Abstract
Advanced Persistent Threats (APT) utilizes multiple zero-day vulnerabilities to threaten critical industrial infrastructure, having the characteristics of burst, unknown and cross-domain. To resist APT attacks, existing wisdom usually establish a security monitoring platform that remotely links to the cloud-based threat intelligence center. However, the real scenario where few victim users are willing to share raw attack samples considering privacy-preservation, such mentality is hysteretic and cannot identify APT attacks quickly without sacrificing additional incentives. To address this issue, a novel privacy-preserving few-shot traffic detection (PFTD) method based on federated meta learning (FML) is proposed. The PFTD treats the APT detection task as a model generalization optimization process, that transfers the learned knowledge to identify local unknown samples. Client-side models in FML achieve knowledge transferring by two-phase updating over both support dataset and query dataset, while the server-side model obtains global knowledge with model aggregation. These processes compile useful knowledge against APT attacks. With a novel wisdom, we obtained three advantages: 1) High accuracy with a few attack samples; 2) Low latency detection for removing rules matching process; 3) High personalizing to cross-domain APT attacks. Extensive experiments based on multiple benchmark datasets like CICIDS2017 and DAPT 2020 prove the superiority of proposed PFTD.
Original language | English |
---|---|
Pages (from-to) | 2549-2560 |
Number of pages | 12 |
Journal | IEEE Transactions on Network Science and Engineering |
Volume | 11 |
Issue number | 3 |
DOIs | |
Publication status | Published - 2024 May 1 |
Externally published | Yes |
Keywords
- Advanced persistent threats
- federated meta learning
- few-shot traffic detection
- privacy-preserving
ASJC Scopus subject areas
- Control and Systems Engineering
- Computer Science Applications
- Computer Networks and Communications