Federated Learning For Cyber Security: SOC Collaboration For Malicious URL Detection

Khramtsova, Ekaterina; Hammerschmidt, Christian; Lagraa, Sofiane; State, Radu

Reference : Federated Learning For Cyber Security: SOC Collaboration For Malicious URL Detection


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a journal
	Discipline(s) :	Engineering, computing & technology : Computer science
	To cite this reference:	http://hdl.handle.net/10993/44927

Title :	Federated Learning For Cyber Security: SOC Collaboration For Malicious URL Detection
Language :	English
Author, co-author :	Khramtsova, Ekaterina []
	Hammerschmidt, Christian []
	Lagraa, Sofiane [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN >]
	State, Radu [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > SEDAN >]
Publication date :	2020
Journal title :	IEEE International Conference on Distributed Computing Systems (ICDCS)
Peer reviewed :	Yes
Event name :	International Workshop on Network Meets Intelligent Computations (NMIC)
Event date :	from 29-11-2020 to 01-12-2020
Keywords :	[en] cyber-security ; federated-learning ; machine- learning
Abstract :	[en] Managed security service providers increasingly rely on machine-learning methods to exceed traditional, signature- based threat detection and classification methods. As machine- learning often improves with more data available, smaller orga- nizations and clients find themselves at a disadvantage: Without the ability to share their data and others willing to collaborate, their machine-learned threat detection will perform worse than the same model in a larger organization. We show that Feder- ated Learning, i.e. collaborative learning without data sharing, successfully helps to overcome this problem. Our experiments focus on a common task in cyber security, the detection of unwanted URLs in network traffic seen by security-as-a-service providers. Our experiments show that i) Smaller participants benefit from larger participants ii) Participants seeing different types of malicious traffic can generalize better to unseen types of attacks, increasing performance by 8% to 15% on average, and up to 27% in the extreme case. iii) Participating in Federated training never harms the performance of the locally trained model. In our experiment modeling a security-as-a service setting, Federated Learning increased detection up to 30% for some participants in the scheme. This clearly shows that Federated Learning is a viable approach to address issues of data sharing in common cyber security settings.
Target :	Researchers ; Professionals ; Students ; General public ; Others
Permalink :	http://hdl.handle.net/10993/44927

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	PID6431211.pdf		Publisher postprint	956.77 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices