Robust Representation for Domain Adaptation in Network Security
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F15%3A00239342" target="_blank" >RIV/68407700:21230/15:00239342 - isvavai.cz</a>
Výsledek na webu
<a href="http://link.springer.com/chapter/10.1007%2F978-3-319-23461-8_8" target="_blank" >http://link.springer.com/chapter/10.1007%2F978-3-319-23461-8_8</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1007/978-3-319-23461-8_8" target="_blank" >10.1007/978-3-319-23461-8_8</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Robust Representation for Domain Adaptation in Network Security
Popis výsledku v původním jazyce
The goal of domain adaptation is to solve the problem of different joint distribution of observation and labels in the training and testing data sets. This problem happens in many practical situations such as when a malware detector is trained from labeled datasets at certain time point but later evolves to evade detection. We solve the problem by introducing a new representation which ensures that a conditional distribution of the observation given labels is the same. The representation is computed forbags of samples (network traffic logs) and is designed to be invariant under shifting and scaling of the feature values extracted from the logs and under permutation and size changes of the bags. The invariance of the representation is achieved by relying on a self-similarity matrix computed for each bag. In our experiments, we will show that the representation is effective for training detector of malicious traffic in large corporate networks. Compared to the case without domain adapta
Název v anglickém jazyce
Robust Representation for Domain Adaptation in Network Security
Popis výsledku anglicky
The goal of domain adaptation is to solve the problem of different joint distribution of observation and labels in the training and testing data sets. This problem happens in many practical situations such as when a malware detector is trained from labeled datasets at certain time point but later evolves to evade detection. We solve the problem by introducing a new representation which ensures that a conditional distribution of the observation given labels is the same. The representation is computed forbags of samples (network traffic logs) and is designed to be invariant under shifting and scaling of the feature values extracted from the logs and under permutation and size changes of the bags. The invariance of the representation is achieved by relying on a self-similarity matrix computed for each bag. In our experiments, we will show that the representation is effective for training detector of malicious traffic in large corporate networks. Compared to the case without domain adapta
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
JC - Počítačový hardware a software
OECD FORD obor
—
Návaznosti výsledku
Projekt
—
Návaznosti
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Ostatní
Rok uplatnění
2015
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
Machine Learning and Knowledge Discovery in Databases, Part III
ISBN
978-3-319-23460-1
ISSN
0302-9743
e-ISSN
—
Počet stran výsledku
17
Strana od-do
116-132
Název nakladatele
Springer
Místo vydání
Heidelberg
Místo konání akce
Porto
Datum konání akce
7. 9. 2015
Typ akce podle státní příslušnosti
WRD - Celosvětová akce
Kód UT WoS článku
000363667400011