Skip to main content
SpringerLink
Log in

Detecting Advanced Persistent Threat in Edge Computing via Federated Learning

  • Conference paper
  • First Online:
Security and Privacy in Digital Economy (SPDE 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1268))

Included in the following conference series:

Abstract

Advanced Persistent Threat (APT) is one of the most menacing and stealthy multiple-steps attacks in the context of information systems and IoT-related applications. Recently, with increasing losses to organizations caused by APT, its detection has attracted more attention in both academia and industry. However, conventional attack detection methods cannot be used to defense APT ideally for the following reasons: 1) misuse-based mechanisms require too much expert knowledge of APT attacks; 2) anomaly-based strategies lead to many false positives; 3) machine learning-based solutions lack training dataset that describes APT patterns. Thus, we propose a novel detection system in edge computing systems based on federated learning, named FLAPT, to detect APT attacks. The federated model can learn various APT attack patterns by maintaining a global model across multiple clients. The experimental results demonstrate that our proposed system can detect various attacks including real-life APT campaigns with high detection accuracy and low false alarm rate.

Supported in part by the National Key R&D Program of China, under Grant 2019YFB2102000, in part by the National Natural Science Foundation of China, under Grant 61672283, and in part by the Postgraduate Research & Practice Innovation Program of Jiangsu Province under Grant KYCX18_0308.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Milajerdi, S.M., Gjomemo, R., Eshete, B., et al.: Holmes: real-time apt detection through correlation of suspicious information flows. In: Proceedings of 2019 IEEE Symposium on Security and Privacy (SP), pp. 1137–1152 (2018)

    Google Scholar 

  2. Qu, Y., Yu, S., Peng, S., Wang, G., Xiao, K.: Privacy of things: emerging challenges and opportunities in wireless Internet of Things. IEEE Wireless Commun. 25(6), 91–97 (2018)

    Article  Google Scholar 

  3. Milajerdi, S.M., Eshete, B., Gjomemo, R., et al.: Poirot: aligning attack behavior with kernel audit records for cyber threat hunting. In Proceedings of 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), pp. 1795–1812 (2019)

    Google Scholar 

  4. Xiao, L., Xu, D., Xie, C., Mandayam, N.B., Vincent, P.H.: Cloud storage defense against advanced persistent threats: a prospect theoretic study. IEEE J. Sel. Areas Commun. 18(1), 99–109 (2017)

    Google Scholar 

  5. Cheng, X., Zhang, J., Chen, B.: Cyber situation comprehension for IoT systems based on apt alerts and logs correlation. Sensors 19(18), 4045–4064 (2019)

    Article  Google Scholar 

  6. Zhang, J., Ling, Y., Fu, X., et al.: Model of the intrusion detection system based on the integration of spatial-temporal features. Comput. Secur. 89(2), 1–9 (2020)

    Google Scholar 

  7. Manzoor, E., Milajerdi, S., Akoglu, L.: Fast memory-efficient anomaly detection in streaming heterogeneous graphs. In: Proceedings of 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), pp. 1035–1044 (2016)

    Google Scholar 

  8. Ghafir, I., Hammoudeh, M., Prenosil, V., et al.: Detection of advanced persistent threat using machine-learning correlation analysis. Future Gener. Comput. Syst. 89(12), 349–359 (2018)

    Article  Google Scholar 

  9. Roschke, S., Cheng, F., Meinel, C.: A new alert correlation algorithm based on attack graph. CISIS 6694(11), 58–67 (2017)

    Google Scholar 

  10. Mach, P., Becvar, Z.: Mobile edge computing: a survey on architecture and computation offloading. IEEE Commun. Surv. Tutor. 19(3), 1628–1656 (2017)

    Article  Google Scholar 

  11. Yu, S.: Big privacy: challenges and opportunities of privacy study in the age of big data. IEEE Access 4, 2751–2763 (2016)

    Article  Google Scholar 

  12. Zhang, J., Zhao, Y., Wang, J., Chen, B.: FedMEC: improving efficiency of differentially private federated learning via mobile edge computing. Mob. Netw. Appl. 1–13 (2020). https://doi.org/10.1007/s11036-020-01586-4

  13. Smith, V., Chiang, C.-K., Sanjabi, M., Talwalkar, A.S.: Federated multi-task learning. In: Proceedings of 32nd Annual Conference on Neural Information Processing Systems (NIPS), pp. 4427–4437 (2017)

    Google Scholar 

  14. Zhang, J., Zhao, Y., Wu, J., Chen, B.: LPDA-EC: a lightweight privacy-preserving data aggregation scheme for edge computing. In: Proceedings of 15th International Conference on Mobile Ad Hoc and Sensor Systems, pp. 98–106 (2018)

    Google Scholar 

  15. Yang, Q., Liu, Y., Chen, T., Tong, Y.: Federated machine learning: concept and applications. ACM Trans. Intell. Syst. Technol. 10(2), 1–19 (2019)

    Article  Google Scholar 

  16. Zhang, J., Chen, B., Yu, S., Deng, H.: PEFL: a privacy-enhanced federated learning scheme for big data analytics. In: Proceedings of 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6 (2019)

    Google Scholar 

  17. Berlin, K., Slater, D., Saxe, J.: Malicious behavior detection using windows audit logs. In: Proceedings of 8th ACM Workshop on Artificial Intelligence and Security, pp. 35–44 (2015)

    Google Scholar 

  18. Alshamrani, A., Myneni, S., Chowdhary, A., Huang, D.: A survey on advanced persistent threats: techniques, solutions, challenges, and research opportunities. IEEE Communi. Surv. Tutor. 21(2), 1851–1877 (2019)

    Article  Google Scholar 

  19. Zhao, Y., Li, M., Lai, L., Suda, N., Civin, D., Chandra, V.: Federated learning with non-IID data. https://arxiv.org/abs/1806.00582 (2018)

  20. Zhang, J., Zhao, Y., Wu, J., Chen, B.: LVPDA: a lightweight and verifiable privacy-preserving data aggregation scheme for edge-enabled IoT. IEEE Internet of Things J. 7(5), 4016–4027 (2020)

    Article  Google Scholar 

  21. Bhowmick, A., Duchi, J., Freudiger, J., Kapoor, G., Rogers, R.: Protection against reconstruction and its applications in private federated learning. https://arxiv.org/abs/1812.00984v1 (2018)

  22. Ahmed, A,T., Md, S.M., Anazida, Z., et al.: Feature selection using information gain for improved structural-based alert correlation. PLoS ONE. 11(12), e0166017 (2016)

    Google Scholar 

  23. Lecun, Y., Bottou, L.: Gradient-based learning applied to document recognition. Proc. IEEE 86(11), 2278–2324 (1998)

    Article  Google Scholar 

  24. Wang, W., Sheng, Y., Wang, J., Zeng, X., Huang, Y., Zhu, M.: HAST-IDS: learning hierarchical spatial-temporal features using deep neural networks to improve intrusion detection. IEEE Access 6, 1792–1806 (2017)

    Article  Google Scholar 

Download references

Acknowledgment

This work was supported in part by the National Key Research and Development Program of China under Grant 2017YFB0802303, in part by the National Natural Science Foundation of China under Grant 61672283 and Grant 61602238, in part by the Natural Science Foundation of Jiangsu Province under Grant BK20160805, and in part by the Postgraduate Research & Practice Innovation Program of Jiangsu Province under Grant KYCX18_0308.

Author information

Authors and Affiliations

  1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, 211106, China

    Zitong Li, Jiale Chen, Jiale Zhang, Xiang Cheng & Bing Chen

Authors
  1. Zitong Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiale Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiale Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xiang Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bing Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bing Chen .

Editor information

Editors and Affiliations

  1. University of Technology Sydney, Sydney, NSW, Australia

    Shui Yu

  2. IBM Zurich Research Laboratory, Zurich, Switzerland

    Peter Mueller

  3. Ningbo University, Ningbo, China

    Jiangbo Qian

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Z., Chen, J., Zhang, J., Cheng, X., Chen, B. (2020). Detecting Advanced Persistent Threat in Edge Computing via Federated Learning. In: Yu, S., Mueller, P., Qian, J. (eds) Security and Privacy in Digital Economy. SPDE 2020. Communications in Computer and Information Science, vol 1268. Springer, Singapore. https://doi.org/10.1007/978-981-15-9129-7_36

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-9129-7_36

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-9128-0

  • Online ISBN: 978-981-15-9129-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation