From One Attack Domain to Another: Contrastive Transfer Learning with Siamese Networks for APT Detection
🤖 AI Summary
APT detection faces challenges including high stealthiness, scarce labeled data, and poor cross-scenario generalization; conventional methods suffer from class imbalance, high-dimensional features, and domain shift. This paper proposes a contrastive transfer learning framework based on a Siamese network, integrating behavioral sequence modeling, contrastive learning, and domain adaptation to enable knowledge transfer across heterogeneous APT attack domains. Its key contributions are: (i) an end-to-end Siamese architecture jointly optimizing feature discriminability and domain invariance; (ii) contrastive loss to enhance fine-grained behavioral pattern discrimination; and (iii) efficient cross-domain detection with only a few target-domain labels. Evaluated on multiple real-world APT datasets under few-shot settings, the method achieves an average 12.6% improvement in cross-domain detection accuracy over state-of-the-art baselines, demonstrating superior generalizability and practicality.
Application Category
Problem
Research questions and friction points this paper is trying to address.
Detecting Advanced Persistent Threats with limited real-world attack traces
Addressing class imbalance and high dimensionality in cybersecurity data
Improving model transferability across different attack domains and scenarios
Innovation
Methods, ideas, or system contributions that make the work stand out.
Siamese networks enable cross-domain contrastive transfer learning
Attention-based autoencoder facilitates knowledge transfer across domains
SHAP feature selection reduces dimensionality and computational costs
🔎 Similar Papers
No similar papers found.
