Jiacen Xu (Microsoft), Chenang Li (University of California, Irvine), Yu Zheng (University of California, Irvine), Zhou Li (University of California, Irvine)

Graph-based Network Intrusion Detection Systems (GNIDS) have gained significant momentum in detecting sophisticated cyber-attacks, such as Advanced Persistent Threats (APTs), within and across organizational boundaries. Though achieving satisfying detection accuracy and demonstrating adaptability to ever-changing attacks and normal patterns, existing GNIDS predominantly assume a centralized data setting. However, flexible data collection is not always realistic or achievable due to increasing constraints from privacy regulations and operational limitations.

We argue that the practical development of GNIDS requires accounting for distributed collection settings and we leverage Federated Learning (FL) as a viable paradigm to address this prominent challenge. We observe that naively applying FL to GNIDS is unlikely to be effective, due to issues like graph heterogeneity over clients and the diverse design choices taken by different GNIDS. We address these issues with a set of novel techniques tailored to graph datasets, including reference graph synthesis, graph sketching and adaptive contribution scaling, eventually developing a new system ENTENTE. By leveraging the domain knowledge, ENTENTE can achieve effectiveness, scalability and robustness simultaneously. Empirical evaluation on the large-scale LANL, OpTC and Pivoting datasets shows that ENTENTE outperforms the SOTA FL baselines. We also evaluate ENTENTE under FL poisoning attacks tailored to the GNIDS setting, showing the robustness by bounding the attack success rate to low values. Overall, our study suggests a promising direction for building cross-silo GNIDS.

View More Papers

Demystifying the Access Control Mechanism of ESXi VMKernel

Yue Liu (Southeast University), Zexiang Zhang (National University of Defense Technology), Jiaxun Zhu (Zhejiang University), Hao Zheng (Independent Researcher), Jiaqing Huang (Independent Researcher), Wenbo Shen (Zhejiang University), Gaoning Pan (Hangzhou Dianzi University), Yuliang Lu (National University of Defense Technology), Min Zhang (National University of Defense Technology), Zulie Pan (National University of Defense Technology), Guang Cheng…

Read More

Peering Inside the Black-Box: Long-Range and Scalable Model Architecture...

Rui Xiao (Zhejiang University), Sibo Feng (Zhejiang University), Soundarya Ramesh (National University of Singapore), Jun Han (KAIST), Jinsong Han (Zhejiang University)

Read More

Validity Is Not Enough: Uncovering the Security Pitfall in...

Di Zhai (Beijing Jiaotong University), Jiashuo Zhang (Peking University), Jianbo Gao (Beijing Jiaotong University), Tianhao Liu (Beijing Jiaotong University), Tao Zhang (Beijing Jiaotong University), Jian Wang (Beijing Jiaotong University), Jiqiang Liu (Beijing Jiaotong University)

Read More