Privacy-Preserving Few-Shot Traffic Detection Against Advanced Persistent Threats via Federated Meta Learning

Yilun Hu, Jun Wu*, Gaolei Li, Jianhua Li, Jinke Cheng

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)

Abstract

Advanced Persistent Threats (APT) utilizes multiple zero-day vulnerabilities to threaten critical industrial infrastructure, having the characteristics of burst, unknown and cross-domain. To resist APT attacks, existing wisdom usually establish a security monitoring platform that remotely links to the cloud-based threat intelligence center. However, the real scenario where few victim users are willing to share raw attack samples considering privacy-preservation, such mentality is hysteretic and cannot identify APT attacks quickly without sacrificing additional incentives. To address this issue, a novel privacy-preserving few-shot traffic detection (PFTD) method based on federated meta learning (FML) is proposed. The PFTD treats the APT detection task as a model generalization optimization process, that transfers the learned knowledge to identify local unknown samples. Client-side models in FML achieve knowledge transferring by two-phase updating over both support dataset and query dataset, while the server-side model obtains global knowledge with model aggregation. These processes compile useful knowledge against APT attacks. With a novel wisdom, we obtained three advantages: 1) High accuracy with a few attack samples; 2) Low latency detection for removing rules matching process; 3) High personalizing to cross-domain APT attacks. Extensive experiments based on multiple benchmark datasets like CICIDS2017 and DAPT 2020 prove the superiority of proposed PFTD.

Original languageEnglish
Pages (from-to)2549-2560
Number of pages12
JournalIEEE Transactions on Network Science and Engineering
Volume11
Issue number3
DOIs
Publication statusPublished - 2024 May 1
Externally publishedYes

Keywords

  • Advanced persistent threats
  • federated meta learning
  • few-shot traffic detection
  • privacy-preserving

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Privacy-Preserving Few-Shot Traffic Detection Against Advanced Persistent Threats via Federated Meta Learning'. Together they form a unique fingerprint.

Cite this