Modern defenses against cyberattacks increasingly rely on proactive approaches, e.g., to predict the adversary's next actions based on past events. Building accurate prediction models requires knowledge from many organizations; alas, this entails disclosing sensitive information, such as network structures, security postures, and policies, which might often be undesirable or outright impossible. In this paper, we explore the feasibility of using Federated Learning (FL) to predict future security events. To this end, we introduce Cerberus, a system enabling collaborative training of Recurrent Neural Network (RNN) models for participating organizations. The intuition is that FL could potentially offer a middle-ground between the non-private approach where the training data is pooled at a central server and the low-utility alternative of only training local models. We instantiate Cerberus on a dataset obtained from a major security company's intrusion prevention product and evaluate it vis-a-vis utility, robustness, and privacy, as well as how participants contribute to and benefit from the system. Overall, our work sheds light on both the positive aspects and the challenges of using FL for this task and paves the way for deploying federated approaches to predictive security.
翻译:建立准确的预测模型需要来自许多组织的知识;这需要披露敏感信息,例如网络结构、安全态势和政策,这往往不可取或完全不可能。在本文件中,我们探讨了利用Federal Learning(FL)预测未来安全事件的可行性。为此,我们引入了Cerberus(Cerberus)系统,这是一个为参与组织提供经常性神经网络(NNN)模型的合作培训的系统。直觉是,FL(FL)有可能在非私营方法之间提供一个中间地带,即培训数据集中在一个中央服务器上,而仅培训当地模型的低功用替代方法。我们在从一个主要安保公司入侵预防产品中获取的数据集上即刻化Cerberus(Cerberus),并对照效用、稳健性和隐私,以及参与者如何为该系统作出贡献和受益。总体而言,我们的工作揭示了使用FL(FL)这一任务的积极方面和难题,并为部署安全预测方法铺平了道路铺平了道路。
相关内容
微信扫码咨询专知VIP会员