Saved in:
Bibliographic Details
Main Authors: Nazari, Hedyeh, Yazdinejad, Abbas, Dehghantanha, Ali, Zarrinkalam, Fattane, Srivastava, Gautam
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2406.12003
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912112725458944
author Nazari, Hedyeh
Yazdinejad, Abbas
Dehghantanha, Ali
Zarrinkalam, Fattane
Srivastava, Gautam
author_facet Nazari, Hedyeh
Yazdinejad, Abbas
Dehghantanha, Ali
Zarrinkalam, Fattane
Srivastava, Gautam
contents Software Defined Networking (SDN) has brought significant advancements in network management and programmability. However, this evolution has also heightened vulnerability to Advanced Persistent Threats (APTs), sophisticated and stealthy cyberattacks that traditional detection methods often fail to counter, especially in the face of zero-day exploits. A prevalent issue is the inadequacy of existing strategies to detect novel threats while addressing data privacy concerns in collaborative learning scenarios. This paper presents P3GNN (privacy-preserving provenance graph-based graph neural network model), a novel model that synergizes Federated Learning (FL) with Graph Convolutional Networks (GCN) for effective APT detection in SDN environments. P3GNN utilizes unsupervised learning to analyze operational patterns within provenance graphs, identifying deviations indicative of security breaches. Its core feature is the integration of FL with homomorphic encryption, which fortifies data confidentiality and gradient integrity during collaborative learning. This approach addresses the critical challenge of data privacy in shared learning contexts. Key innovations of P3GNN include its ability to detect anomalies at the node level within provenance graphs, offering a detailed view of attack trajectories and enhancing security analysis. Furthermore, the models unsupervised learning capability enables it to identify zero-day attacks by learning standard operational patterns. Empirical evaluation using the DARPA TCE3 dataset demonstrates P3GNNs exceptional performance, achieving an accuracy of 0.93 and a low false positive rate of 0.06.
format Preprint
id arxiv_https___arxiv_org_abs_2406_12003
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle P3GNN: A Privacy-Preserving Provenance Graph-Based Model for APT Detection in Software Defined Networking
Nazari, Hedyeh
Yazdinejad, Abbas
Dehghantanha, Ali
Zarrinkalam, Fattane
Srivastava, Gautam
Cryptography and Security
Software Defined Networking (SDN) has brought significant advancements in network management and programmability. However, this evolution has also heightened vulnerability to Advanced Persistent Threats (APTs), sophisticated and stealthy cyberattacks that traditional detection methods often fail to counter, especially in the face of zero-day exploits. A prevalent issue is the inadequacy of existing strategies to detect novel threats while addressing data privacy concerns in collaborative learning scenarios. This paper presents P3GNN (privacy-preserving provenance graph-based graph neural network model), a novel model that synergizes Federated Learning (FL) with Graph Convolutional Networks (GCN) for effective APT detection in SDN environments. P3GNN utilizes unsupervised learning to analyze operational patterns within provenance graphs, identifying deviations indicative of security breaches. Its core feature is the integration of FL with homomorphic encryption, which fortifies data confidentiality and gradient integrity during collaborative learning. This approach addresses the critical challenge of data privacy in shared learning contexts. Key innovations of P3GNN include its ability to detect anomalies at the node level within provenance graphs, offering a detailed view of attack trajectories and enhancing security analysis. Furthermore, the models unsupervised learning capability enables it to identify zero-day attacks by learning standard operational patterns. Empirical evaluation using the DARPA TCE3 dataset demonstrates P3GNNs exceptional performance, achieving an accuracy of 0.93 and a low false positive rate of 0.06.
title P3GNN: A Privacy-Preserving Provenance Graph-Based Model for APT Detection in Software Defined Networking
topic Cryptography and Security
url https://arxiv.org/abs/2406.12003