Feature cultivation in privileged information-augmented detection

Z. Berkay Celik, Patrick McDaniel, Rauf Izmailov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Modern detection systems use sensor outputs available in the deployment environment to probabilistically identify attacks. These systems are trained on past or synthetic feature vectors to create a model of anomalous or normal behavior. Thereafter, run-time collected sensor outputs are compared to the model to identify attacks (or the lack of attack). While this approach to detection has been proven to be effective in many environments, it is limited to training on only features that can be reliably collected at detection time. Hence, they fail to leverage the often vast amount of ancillary information available from past forensic analysis and post-mortem data. In short, detection systems do not train (and thus do not learn from) features that are unavailable or too costly to collect at run-time. Recent work proposed an alternate model construction approach that integrates forensic "privilege" information-features reliably available at training time, but not at run-time-to improve accuracy and resilience of detection systems. In this paper, we further evaluate two of proposed techniques to model training with privileged information: knowledge transfer, and model influence. We explore the cultivation of privileged features, the efficiency of those processes and their influence on the detection accuracy. We observe that the improved integration of privileged features makes the resulting detection models more accurate. Our evaluation shows that use of privileged information leads to up to 8.2% relative decrease in detection error for fast-flux bot detection over a system with no privileged information, and 5.5% for malware classification.

Original languageEnglish (US)
Title of host publicationIWSPA 2017 - Proceedings of the 3rd ACM International Workshop on Security and Privacy Analytics, co-located with CODASPY 2017
PublisherAssociation for Computing Machinery, Inc
Pages73-80
Number of pages8
ISBN (Electronic)9781450349093
DOIs
StatePublished - Mar 24 2017
Event3rd ACM International Workshop on Security and Privacy Analytics, IWSPA 2017 - Scottsdale, United States
Duration: Mar 24 2017 → …

Publication series

NameIWSPA 2017 - Proceedings of the 3rd ACM International Workshop on Security and Privacy Analytics, co-located with CODASPY 2017

Other

Other3rd ACM International Workshop on Security and Privacy Analytics, IWSPA 2017
Country/TerritoryUnited States
CityScottsdale
Period3/24/17 → …

All Science Journal Classification (ASJC) codes

  • Computer Science Applications
  • Software
  • Computer Networks and Communications
  • Computational Theory and Mathematics
  • Information Systems

Fingerprint

Dive into the research topics of 'Feature cultivation in privileged information-augmented detection'. Together they form a unique fingerprint.

Cite this