Few-Shot Learning-Based Cyber Incident Detection with Augmented Context Intelligence
- URL: http://arxiv.org/abs/2506.16626v1
- Date: Thu, 19 Jun 2025 21:53:02 GMT
- Title: Few-Shot Learning-Based Cyber Incident Detection with Augmented Context Intelligence
- Authors: Fei Zuo, Junghwan Rhee, Yung Ryn Choe, Chenglong Fu, Xianshan Qu,
- Abstract summary: This paper proposes a new few-shot learning-based attack detection with improved data context intelligence.<n>We collect operating system behavior data of cloud systems during realistic attacks and leverage an innovative semiotics extraction method to describe system events.
- Score: 2.036740192779817
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: In recent years, the adoption of cloud services has been expanding at an unprecedented rate. As more and more organizations migrate or deploy their businesses to the cloud, a multitude of related cybersecurity incidents such as data breaches are on the rise. Many inherent attributes of cloud environments, for example, data sharing, remote access, dynamicity and scalability, pose significant challenges for the protection of cloud security. Even worse, cyber threats are becoming increasingly sophisticated and covert. Attack methods, such as Advanced Persistent Threats (APTs), are continually developed to bypass traditional security measures. Among the emerging technologies for robust threat detection, system provenance analysis is being considered as a promising mechanism, thus attracting widespread attention in the field of incident response. This paper proposes a new few-shot learning-based attack detection with improved data context intelligence. We collect operating system behavior data of cloud systems during realistic attacks and leverage an innovative semiotics extraction method to describe system events. Inspired by the advances in semantic analysis, which is a fruitful area focused on understanding natural languages in computational linguistics, we further convert the anomaly detection problem into a similarity comparison problem. Comprehensive experiments show that the proposed approach is able to generalize over unseen attacks and make accurate predictions, even if the incident detection models are trained with very limited samples.
Related papers
- AI-Driven Security in Cloud Computing: Enhancing Threat Detection, Automated Response, and Cyber Resilience [0.0]
This paper examines ways AI can enhance cloud security by applying predictive analytics, behavior-based security threat detection, and AI-stirring encryption.<n>It also outlines the problems of the previous security models and how AI overcomes them.<n>The paper discusses the current trends in securing cloud data architecture using AI and presents further research and application directions.
arXiv Detail & Related papers (2025-05-06T19:45:13Z) - Cyber Defense Reinvented: Large Language Models as Threat Intelligence Copilots [36.809323735351825]
CYLENS is a cyber threat intelligence copilot powered by large language models (LLMs)<n>CYLENS is designed to assist security professionals throughout the entire threat management lifecycle.<n>It supports threat attribution, contextualization, detection, correlation, prioritization, and remediation.
arXiv Detail & Related papers (2025-02-28T07:16:09Z) - Simulation of Multi-Stage Attack and Defense Mechanisms in Smart Grids [2.0766068042442174]
We introduce a simulation environment that replicates the power grid's infrastructure and communication dynamics.<n>The framework generates diverse, realistic attack data to train machine learning algorithms for detecting and mitigating cyber threats.<n>It also provides a controlled, flexible platform to evaluate emerging security technologies, including advanced decision support systems.
arXiv Detail & Related papers (2024-12-09T07:07:17Z) - AI-based Attacker Models for Enhancing Multi-Stage Cyberattack Simulations in Smart Grids Using Co-Simulation Environments [1.4563527353943984]
The transition to smart grids has increased the vulnerability of electrical power systems to advanced cyber threats.<n>We propose a co-simulation framework that employs an autonomous agent to execute modular cyberattacks.<n>Our approach offers a flexible, versatile source for data generation, aiding in faster prototyping and reducing development resources and time.
arXiv Detail & Related papers (2024-12-05T08:56:38Z) - Countering Autonomous Cyber Threats [40.00865970939829]
Foundation Models present dual-use concerns broadly and within the cyber domain specifically.
Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations.
This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
arXiv Detail & Related papers (2024-10-23T22:46:44Z) - Adaptive Attack Detection in Text Classification: Leveraging Space Exploration Features for Text Sentiment Classification [44.99833362998488]
Adversarial example detection plays a vital role in adaptive cyber defense, especially in the face of rapidly evolving attacks.
We propose a novel approach that leverages the power of BERT (Bidirectional Representations from Transformers) and introduces the concept of Space Exploration Features.
arXiv Detail & Related papers (2023-08-29T23:02:26Z) - Few-shot Weakly-supervised Cybersecurity Anomaly Detection [1.179179628317559]
We propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework.
This framework incorporates data augmentation, representation learning and ordinal regression.
We then evaluated and showed the performance of our implemented framework on three benchmark datasets.
arXiv Detail & Related papers (2023-04-15T04:37:54Z) - GowFed -- A novel Federated Network Intrusion Detection System [0.15469452301122172]
This work presents GowFed, a novel network threat detection system that combines the usage of Gower Dissimilarity matrices and Federated averaging.
Different approaches of GowFed have been developed based on state-of the-art knowledge: (1) a vanilla version; and (2) a version instrumented with an attention mechanism.
Overall, GowFed intends to be the first stepping stone towards the combined usage of Federated Learning and Gower Dissimilarity matrices to detect network threats in industrial-level networks.
arXiv Detail & Related papers (2022-10-28T23:53:37Z) - RobustSense: Defending Adversarial Attack for Secure Device-Free Human
Activity Recognition [37.387265457439476]
We propose a novel learning framework, RobustSense, to defend common adversarial attacks.
Our method works well on wireless human activity recognition and person identification systems.
arXiv Detail & Related papers (2022-04-04T15:06:03Z) - Adversarial Machine Learning Threat Analysis in Open Radio Access
Networks [37.23982660941893]
The Open Radio Access Network (O-RAN) is a new, open, adaptive, and intelligent RAN architecture.
In this paper, we present a systematic adversarial machine learning threat analysis for the O-RAN.
arXiv Detail & Related papers (2022-01-16T17:01:38Z) - Adversarial Machine Learning Attacks and Defense Methods in the Cyber
Security Domain [58.30296637276011]
This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques.
It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
arXiv Detail & Related papers (2020-07-05T18:22:40Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.