Abstract

Driven by the advancements in 5G-enabled Internet of Things (IoT) technologies, the IoT devices have shown an explosive growth trend with massive data generated at the edge of the network. However, IoT systems exhibit inherent vulnerability for diverse attacks, and Advanced Persistent Threat (APT) is one of the most powerful attack models that could lead to a significant privacy leakage of systems. Moreover, recent detection technologies can hardly meet the demands of effective security defense against APTs. To address the above problems, we propose an APT Prediction Method based on Differentially Private Federated Learning (APTPMFL) to predict the probability of subsequent APT attacks occurring in IoT systems. It is the first time to apply a federated learning mechanism for aggregating suspicious activities in the IoT systems, where the APT prediction phase does not need any correlation rules. Moreover, to achieve privacy-preserving property, we further adopt a differentially private data perturbation mechanism to add the Laplacian random noises to the IoT device training data features, so as to achieve the maximum protection of privacy data. We also present a 5G-enabled edge computing-based framework to train and deploy the model, which can alleviate the computing and communication overhead of the typical IoT systems. Our evaluation results show that APTPMFL can efficiently predict subsequent APT behaviors in the IoT system accurately and efficiently.

Highlights

  • With the continuous development of 5G-enabled IoT technologies, numerous mobile applications have emerged with various requirements in terms of intelligence, latency, and bandwidth [1]

  • To meet the problems above, we proposed an Advanced Persistent reat (APT) Prediction Method based on Differentially Private Federated Learning (APTPMFL) to predict the probability of subsequent APT attacks occurring in IoT scenarios. e contributions we have made are shown as follows: (i) We proposed a novel APT prediction method, named APTPMFL, which utilizes the federated learning framework to aggregate suspicious activities in the IoT systems. e IoT devices can unite with edge servers to train the prediction model locally using system logs, just uploading the parameter updates to the security service cloud

  • We give a general functional model of Cyber Situation Awareness (CSA), as shown in Figure 1. e model includes the cyber situation perception phase, cyber situation comprehension phase, and cyber situation projection phase. e functions of each phase are briefly summarized as follows: (i) e function of cyber situation perception is to identify the activities in the system, that is, reduce the noise of the raw data generated by security equipment and information management system to get the valid information and analyze the correlation of them to identify the objects in the system

Read more

Summary

Introduction

With the continuous development of 5G-enabled IoT technologies, numerous mobile applications have emerged with various requirements in terms of intelligence, latency, and bandwidth [1]. Security and Communication Networks paper, we aim to propose an effective and robust cyber situation comprehension method to predict the probability of subsequent APT attacks occurrence after recognizing APT attacks in the 5G-enabled IoT system. To meet the problems above, we proposed an APT Prediction Method based on Differentially Private Federated Learning (APTPMFL) to predict the probability of subsequent APT attacks occurring in IoT scenarios. (i) We proposed a novel APT prediction method, named APTPMFL, which utilizes the federated learning framework to aggregate suspicious activities in the IoT systems.

Background and Related Work
APT Prediction for IoT Systems
APTPMFL Design
Experimental Evaluation
Datasets and Experimental Setup
Evaluation of APTPMFL
Conclusions
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call