Extending Detection with Privileged Information via Generalized Distillation

Celik, Z. Berkay; McDaniel, Patrick

doi:10.1109/spw.2018.00021

Cited by 4 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dataset [179] Alexa & Private [180] Genome, Contagio, VirusShare, Drebin [181] Drebin [182] BIG 2015 [184] Private [183] Malicious Behavior Windows Audit Logs [185] VirusShare, Citadel, APT1 [186] Spambase [187] Wild dataset & BIG 2015 [188] GTSRB [189] Enron Spam Dataset [190] Mozilla Common Voice Dataset [191] NSL-KDD [192] AICS'2019 challenge dataset [193] Car-Hacking Dataset from HCRL [194] ADFA-LD [195] CIDDS-001 [196] KDDCup-99 [197] Ember [198] AmritaDGA [199] CycleGAN & StarGAN service (DDoS) attacks. Recently, a DL based architecture called generative adversarial network (GAN) was trained to generate adversarial domain names to intentionally bypass a DL based detector [179].…”

Section: Referencementioning

confidence: 99%

“…However, they fail to detect attacks that are less aggressive such as label flipping. Another study employed generalized distillation learning approach to train the DL based detection model using privileged features [187]. Attacks against computer vision based modules of autonomous vehicles in real-world applications were studied by using adversarial examples to misclassify advertisements and innocuous signs with a success rate of 95% [188].…”

Section: Other Adversarial Based Attacks and Defense Techniques In Cyber Securitymentioning

confidence: 99%

See 1 more Smart Citation

Deep Learning for Cyber Security Applications: A Comprehensive Survey

Ravi¹,

Alazab²,

Srinivasan³

et al. 2021

Preprint

View full text Add to dashboard Cite

Deep Learning (DL), a novel form of machine learning (ML) is gaining much research interest due to its successful application in many classical artificial intelligence (AI) tasks as compared to classical ML algorithms (CMLAs). Recently, DL architectures are being innovatively modelled for diverse applications in the area of cyber security. The literature is now growing with DL architectures and their variations for exploring different innovative DL models and prototypes that can be tailored to suit specific cyber security applications. However, there is a gap in literature for a comprehensive survey reporting on such research studies. Many of the survey-based research have a focus on specific DL architectures and certain types of malicious attacks within a limited cyber security problem scenario of the past and lack futuristic review. This paper aims at providing a well-rounded and thorough survey of the past, present, and future DL architectures including next-generation cyber security scenarios related to intelligent automation, Internet of Things (IoT), Big Data (BD), Blockchain, cloud and edge technologies. <br>This paper presents a tutorial-style comprehensive review of the state-of-the-art DL architectures for diverse applications in cyber security by comparing and analysing the contributions and challenges from various recent research papers. Firstly, the uniqueness of the survey is in reporting the use of DL architectures for an extensive set of cybercrime detection approaches such as intrusion detection, malware and botnet detection, spam and phishing detection, network traffic analysis, binary analysis, insider threat detection, CAPTCHA analysis, and steganography. Secondly, the survey covers key DL architectures in cyber security application domains such as cryptography, cloud security, biometric security, IoT and edge computing. Thirdly, the need for DL based research is discussed for the next generation cyber security applications in cyber physical systems (CPS) that leverage on BD analytics, natural language processing (NLP), signal and image processing and blockchain technology for smart cities and Industry 4.0 of the future. Finally, a critical discussion on open challenges and new proposed DL architecture contributes towards future research directions.

show abstract

Section: Referencementioning

confidence: 99%

Section: Other Adversarial Based Attacks and Defense Techniques In Cyber Securitymentioning

confidence: 99%

Deep Learning for Cyber Security Applications: A Comprehensive Survey

Ravi¹,

Alazab²,

Srinivasan³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…It can be observed that the proposed approach is effective but fails to detect attacks that are less aggressive like label flipping. In [388], the authors employs generalized distillation learning approach to train the DL based detection model using privileged features which are available at the time of training. They have shown that the proposed method leads to better accuracy when compared to systems with no privileged information.…”

Section: Other Adversarial Based Attack and Defence Techniques In mentioning

confidence: 99%

A Comprehensive Tutorial and Survey of Applications of Deep Learning for Cyber Security

Ravi¹,

Alazab²,

Sriram³

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…"Privileged" data is data that is expensive or slow to generate and so will not be available during runtime. We use the finding of Celik and McDaniel's work [24] to train a Random Forest on a short snapshot of behaviour but benefiting from a recurrent neural network which has been trained by observing a longer window of behavioural data.…”

Section: Distillation For Malware Detectionmentioning

confidence: 99%

“…Instead of the full window of data the Random Forest will just see the most recent captured data (see Figures 1 and 2). This may seem counter-intuitive but Celik and McDaniel [24] found that in a number of security applications (including classifying malware into families) distillation could be used to train models with partial information when compared with the full models from which they are distilled. Instead of values between 0 and 1, the Random Forest will be trained to mimic the behaviour of the malware with the adjusted decision threshold to mitigate the chances of false positives.…”

Section: Killing Malicious Processes As Early As Possiblementioning

confidence: 99%

Real-time malware process detection and automated process killing

Rhode¹,

Burnap²,

Wedgbury³

2019

Preprint

View full text Add to dashboard Cite

Adversaries are increasingly motivated to spend energy trying to evade automatic malware detection tools. Dynamic analysis examines the behavioural trace of malware, which is difficult to obfuscate, but the time required for dynamic analysis means it is not typically used in practice for endpoint protection but rather as an analysis tool. This paper presents a run-time model to detect malicious processes and automatically kill them as they run on a real endpoint in use. This approach enables dynamic analysis to be used to prevent harm to the endpoint, rather than to analyse the cause of damage after the event. Run-time detection introduces the risk of malicious damage to the endpoint and necessitates that malicious processes are detected and killed as early as possible to minimise the opportunities for damage to take place. A distilled machine learning model is used to improve inference speed whilst benefiting from the parameters learned by larger, more computationally intensive model. This paper is the first to focus on tangible benefits of process killing to the user, showing that the distilled model is able to prevent 86.34% of files being corrupted by ransomware whilst maintaining a low false positive rate for unseen benignware of 4.72%.

show abstract

Extending Detection with Privileged Information via Generalized Distillation

Cited by 4 publications

References 27 publications

Deep Learning for Cyber Security Applications: A Comprehensive Survey

Deep Learning for Cyber Security Applications: A Comprehensive Survey

A Comprehensive Tutorial and Survey of Applications of Deep Learning for Cyber Security

Real-time malware process detection and automated process killing

Contact Info

Product

Resources

About