TY - GEN
T1 - Rapid APT Detection in Resource-Constrained IoT Devices Using Global Vision Federated Learning (GV-FL)
AU - Zhu, Han
AU - Wang, Huibin
AU - Lam, Chan Tong
AU - Hu, Liyazhou
AU - Ng, Benjamin K.
AU - Fang, Kai
N1 - Publisher Copyright:
© 2024, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
PY - 2024
Y1 - 2024
N2 - Security and privacy are critical concerns in cyberspace due to the inherent vulnerability of Internet of Things (IoT) systems. In particular, Advanced Persistent Threat (APT) has become one of the most severe security threats in cyberspace. Therefore, how to breach the limitation of traditional network security detection techniques focusing on specific attack patterns has attracted widespread attention. To cope with APT attacks, this article proposes a new approach, Global Vision Federated Learning (GV-FL), which utilizes FL for accurate and efficient APT detection in resource-constrained IoT devices. Specifically, the proposed method implements the identification of APT attacks based on the FL framework, which leverages FL for distributed, privacy-preserving learning of the network. Considering the advanced and persistent nature of APT, the local model of each IoT device is aggregated into a global model for fast detection of APT in resource-limited devices. In addition, the proposed GV-FL approach is comprehensively compared with existing detection methods. Experimental results show that the GV-FL approach not only outperforms existing detection methods in terms of detection accuracy and speed but also significantly reduces resource consumption, thus the GV-FL approach is a promising APT detection approach in the IoT domain.
AB - Security and privacy are critical concerns in cyberspace due to the inherent vulnerability of Internet of Things (IoT) systems. In particular, Advanced Persistent Threat (APT) has become one of the most severe security threats in cyberspace. Therefore, how to breach the limitation of traditional network security detection techniques focusing on specific attack patterns has attracted widespread attention. To cope with APT attacks, this article proposes a new approach, Global Vision Federated Learning (GV-FL), which utilizes FL for accurate and efficient APT detection in resource-constrained IoT devices. Specifically, the proposed method implements the identification of APT attacks based on the FL framework, which leverages FL for distributed, privacy-preserving learning of the network. Considering the advanced and persistent nature of APT, the local model of each IoT device is aggregated into a global model for fast detection of APT in resource-limited devices. In addition, the proposed GV-FL approach is comprehensively compared with existing detection methods. Experimental results show that the GV-FL approach not only outperforms existing detection methods in terms of detection accuracy and speed but also significantly reduces resource consumption, thus the GV-FL approach is a promising APT detection approach in the IoT domain.
KW - Advanced persistent threat detection
KW - Global vision federated learning
KW - Internet of things
KW - Resource constrained devices
UR - http://www.scopus.com/inward/record.url?scp=85178585117&partnerID=8YFLogxK
U2 - 10.1007/978-981-99-8126-7_44
DO - 10.1007/978-981-99-8126-7_44
M3 - Conference contribution
AN - SCOPUS:85178585117
SN - 9789819981250
T3 - Communications in Computer and Information Science
SP - 568
EP - 581
BT - Neural Information Processing - 30th International Conference, ICONIP 2023, Proceedings
A2 - Luo, Biao
A2 - Cheng, Long
A2 - Wu, Zheng-Guang
A2 - Li, Hongyi
A2 - Li, Chaojie
PB - Springer Science and Business Media Deutschland GmbH
T2 - 30th International Conference on Neural Information Processing, ICONIP 2023
Y2 - 20 November 2023 through 23 November 2023
ER -