Digital Forensics and Cyber Crime. 14th EAI International Conference, ICDF2C 2023, New York City, NY, USA, November 30, 2023, Proceedings, Part I

Research Article

DEML: Data-Enhanced Meta-Learning Method for IoT APT Traffic Detection

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-031-56580-9_13,
    author={Jia Hu and Weina Niu and Qingjun Yuan and Lingfeng Yao and Junpeng He and Yanfeng Zhang and Xiaosong Zhang},
    title={DEML: Data-Enhanced Meta-Learning Method for IoT APT Traffic Detection},
    proceedings={Digital Forensics and Cyber Crime. 14th EAI International Conference, ICDF2C 2023, New York City, NY, USA, November 30, 2023, Proceedings, Part I},
    proceedings_a={ICDF2C},
    year={2024},
    month={4},
    keywords={IoT Security APT traffic detection Meta-learning Generating adversarial networks},
    doi={10.1007/978-3-031-56580-9_13}
}
  • Jia Hu
    Weina Niu
    Qingjun Yuan
    Lingfeng Yao
    Junpeng He
    Yanfeng Zhang
    Xiaosong Zhang
    Year: 2024
    DEML: Data-Enhanced Meta-Learning Method for IoT APT Traffic Detection
    ICDF2C
    Springer
    DOI: 10.1007/978-3-031-56580-9_13
Jia Hu1, Weina Niu1,*, Qingjun Yuan2, Lingfeng Yao1, Junpeng He1, Yanfeng Zhang3, Xiaosong Zhang1
  • 1: School of Computer Science and Engineering, Insitute for Cyber Security, University of Electronic Science and Technology of China (UESTC)
  • 2: Henan Key Laboratory of Network Cryptography Technology, and Key Laboratory of Cyberspace Security, Ministry of Education
  • 3: Sichuan Police College, Intelligent Policing Key Laboratory of Sichuan Province
*Contact email: niuweina1@126.com

Abstract

Advanced Persistent Threat (APT) is one of the most representative attacks that pose significant challenges to Internet of Things (IoT) security due to its stealthiness, dynamism, and adaptability. To detect IoT APT, machine learning-based methods are proposed to extract traffic features and mine attack semantics automatically. However, IoT APT traffic sample in actual scenarios is unbalanced and scarce, which affects the detection performance of existing methods. To resolve these challenges, we propose a data-enhanced meta-learning (DEML) method for detecting IoT APT traffic in this paper. Specifically, DEML uses non-functional feature-based generative adversarial network (NFGAN) to extend IoT APT traffic samples. DEML also uses a meta-learning model to further enhance the learning ability to IoT APT samples (including newly generated and original IoT APT traffic samples). We conduct experiments on a hybrid dataset where benign traffic comes from IoT-23 and APT traffic comes from Contagio. Experimental results show that our method outperforms the existing data enhancement methods. In addition, DEML achieves a detection accuracy of 99.35%, which is better than the baseline models in IoT APT traffic detection.

Keywords
IoT Security APT traffic detection Meta-learning Generating adversarial networks
Published
2024-04-03
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-031-56580-9_13
Copyright © 2023–2025 ICST
EAI Logo

About EAI

Community

Publish with EAI