TY - GEN
T1 - Extending detection with privileged information via generalized distillation
AU - Celik, Z. Berkay
AU - McDaniel, Patrick
N1 - Funding Information:
We thank Dr. David Lopez-Paz for his constructive comments on generalized distillation and Dr. Rauf Izmailov for his feedback on the application of Learning using Privileged Information (LUPI) paradigm. Research was sponsored by the Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on.
Publisher Copyright:
© 2018 IEEE.
PY - 2018/8/2
Y1 - 2018/8/2
N2 - Detection systems based on machine learning models are essential tools for system and enterprise defense. These systems construct models of attacks (or non-attacks) from past observations (i.e., features) using a training algorithm. After that, the detection systems use that model for detection at run-time. In this way, the detection system recognizes when the environmental state becomes - at least probabilistically - dangerous. A limitation of this traditional model of detection is that model training is limited to features available at run-time. However, many features are either too expensive to collect in real-time or only available after the fact. In traditional detection, such features are ignored for the purpose of detection. In this paper, we consider an alternative detection model learning approach, generalized distillation, that trains models using privileged information - features available at training time but not at run-time-to improve the accuracy of detection systems. We use a deep neural network to implement generalized distillation for the training of detection models and making predictions. Our empirical study shows that detection with privileged information via generalized distillation increases precision and recall in systems of user face authentication, fast-flux bot detection, and malware classification over systems with no privileged information.
AB - Detection systems based on machine learning models are essential tools for system and enterprise defense. These systems construct models of attacks (or non-attacks) from past observations (i.e., features) using a training algorithm. After that, the detection systems use that model for detection at run-time. In this way, the detection system recognizes when the environmental state becomes - at least probabilistically - dangerous. A limitation of this traditional model of detection is that model training is limited to features available at run-time. However, many features are either too expensive to collect in real-time or only available after the fact. In traditional detection, such features are ignored for the purpose of detection. In this paper, we consider an alternative detection model learning approach, generalized distillation, that trains models using privileged information - features available at training time but not at run-time-to improve the accuracy of detection systems. We use a deep neural network to implement generalized distillation for the training of detection models and making predictions. Our empirical study shows that detection with privileged information via generalized distillation increases precision and recall in systems of user face authentication, fast-flux bot detection, and malware classification over systems with no privileged information.
UR - http://www.scopus.com/inward/record.url?scp=85052210547&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85052210547&partnerID=8YFLogxK
U2 - 10.1109/SPW.2018.00021
DO - 10.1109/SPW.2018.00021
M3 - Conference contribution
AN - SCOPUS:85052210547
SN - 9780769563497
T3 - Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018
SP - 83
EP - 88
BT - Proceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018
Y2 - 24 May 2018
ER -