Building Better Detection with Privileged Information.
作者: Nicolas Papernot , Patrick D. McDaniel , Ananthram Swami , Rauf Izmailov , Z. Berkay Celik
DOI:
关键词: Computer science 、 Malware 、 Data mining 、 Feature vector 、 Leverage (statistics) 、 Precision and recall 、 Detector
摘要: Modern detection systems use sensor outputs available in the deployment environment to probabilistically identify attacks. These are trained on past or synthetic feature vectors create a model of anomalous normal behavior. Thereafter, run-time collected compared attacks (or lack attack). While this approach has been proven be effective many environments, it is limited training only features that can reliably at test-time. Hence, they fail leverage often vast amount ancillary information from forensic analysis and post-mortem data. In short, don't train (and thus learn from) unavailable too costly collect run-time. paper, we recent advances machine learning integrate privileged --features time, but not run-time-- into algorithms. We apply three different approaches with information; knowledge transfer, influence, distillation, empirically validate their performance range domains. Our evaluation shows increase detector precision recall: observe an average 4.8% decrease error for malware traffic over system no information, 3.53% fast-flux domain bot detection, 3.33% classification, 11.2% facial user authentication. conclude by exploring limitations applications techniques systems.
arxiv.org 参考文章(47)
Amin Hassanzadeh, Zhaoyan Xu, Radu Stoleru, Guofei Gu, Michalis Polychronakis, PRIDE: Practical Intrusion Detection in Resource Constrained Wireless Mesh Networks international conference on information and communication security. pp. 213- 228 ,(2013) , 10.1007/978-3-319-02726-5_16
Erik G Learned-Miller, Vidit Jain, FDDB: A benchmark for face detection in unconstrained settings UMass Amherst Technical Report. ,(2010)
Jason Reeves, Ashwin Ramaswamy, Michael Locasto, Sergey Bratus, Sean Smith, Lightweight Intrusion Detection for Resource-Constrained Embedded Control Systems international conference on critical infrastructure protection. pp. 31- 46 ,(2011) , 10.1007/978-3-642-24864-1_3
Babak Rahbarinia, Roberto Perdisci, Manos Antonakakis, Segugio: Efficient Behavior-Based Tracking of Malware-Control Domains in Large ISP Networks 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. pp. 403- 414 ,(2015) , 10.1109/DSN.2015.35
M. Zubair Rafique, Juan Caballero, FIRMA: Malware Clustering and Network Signature Generation with Mixed Network Behaviors recent advances in intrusion detection. pp. 144- 163 ,(2013) , 10.1007/978-3-642-41284-4_8
Ching-Hsiang Hsu, Chun-Ying Huang, Kuan-Ta Chen, Fast-flux bot detection in real time recent advances in intrusion detection. pp. 464- 483 ,(2010) , 10.1007/978-3-642-15512-3_24
Roberto Perdisci, David Dagon, Yacin Nadji, Manos Antonakakis, Nikolaos Vasiloglou, Wenke Lee, Saeed Abu-Nimeh, From throw-away traffic to bots: detecting the rise of DGA-based malware usenix security symposium. pp. 24- 24 ,(2012)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
Geoffrey Hinton, Oriol Vinyals, Jeff Dean, Distilling the Knowledge in a Neural Network arXiv: Machine Learning. ,(2015)
Ziheng Wang, Qiang Ji, None, Classifier learning with hidden information computer vision and pattern recognition. pp. 4969- 4977 ,(2015) , 10.1109/CVPR.2015.7299131