Enhancing Advanced Persistent Threat Detection with Federated Learning and Neural Networks for Secure Cloud Computer Environment
Article Sidebar
Main Article Content
Abstract
Rapid internet expansion and global cloud storage use have heightened the risk of stealthy, persistent, multi-stage Advanced Persistent Threats (APTs). Distributed and resource-limited cloud environments make identifying these stealthy and dynamic threats difficult for traditional Intrusion Detection Systems (IDSs). This paper present FedNN-APT, a Federated Learning (FL) and hybrid Neural Network (NN) APT detection system to overcome these difficulties. High detection accuracy and distributed, privacy-preserving training over several cloud devices are achieved by this approach. FedNN-APT integrates Gated Recurrent Units (GRUs) and Convolutional Neural Networks (CNNs) to learn temporal and spatial APT behavior features effectively. The framework trains local models on partitioned datasets using GRU-CNN, 1D-CNN, and GRU-Recurrent Neural Network (RNN) models, then selects the optimal model for federated aggregation. The final global model is collaboratively built while preserving data confidentiality. The system is evaluated using an APT Malware dataset consisting of 11,107 samples. Experimental findings reveal that the hybrid GRU-CNN model outperforms other models with an average accuracy of 0.9977, precision of 0.9989, recall of 1.00, and F1-score of 0.9988. The federated model has 0.99global accuracy across four clients. A comparative evaluation with current APT detection systems underscores the superiority of FedNN-APT, especially regarding detection accuracy and flexibility in resource-limited environments. Finally, in this paper introduced FedNN-APT, an advanced approach that combines federated learning and neural networks for the detection of APT attacks while enhancing data privacy via a cloud environment and the findings indicate that incorporating deep learning models into a federated learning framework offers a promising direction for future study in safe and scalable threat detection in cloud systems.
Article Details
Issue
Section
This work is licensed under a Creative Commons Attribution 4.0 International License.
How to Cite
References
[1] K. Hashizume, D. G. Rosado, E. Fernández-Medina, and E. B. Fernandez, “An analysis of security issues for cloud computing,” J. Internet Serv. Appl., vol. 4, no. 1, pp. 1–13, 2013, doi: 10.1186/1869-0238-4-5.
[2] Z. T. M. Al-Ta’i and S. M. Sadoon, “Visual cryptography based on chaotic logistic map in multi-cloud,” in AIP Conf. Proc., vol. 3097, no. 1, 2024, doi: 10.1063/5.0209467.
[3] L. Ge, L. Wang, and L. Xu, “An APT trojans detection method for cloud computing based on memory analysis and FCM,” in 2016 3rd International Conference on Information Science and Control Engineering (ICISCE), 2016, pp. 179–183, https://doi.org/10.1109/ICISCE.2016.48.
[4] G. Shenderovitz and N. Nissim, “Bon-APT: Detection, attribution, and explainability of APT malware using temporal segmentation of API calls,” Comput. Secur., vol. 142, p. 103862, 2024.
[5] J. Zhang, S. Liu, and Z. Liu, “Attribution classification method of APT malware based on multi-feature fusion,” PLoS One, vol. 19, no. 6, p. e0304066, 2024, https://doi.org/10.1016/j.cose.2024.103862.
[6] C. Do Xuan, D. T. Huong, and D. Duong, “New approach for APT malware detection on the workstation based on process profile,” J. Intell. Fuzzy Syst., vol. 43, no. 4, pp. 4815–4834, 2022, https://doi.org/10.3233/JIFS-212880.
[7] Y. Wang, H. Liu, Z. Li, Z. Su, and J. Li, “Combating Advanced Persistent Threats: Challenges and Solutions,” IEEE Netw., vol. 38, no. 2, pp. 1–9, 2024, doi: 10.1109/MNET.2024.3389734.
[8] S. Li, Q. Zhang, X. Wu, W. Han, and Z. Tian, “Attribution classification method of APT malware in IoT using machine learning techniques,” Secur. Commun. Netw., vol. 2021, no. 1, p. 9396141, 2021, doi: 10.1155/2021/9396141.
[9] X. Cheng, Q. Luo, Y. Pan, Z. Li, J. Zhang, and B. Chen, “Predicting the APT for Cyber Situation Comprehension in 5G‐Enabled IoT Scenarios Based on Differentially Private Federated Learning,” Secur. Commun. Netw., vol. 2021, no. 1, p. 8814068, 2021, https://doi.org/10.1155/2021/8814068.
[10] H. T. Thi, N. D. H. Son, P. T. Duy, and V.-H. Pham, “Federated learning-based cyber threat hunting for apt attack detection in SDN-enabled networks,” in 2022 21st International Symposium on Communications and Information Technologies (ISCIT), 2022, pp. 1–6, https://doi.org/10.1109/ISCIT55906.2022.9931222.
[11] H. K. Alkhpor and F. M. Alserhani, “Collaborative federated learning-based model for alert correlation and attack scenario recognition,” Electronics, vol. 12, no. 21, p. 4509, 2023, https://doi.org/10.3390/electronics12214509.
[12] H. Zhu, H. Wang, C.-T. Lam, L. Hu, B. K. Ng, and K. Fang, “Rapid APT detection in resource-constrained IoT devices using global vision federated learning (GV-FL),” in Proc. Int. Conf. Neural Inf. Process. (ICONIP), 2023, pp. 568–581, https://doi.org/10.1007/978-981-99-8126-7_44.
[13] F. J. Abdullayeva, “Advanced persistent threat attack detection method in cloud computing based on autoencoder and softmax regression algorithm,” Array, vol. 10, p. 100067, 2021, https://doi.org/10.1016/j.array.2021.100067.
[14] C. Do Xuan and M. H. Dao, “A novel approach for APT attack detection based on combined deep learning model,” Neural Comput. Appl., vol. 33, no. 20, pp. 13251–13264, 2021, https://doi.org/10.1007/s00521-021-05952-5.
[15] M. Mamun and K. Shi, “DeepTaskAPT: insider apt detection using task-tree based deep learning,” in 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2021, pp. 693–700, https://doi.org/10.1109/TrustCom53373.2021.00102.
[16] G. Xiang, C. Shi, and Y. Zhang, “An APT event extraction method based on BERT-BiGRU-CRF for APT attack detection,” Electronics, vol. 12, no. 15, p. 3349, 2023, https://doi.org/10.3390/electronics12153349.
[17] W. Ren et al., “APT attack detection based on graph convolutional neural networks,” Int. J. Comput. Intell. Syst., vol. 16, no. 1, p. 184, 2023, https://doi.org/10.1007/s44196-023-00369-5.
[18] C. Do Xuan and N. H. Cuong, “A novel approach for APT attack detection based on feature intelligent extraction and representation learning,” PLoS One, vol. 19, no. 6, p. e0305618, 2024, https://doi.org/10.1371/journal.pone.0305618.
[19] H. Li, C. Yang, B. Zha, L. Liu, Z. Zhang, and S. Zhong, “A Real-time APT Attack Detection Scheme Based on Fusion Provenance Graph in Private Clouds,” Proc. - 2024 Int. Conf. Netw. Netw. Appl. NaNA 2024, pp. 490–495, 2024, doi: 10.1109/NaNA63151.2024.00087.
[20] J. S. Lee, Y. Y. Fan, C. H. Cheng, C. J. Chew, and C. W. Kuo, “ML-based intrusion detection system for precise APT cyber-clustering,” Comput. Secur., vol. 149, 2024, doi: 10.1016/j.cose.2024.104209.
[21] J. Chen, X. Lan, Q. Zhang, W. Ma, W. Fang, and J. He, “Defending Against APT Attacks in Cloud Computing Environments Using Grouped Multi-Agent Deep Reinforcement Learning,” IEEE Internet Things J., early access, 2025, doi: 10.1109/JIOT.2025.3542119.
[22] T. Milo and A. Somech, “Automating exploratory data analysis via machine learning: An overview,” in Proc. 2020 ACM SIGMOD Int. Conf. Manage. Data, 2020, pp. 2617–2622, doi: 10.1145/3318464.3383126.