Reference : Federated Learning For Cyber Security: SOC Collaboration For Malicious URL Detection
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/44927
Federated Learning For Cyber Security: SOC Collaboration For Malicious URL Detection
English
Khramtsova, Ekaterina mailto []
Hammerschmidt, Christian mailto []
Lagraa, Sofiane mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN >]
State, Radu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN >]
2020
IEEE International Conference on Distributed Computing Systems (ICDCS)
Yes
International Workshop on Network Meets Intelligent Computations (NMIC)
from 29-11-2020 to 01-12-2020
[en] cyber-security ; federated-learning ; machine- learning
[en] Managed security service providers increasingly rely
on machine-learning methods to exceed traditional, signature-
based threat detection and classification methods. As machine-
learning often improves with more data available, smaller orga-
nizations and clients find themselves at a disadvantage: Without
the ability to share their data and others willing to collaborate,
their machine-learned threat detection will perform worse than
the same model in a larger organization. We show that Feder-
ated Learning, i.e. collaborative learning without data sharing,
successfully helps to overcome this problem. Our experiments
focus on a common task in cyber security, the detection of
unwanted URLs in network traffic seen by security-as-a-service
providers. Our experiments show that i) Smaller participants
benefit from larger participants ii) Participants seeing different
types of malicious traffic can generalize better to unseen types of
attacks, increasing performance by 8% to 15% on average, and
up to 27% in the extreme case. iii) Participating in Federated
training never harms the performance of the locally trained
model. In our experiment modeling a security-as-a service setting,
Federated Learning increased detection up to 30% for some
participants in the scheme. This clearly shows that Federated
Learning is a viable approach to address issues of data sharing
in common cyber security settings.
Researchers ; Professionals ; Students ; General public ; Others
http://hdl.handle.net/10993/44927

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
PID6431211.pdfPublisher postprint956.77 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.