Abstract
Advanced Persistent Threat (APT) is one of the most menacing and stealthy multiple-steps attacks in the context of information systems and IoT-related applications. Recently, with increasing losses to organizations caused by APT, its detection has attracted more attention in both academia and industry. However, conventional attack detection methods cannot be used to defense APT ideally for the following reasons: 1) misuse-based mechanisms require too much expert knowledge of APT attacks; 2) anomaly-based strategies lead to many false positives; 3) machine learning-based solutions lack training dataset that describes APT patterns. Thus, we propose a novel detection system in edge computing systems based on federated learning, named FLAPT, to detect APT attacks. The federated model can learn various APT attack patterns by maintaining a global model across multiple clients. The experimental results demonstrate that our proposed system can detect various attacks including real-life APT campaigns with high detection accuracy and low false alarm rate.
Supported in part by the National Key R&D Program of China, under Grant 2019YFB2102000, in part by the National Natural Science Foundation of China, under Grant 61672283, and in part by the Postgraduate Research & Practice Innovation Program of Jiangsu Province under Grant KYCX18_0308.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Milajerdi, S.M., Gjomemo, R., Eshete, B., et al.: Holmes: real-time apt detection through correlation of suspicious information flows. In: Proceedings of 2019 IEEE Symposium on Security and Privacy (SP), pp. 1137–1152 (2018)
Qu, Y., Yu, S., Peng, S., Wang, G., Xiao, K.: Privacy of things: emerging challenges and opportunities in wireless Internet of Things. IEEE Wireless Commun. 25(6), 91–97 (2018)
Milajerdi, S.M., Eshete, B., Gjomemo, R., et al.: Poirot: aligning attack behavior with kernel audit records for cyber threat hunting. In Proceedings of 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), pp. 1795–1812 (2019)
Xiao, L., Xu, D., Xie, C., Mandayam, N.B., Vincent, P.H.: Cloud storage defense against advanced persistent threats: a prospect theoretic study. IEEE J. Sel. Areas Commun. 18(1), 99–109 (2017)
Cheng, X., Zhang, J., Chen, B.: Cyber situation comprehension for IoT systems based on apt alerts and logs correlation. Sensors 19(18), 4045–4064 (2019)
Zhang, J., Ling, Y., Fu, X., et al.: Model of the intrusion detection system based on the integration of spatial-temporal features. Comput. Secur. 89(2), 1–9 (2020)
Manzoor, E., Milajerdi, S., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: Proceedings of 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), pp. 1035–1044 (2016)
Ghafir, I., Hammoudeh, M., Prenosil, V., et al.: Detection of advanced persistent threat using machine-learning correlation analysis. Future Gener. Comput. Syst. 89(12), 349–359 (2018)
Roschke, S., Cheng, F., Meinel, C.: A new alert correlation algorithm based on attack graph. CISIS 6694(11), 58–67 (2017)
Mach, P., Becvar, Z.: Mobile edge computing: a survey on architecture and computation offloading. IEEE Commun. Surv. Tutor. 19(3), 1628–1656 (2017)
Yu, S.: Big privacy: challenges and opportunities of privacy study in the age of big data. IEEE Access 4, 2751–2763 (2016)
Zhang, J., Zhao, Y., Wang, J., Chen, B.: FedMEC: improving efficiency of differentially private federated learning via mobile edge computing. Mob. Netw. Appl. 1–13 (2020). https://doi.org/10.1007/s11036-020-01586-4
Smith, V., Chiang, C.-K., Sanjabi, M., Talwalkar, A.S.: Federated multi-task learning. In: Proceedings of 32nd Annual Conference on Neural Information Processing Systems (NIPS), pp. 4427–4437 (2017)
Zhang, J., Zhao, Y., Wu, J., Chen, B.: LPDA-EC: a lightweight privacy-preserving data aggregation scheme for edge computing. In: Proceedings of 15th International Conference on Mobile Ad Hoc and Sensor Systems, pp. 98–106 (2018)
Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. 10(2), 1–19 (2019)
Zhang, J., Chen, B., Yu, S., Deng, H.: PEFL: a privacy-enhanced federated learning scheme for big data analytics. In: Proceedings of 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6 (2019)
Berlin, K., Slater, D., Saxe, J.: Malicious behavior detection using windows audit logs. In: Proceedings of 8th ACM Workshop on Artificial Intelligence and Security, pp. 35–44 (2015)
Alshamrani, A., Myneni, S., Chowdhary, A., Huang, D.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Communi. Surv. Tutor. 21(2), 1851–1877 (2019)
Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., Chandra, V.: Federated learning with non-IID data. https://arxiv.org/abs/1806.00582 (2018)
Zhang, J., Zhao, Y., Wu, J., Chen, B.: LVPDA: a lightweight and verifiable privacy-preserving data aggregation scheme for edge-enabled IoT. IEEE Internet of Things J. 7(5), 4016–4027 (2020)
Bhowmick, A., Duchi, J., Freudiger, J., Kapoor, G., Rogers, R.: Protection against reconstruction and its applications in private federated learning. https://arxiv.org/abs/1812.00984v1 (2018)
Ahmed, A,T., Md, S.M., Anazida, Z., et al.: Feature selection using information gain for improved structural-based alert correlation. PLoS ONE. 11(12), e0166017 (2016)
Lecun, Y., Bottou, L.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)
Wang, W., Sheng, Y., Wang, J., Zeng, X., Huang, Y., Zhu, M.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2017)
Acknowledgment
This work was supported in part by the National Key Research and Development Program of China under Grant 2017YFB0802303, in part by the National Natural Science Foundation of China under Grant 61672283 and Grant 61602238, in part by the Natural Science Foundation of Jiangsu Province under Grant BK20160805, and in part by the Postgraduate Research & Practice Innovation Program of Jiangsu Province under Grant KYCX18_0308.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Li, Z., Chen, J., Zhang, J., Cheng, X., Chen, B. (2020). Detecting Advanced Persistent Threat in Edge Computing via Federated Learning. In: Yu, S., Mueller, P., Qian, J. (eds) Security and Privacy in Digital Economy. SPDE 2020. Communications in Computer and Information Science, vol 1268. Springer, Singapore. https://doi.org/10.1007/978-981-15-9129-7_36
Download citation
DOI: https://doi.org/10.1007/978-981-15-9129-7_36
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-9128-0
Online ISBN: 978-981-15-9129-7
eBook Packages: Computer ScienceComputer Science (R0)