Cyber threat hunting using unsupervised federated learning and adversary emulation

被引:0
|
作者
Sheikhi, Saeid [1 ]
Kostakos, Panos [1 ]
机构
[1] Univ Oulu, Fac Informat Technol & Elect Engn, Ctr Ubiquitous Comp, Oulu, Finland
来源
2023 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR | 2023年
基金
芬兰科学院;
关键词
Threat hunting; Cyber threats; Threat actors; Federated learning; adversary emulation;
D O I
10.1109/CSR57506.2023.10224990
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The rapid growth of communication networks, coupled with the increasing complexity of cyber threats, necessitates the implementation of proactive measures to protect networks and systems. In this study, we introduce a federated learning-based approach for cyber threat hunting at the endpoint level. The proposed method utilizes the collective intelligence of multiple devices to effectively and confidentially detect attacks on individual machines. A security assessment tool is also developed to emulate the behavior of adversary groups and Advanced Persistent Threat (APT) actors in the network. This tool provides network security experts with the ability to assess their network environment's resilience and aids in generating authentic data derived from diverse threats for use in subsequent stages of the federated learning (FL) model. The results of the experiments demonstrate that the proposed model effectively detects cyber threats on the devices while safeguarding privacy.
引用
收藏
页码:315 / 320
页数:6
相关论文
共 50 条
  • [31] Analysis of adversary activities using cloud-based web services to enhance cyber threat intelligence
    Al-Mohannadi, Hamad
    Awan, Irfan
    Al Hamar, Jassim
    SERVICE ORIENTED COMPUTING AND APPLICATIONS, 2020, 14 (03) : 175 - 187
  • [32] Cyber threat assessment via attack scenario simulation using an integrated adversary and network modeling approach
    Moskal, Stephen
    Yang, Shanchieh Jay
    Kuhl, Michael E.
    JOURNAL OF DEFENSE MODELING AND SIMULATION-APPLICATIONS METHODOLOGY TECHNOLOGY-JDMS, 2018, 15 (01): : 13 - 29
  • [33] Cyber security for federated learning environment using AI technique
    Alyamani, Hasan J.
    EXPERT SYSTEMS, 2023, 40 (05)
  • [34] Analysis of adversary activities using cloud-based web services to enhance cyber threat intelligence
    Hamad Al-Mohannadi
    Irfan Awan
    Jassim Al Hamar
    Service Oriented Computing and Applications, 2020, 14 : 175 - 187
  • [35] Modelling Indicators of Behaviour for Cyber Threat Hunting via Sysmon
    Chetwyn, Robert
    Eian, Martin
    Josang, Audun
    PROCEEDINGS OF THE 2024 EUROPEAN INTERDISCIPLINARY CYBERSECURITY CONFERENCE, EICC 2024, 2024, : 95 - 104
  • [36] Cyber Threat Hunting: A Cognitive Endpoint Behavior Analytic System
    Khan M.S.
    Richard R.
    Molyneaux H.
    Cote-Martel D.
    Elango H.J.K.
    Livingstone S.
    Gaudet M.
    Trask D.
    International Journal of Cognitive Informatics and Natural Intelligence, 2021, 15 (04)
  • [37] XFedGraph-Hunter: An Interpretable Federated Learning Framework for Hunting Advanced Persistent Threat in Provenance Graph
    Ngo Duc Hoang Son
    Huynh Thai Thi
    Phan The Duy
    Van-Hau Pham
    INFORMATION SECURITY PRACTICE AND EXPERIENCE, ISPEC 2023, 2023, 14341 : 546 - 561
  • [38] Evidential classification and feature selection for cyber-threat hunting
    Beechey, Matthew
    Kyriakopoulos, Konstantinos G.
    Lambotharan, Sangarapillai
    KNOWLEDGE-BASED SYSTEMS, 2021, 226
  • [39] Unsupervised Federated Learning for Unbalanced Data
    Servetnyk, Mykola
    Fung, Carrson C.
    Han, Zhu
    2020 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM), 2020,
  • [40] Towards Federated Unsupervised Representation Learning
    van Berlo, Bram
    Saeed, Aaqib
    Ozcelebi, Tanir
    PROCEEDINGS OF THE THIRD ACM INTERNATIONAL WORKSHOP ON EDGE SYSTEMS, ANALYTICS AND NETWORKING (EDGESYS'20), 2020, : 31 - 36