Abstract
With the Internet of Things (IoT) experiencing an accelerating evolution, the IoT devices are widely implemented both in the industrial system and daily life. The IoT system has characteristics of lack of update, longer lifetimes, and delayed patching, making it suffer from diverse attacks especially the Advanced Persistent Threats (APTs). Various detection technologies that emerged, however, are far from satisfied the need for effective security defense for IoT systems against APT campaigns. Therefore, we propose an APT Prediction Method based on Federated Learning (APTPMFL) deployed on the edge computing infrastructure to predict the probability of subsequent APT attacks that occur in IoT scenarios. It is the first approach to apply a federated learning mechanism for aggregating suspicious activities in the IoT systems to train the APT prediction model without correlation rules. We present an edge computing-based framework to train and deploy the model which can alleviate the computing and communication overhead of the typical IoT systems. The sophisticated evolution processes of APT can be modeled by federated learning meanwhile the private data will not leakage to other organizations. Our evaluation results show that APTPMFL is capable of predicting subsequent APT behaviors in the IoT system accurately and efficiently.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Palani, K., Holt, E., Smith, S.: Invisible and forgotten: zero-day blooms in the IoT. In: IEEE International Conference on Pervasive Computing and Communication Workshops, pp. 1–6 (2016)
Husák, M., Komárková, J., Bou-Harb, E., Čeleda, P.: Survey of attack projection, prediction, and forecasting in cyber security. IEEE Commun. Surv. Tutor. 21, 640–660 (2019)
Polatidis, N., Pimenidis, E., Pavlidis, M., Mouratidis, H.: Recommender systems meeting security: from product recommendation to cyber-attack prediction. In: Boracchi, G., Iliadis, L., Jayne, C., Likas, A. (eds.) EANN 2017. CCIS, vol. 744, pp. 508–519. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65172-9_43
Okutan, A., Yang S.J., McConky, K.: Predicting cyber attacks with Bayesian networks using unconventional signals. In: Conference on Cyber & Information Security Research, pp. 1–13 (2017)
Huang, K., Zhou, C., Tian, Y.C., Qin, Y.: Assessing the physical impact of cyberattacks on industrial cyber-physical systems. IEEE Trans. Industr. Electron. 65(10), 8153–8162 (2018)
Okutan, A., Werner, G., McConky, K., Yang, S.J.: POSTER: cyber attack prediction of threats from unconventional resources (CAPTURE). In: ACM SIGSAC Conference, pp. 2563–2565 (2017)
Dowling, S., Schukat, M., Melvin, H.: Using analysis of temporal variances within a honeypot dataset to better predict attack type probability. In: International Conference for Internet Technology and Secured Transactions (ICITST), pp. 349–354 (2017)
Husák, M., Kašpar, J.: Towards predicting cyber attacks using information exchange and data mining. In: International Wireless Communications Mobile Computing Conference (IWCMC), pp. 536–541 (2018)
Ghafir, I., Hammoudeh, M., Prenosil, V., et al.: Detection of advanced persistent threat using machine-learning correlation analysis. Future Gener. Comput. Syst. 89, 349–359 (2018)
Rhode, M., Burnap, P., Jones, K.: Early-stage malware prediction using recurrent neural networks. Comput. Secur. 77, 578–594 (2018)
Huang, L., Zhu, Q.: Adaptive strategic cyber defense for advanced persistent threats in critical infrastructure networks. Perform. Eval. Rev. 46(2), 52–56 (2018)
Niu, W., Zhang, X.S., Yang, G.W., et al.: Modeling attack process of advanced persistent threat using network evolution. IEICE Trans. Inf. Syst. E100-D(10), 2275–2286 (2017)
Cheng, X., Zhang, J., Chen, B.: Cyber situation comprehension for IoT systems based on APT alerts and logs correlation. Sensors 19(18), 4045 (2019)
Belhadj-Aissa, N., Guerroumi, M.: A new classification process for network anomaly detection based on negative selection mechanism. In: Wang, G., Ray, I., Alcaraz Calero, J.M., Thampi, S.M. (eds.) SpaCCS 2016. LNCS, vol. 10067, pp. 238–248. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49145-5_24
Alshamrani, A., Myneni, S., Chowdhary, A., et al.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Commun. Surv. Tutor. 21(2), 1851–1877 (2019)
Mall, P., Bhuiyan, M.Z.A., Amin, R.: A lightweight secure communication protocol for IoT devices using physically unclonable function. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 26–35. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24907-6_3
Ara, L., Luo, X.: A data-driven network intrusion detection model based on host clustering and integrated learning: a case study on botnet detection. In: Wang, G., Feng, J., Bhuiyan, M.Z.A., Lu, R. (eds.) SpaCCS 2019. LNCS, vol. 11611, pp. 102–116. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-24907-6_9
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, Z., Cheng, X., Zhang, J., Chen, B. (2021). Predicting Advanced Persistent Threats for IoT Systems Based on Federated Learning. In: Wang, G., Chen, B., Li, W., Di Pietro, R., Yan, X., Han, H. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2020. Lecture Notes in Computer Science(), vol 12382. Springer, Cham. https://doi.org/10.1007/978-3-030-68851-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-68851-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68850-9
Online ISBN: 978-3-030-68851-6
eBook Packages: Computer ScienceComputer Science (R0)