Predicting Advanced Persistent Threats for IoT Systems Based on Federated Learning

Abstract

AbstractWith the Internet of Things (IoT) experiencing an accelerating evolution, the IoT devices are widely implemented both in the industrial system and daily life. The IoT system has characteristics of lack of update, longer lifetimes, and delayed patching, making it suffer from diverse attacks especially the Advanced Persistent Threats (APTs). Various detection technologies that emerged, however, are far from satisfied the need for effective security defense for IoT systems against APT campaigns. Therefore, we propose an APT Prediction Method based on Federated Learning (APTPMFL) deployed on the edge computing infrastructure to predict the probability of subsequent APT attacks that occur in IoT scenarios. It is the first approach to apply a federated learning mechanism for aggregating suspicious activities in the IoT systems to train the APT prediction model without correlation rules. We present an edge computing-based framework to train and deploy the model which can alleviate the computing and communication overhead of the typical IoT systems. The sophisticated evolution processes of APT can be modeled by federated learning meanwhile the private data will not leakage to other organizations. Our evaluation results show that APTPMFL is capable of predicting subsequent APT behaviors in the IoT system accurately and efficiently.KeywordsAPTFederated learningAttack predictionIoTEdge computing