Author ORCID Identifier

Ehsan Hallaji : https://orcid.org/0000-0002-9956-4003

Mehrdad Saif : https://orcid.org/0000-0002-7587-4189

Document Type

Article

Publication Date

10-1-2024

Publication Title

Applied Sciences

Volume

14

Issue

19

Keywords

Federated learning, advanced persistent threats, robust aggregation, cyber security, malware triage

Abstract

Malware triage is essential for the security of cyber-physical systems, particularly against Advanced Persistent Threats (APTs). Proper data for this task, however, are hard to come by, as organizations are often reluctant to share their network data due to security concerns. To tackle this issue, this paper presents a secure and distributed framework for the collaborative training of a global model for APT triage without compromising privacy. Using this framework, organizations can share knowledge of APTs without disclosing private data. Moreover, the proposed design employs robust aggregation protocols to safeguard the global model against potential adversaries. The proposed framework is evaluated using real-world data with 15 different APT mechanisms. To make the simulations more challenging, we assume that edge nodes have partial knowledge of APTs. The obtained results demonstrate that participants in the proposed framework can privately share their knowledge, resulting in a robust global model that accurately detects APTs with significant improvement across different model architectures. Under optimal conditions, the designed framework detects almost all APT scenarios with an accuracy of over 90 percent.

DOI

https://doi.org/10.3390/app14198840

ISSN

2076-3417

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Download

Share

COinS