A Federated Intrusion Detection Approach for SOC-Centered APT Defense Systems
원문정보
초록
- Advanced Persistent Threats (APTs) represent a major headache for Security Operations Centers (SOCs) of the 21st century. Apart from being able to withstand constant monitoring, detection, and response, APTs are also extremely sophisticated and stealthy in nature. Centralized Intrusion Detection Systems (IDS), which are of a traditional nature, are usually not capable of providing adaptive, privacy-preserving, and collaborative detection functionalities across distributed networks. In this paper, a Federated Intrusion Detection Framework (FIDF), which uses Federated Learning (FL) to allow multiple SOC nodes to jointly train a smart detection model without the need to share raw data, is introduced. Local IDS agents, a central SOC aggregator, and a secure threat intelligence exchange mechanism are components of the system. The experimental performance is successful in showing that the detection accuracy is improved, the false positives are reduced, and the response time is enhanced for APT defense. The presented framework is a step toward federated solutions for the creation of a cybersecurity ecosystem that is scalable, privacy-aware, and resilient and is suitable for national defense infrastructures.
목차
Abstract
I. Introduction
II. Literature Review
III. Methodology
IV. Results
A. Quantitative Performance Analysis
B. Detection Efficiency and Latency Trade-off
C. APT Detection Capability
V. Conclusion
VI. References
저자
간행물 정보
-
- 간행물
- 한국차세대컴퓨팅학회 학술대회
- 간기
- 반년간
- 수록기간
- 2021~2025
- 십진분류
- KDC 566 DDC 004