Training set size reduction in large dataset problems

Chouvatut, Varin; Jindaluang, Wattana; Boonchieng, Ekkarat

doi:10.1109/icsec.2015.7401435

Cited by 7 publications

(3 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our work differs in using active learning guided by a boosting classifier and a naïve bayes anomaly detector, applied to command embedding representation, with the goal of detecting LOL attacks that leverage existing Windows tools. An orthogonal problem studied in previous work [11] is training data reduction, while our work addresses the challenge of limited malicious samples.…”

Section: Related Workmentioning

confidence: 99%

Living-Off-The-Land Command Detection Using Active Learning

Ongun

Stokes

et al. 2021

24th International Symposium on Research in Attacks, Intrusions and Defenses

View full text Add to dashboard Cite

In recent years, enterprises have been targeted by advanced adversaries who leverage creative ways to infiltrate their systems and move laterally to gain access to critical data. One increasingly common evasive method is to hide the malicious activity behind a benign program by using tools that are already installed on user computers. These programs are usually part of the operating system distribution or another user-installed binary, therefore this type of attack is called "Living-Off-The-Land". Detecting these attacks is challenging, as adversaries may not create malicious files on the victim computers and anti-virus scans fail to detect them.We propose the design of an Active Learning framework called LOLAL for detecting Living-Off-the-Land attacks that iteratively selects a set of uncertain and anomalous samples for labeling by a human analyst. LOLAL is specifically designed to work well when a limited number of labeled samples are available for training machine learning models to detect attacks. We investigate methods to represent command-line text using word-embedding techniques, and design ensemble boosting classifiers to distinguish malicious and benign samples based on the embedding representation. We leverage a large, anonymized dataset collected by an endpoint security product and demonstrate that our ensemble classifiers achieve an average F1 score of 96% at classifying different attack classes. We show that our active learning method consistently improves the classifier performance as more training data is labeled, and converges in less than 30 iterations when starting with a small number of labeled instances.

show abstract

Section: Related Workmentioning

confidence: 99%

Living-Off-The-Land Command Detection Using Active Learning

Ongun

Stokes

et al. 2021

24th International Symposium on Research in Attacks, Intrusions and Defenses

View full text Add to dashboard Cite

show abstract

“…However, RBFN accuracy mainly depending on the initial centers selected from dataset before network training begins [15,39,41,44,45]. Besides, the size of training datasets and invalid data found in datasets also play an important role in determining networks training speed and accuracy [46][47][48][49][50]. Furthermore, it is also reported that the learning algorithm for networks training may perform worse with the increases of dataset [51].…”

Section: Related Workmentioning

confidence: 99%

Distance Weighted K-Means Algorithm for Center Selection in Training Radial Basis Function Networks

Aik

Hong

Junoh

2019

IJ-AI

View full text Add to dashboard Cite

The accuracies rates of the neural networks mainly depend on the selection of the correct data centers. The K-means algorithm is a widely used clustering algorithm in various disciplines for centers selection. However, the method is known for its sensitivity to initial centers selection. It suffers not only from a high dependency on the algorithm's initial centers selection but, also from data points. The performance of K-means has been enhanced from different perspectives, including centroid initialization problem over the years. Unfortunately, the solution does not provide a good trade-off between quality and efficiency of the centers produces by the algorithm. To solve this problem, a new method to find the initial centers and improve the sensitivity to the initial centers of K-means algorithm is proposed. This paper presented a training algorithm for the radial basis function network (RBFN) using improved K-means (KM) algorithm, which is the modified version of KM algorithm based on distance-weighted adjustment for each centers, known as distance-weighted K-means (DWKM) algorithm. The proposed training algorithm, which uses DWKM algorithm select centers for training RBFN obtained better accuracy in predictions and reduced network architecture compared to the standard RBFN. The proposed training algorithm was implemented in MATLAB environment; hence, the new network was undergoing a hybrid learning process. The network called DWKM-RBFN was tested against the standard RBFN in predictions. The experimental models were tested on four literatures nonlinear function and four real-world application problems, particularly in Air pollutant problem, Biochemical Oxygen Demand (BOD) problem, Phytoplankton problem, and forex pair EURUSD. The results are compared to proposed method for root mean square error (RMSE) in radial basis function network (RBFN). The proposed method yielded a promising result with an average improvement percentage more than 50 percent in RMSE.

show abstract

“…Our work differs in using active learning guided by a boosting classifier and a Naïve Bayes anomaly detector, applied to command embedding representation, with the goal of detecting LOL attacks that leverage existing Windows tools. An orthogonal problem studied in previous work [47] is training data reduction, while our work addresses the challenge of limited malicious samples.…”

Section: Related Workmentioning

confidence: 99%

Resilient machine learning methods for cyber-attack detection

Ongun

View full text Add to dashboard Cite

show abstract

Training set size reduction in large dataset problems

Cited by 7 publications

References 4 publications

Living-Off-The-Land Command Detection Using Active Learning

Living-Off-The-Land Command Detection Using Active Learning

Distance Weighted K-Means Algorithm for Center Selection in Training Radial Basis Function Networks

Resilient machine learning methods for cyber-attack detection

Contact Info

Product

Resources

About