Privacy-preserving Few-shot Traffic Detection against Advanced Persistent Threats via Federated Meta Learning

Advanced Persistent Threats (APT) utilizes multiple zero-day vulnerabilities to threaten critical industrial infrastructure, having the characteristics of burst, unknown and cross-domain. To resist APT attacks, existing wisdom usually establish a security monitoring platform that remotely links to the cloud-based threat intelligence center. However, the real scenario where few victim users are willing to share raw attack samples considering privacy-preservation, such mentality is hysteretic and cannot identify APT attacks quickly without sacrificing additional incentives. To address this issue, a novel privacy-preserving few-shot traffic detection (PFTD) method based on federated meta learning (FML) is proposed. The PFTD treats the APT detection task as a model generalization optimization process, that transfers the learned knowledge to identify local unknown samples. Client-side models in FML achieve knowledge transferring by two-phase updating over both support dataset and query dataset, while the server-side model obtains global knowledge with model aggregation. These processes compile useful knowledge against APT attacks. With a novel wisdom, we obtained three advantages: 1) High accuracy with a few attack samples; 2) Low latency detection for removing rules matching process; 3) High personalizing to cross-domain APT attacks. Extensive experiments based on multiple benchmark datasets like CICIDS2017 and DAPT 2020 prove the superiority of proposed PFTD.