Enhanced Communication Behavior Recognition in Small Sample Contexts via MultiCenter Domain Adaptation (MCDA)

The effectiveness of AI-driven cybersecurity threat detection heavily relies on extensive datasets for deep learning models. However, the scarcity of labeled samples poses a significant challenge to the applicability of deep learning technologies in this domain. To address this challenge, this paper proposes domain adaptation as a form of transfer learning, which leverages abundant labeled data from a source domain to enhance model training in the target domain. Specifically, this paper focuses on overfitting in small sample deep learning models for Advanced Persistent Threat (APT) communication behavior recognition, where traditional domain adaptation techniques have been proven by experimental results to be inadequate for this particular task. To overcome these challenges, we introduce the MultiCenter Domain Adaptation method (MCDA), which has been specifically designed to align with the distinct data distribution characteristics found in real-world communication datasets. Experimental results demonstrate that MCDA significantly improves model performance when addressing overfitting in small sample scenarios. Across various evaluation metrics, the proposed approach yields improvements ranging from 3.7% to 15.2%. As the scarcity of labeled samples is a prominent issue in various security analysis scenarios, our proposed MCDA approach serves as a valuable reference for enhancing threat detection models with limited labeled data.