":2024,"title":"M. Barni and F. Bartolini,Watermarking Systems Engineering: Enabling Digital Assets Security and Other Applications, CRC Press, 2024","work_id":"5611fe6d-d067-49b6-b8b5-49a266b4d537","ref_index":5,"cited_arxiv_id":"","is_internal_anchor":false}],"resolved_work":12,"snapshot_sha256":"2a64f95d16e43416eba05f490e9689cbf6c29301dec174d2e7fe0a1661da60e1","internal_anchors":0},"formal_canon":{"evidence_count":2,"snapshot_sha256":"008da2e4dba339413ff533f4fd7057d722b05d839fccdbe5d4f196775de6fa16"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"}