A Source Domain is All You Need: Source-Only Cross-OS Transfer Learning for APT Anomaly Detection via Semantic Alignment and Optimal Transport
Researchers have developed a novel framework for detecting advanced persistent threats (APTs) across different operating systems without requiring any labeled data from the target system. The approach uses natural language processing to describe process behavior, embeds these descriptions using pre-trained language models, and then applies optimal transport methods to quantify deviations from normal behavior learned from a source operating system. Evaluations on multiple APT scenarios and operating systems demonstrated improved detection accuracy compared to existing source-only methods. AI
IMPACT This research offers a new method for cybersecurity that could improve threat detection capabilities across diverse systems.