Saved in:
Bibliographic Details
Main Authors: Zuo, Fei, Rhee, Junghwan, Choe, Yung Ryn, Fu, Chenglong, Qu, Xianshan
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.16626
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916802475327488
author Zuo, Fei
Rhee, Junghwan
Choe, Yung Ryn
Fu, Chenglong
Qu, Xianshan
author_facet Zuo, Fei
Rhee, Junghwan
Choe, Yung Ryn
Fu, Chenglong
Qu, Xianshan
contents In recent years, the adoption of cloud services has been expanding at an unprecedented rate. As more and more organizations migrate or deploy their businesses to the cloud, a multitude of related cybersecurity incidents such as data breaches are on the rise. Many inherent attributes of cloud environments, for example, data sharing, remote access, dynamicity and scalability, pose significant challenges for the protection of cloud security. Even worse, cyber threats are becoming increasingly sophisticated and covert. Attack methods, such as Advanced Persistent Threats (APTs), are continually developed to bypass traditional security measures. Among the emerging technologies for robust threat detection, system provenance analysis is being considered as a promising mechanism, thus attracting widespread attention in the field of incident response. This paper proposes a new few-shot learning-based attack detection with improved data context intelligence. We collect operating system behavior data of cloud systems during realistic attacks and leverage an innovative semiotics extraction method to describe system events. Inspired by the advances in semantic analysis, which is a fruitful area focused on understanding natural languages in computational linguistics, we further convert the anomaly detection problem into a similarity comparison problem. Comprehensive experiments show that the proposed approach is able to generalize over unseen attacks and make accurate predictions, even if the incident detection models are trained with very limited samples.
format Preprint
id arxiv_https___arxiv_org_abs_2506_16626
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Few-Shot Learning-Based Cyber Incident Detection with Augmented Context Intelligence
Zuo, Fei
Rhee, Junghwan
Choe, Yung Ryn
Fu, Chenglong
Qu, Xianshan
Cryptography and Security
In recent years, the adoption of cloud services has been expanding at an unprecedented rate. As more and more organizations migrate or deploy their businesses to the cloud, a multitude of related cybersecurity incidents such as data breaches are on the rise. Many inherent attributes of cloud environments, for example, data sharing, remote access, dynamicity and scalability, pose significant challenges for the protection of cloud security. Even worse, cyber threats are becoming increasingly sophisticated and covert. Attack methods, such as Advanced Persistent Threats (APTs), are continually developed to bypass traditional security measures. Among the emerging technologies for robust threat detection, system provenance analysis is being considered as a promising mechanism, thus attracting widespread attention in the field of incident response. This paper proposes a new few-shot learning-based attack detection with improved data context intelligence. We collect operating system behavior data of cloud systems during realistic attacks and leverage an innovative semiotics extraction method to describe system events. Inspired by the advances in semantic analysis, which is a fruitful area focused on understanding natural languages in computational linguistics, we further convert the anomaly detection problem into a similarity comparison problem. Comprehensive experiments show that the proposed approach is able to generalize over unseen attacks and make accurate predictions, even if the incident detection models are trained with very limited samples.
title Few-Shot Learning-Based Cyber Incident Detection with Augmented Context Intelligence
topic Cryptography and Security
url https://arxiv.org/abs/2506.16626