CERBERUS: Exploring Federated Prediction of Security Events

5Citations
Citations of this article
16Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Modern defenses against cyberattacks increasingly rely on proactive approaches, e.g., to predict the adversary's next actions based on past events. Building accurate prediction models requires knowledge from many organizations; alas, this entails disclosing sensitive information, such as network structures, security postures, and policies, which might often be undesirable or outright impossible. In this paper, we explore the feasibility of using Federated Learning (FL) to predict future security events. To this end, we introduce Cerberus, a system enabling collaborative training of Recurrent Neural Network (RNN) models for participating organizations. The intuition is that FL could potentially offer a middle-ground between the non-private approach where the training data is pooled at a central server and the low-utility alternative of only training local models. We instantiate Cerberus on a dataset obtained from a major security company's intrusion prevention product and evaluate it vis-à-vis utility, robustness, and privacy, as well as how participants contribute to and benefit from the system. Overall, our work sheds light on both the positive aspects and the challenges of using FL for this task and paves the way for deploying federated approaches to predictive security.

Cite

CITATION STYLE

APA

Naseri, M., Han, Y., Mariconti, E., Shen, Y., Stringhini, G., & De Cristofaro, E. (2022). CERBERUS: Exploring Federated Prediction of Security Events. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 2337–2351). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560580

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free