Skip to main content
SpringerLink
Log in

MCoM: A Semi-Supervised Method for Imbalanced Tabular Security Data

  • Conference paper
  • First Online:
Data and Applications Security and Privacy XXXVI (DBSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13383))

Included in the following conference series:

Abstract

MCoM (Mixup Contrastive Mixup) is a new semi-supervised learning methodology that innovates a triplet mixup data augmentation approach to address the imbalanced data problem in tabular security data sets. Tabular data sets in cybersecurity domains are widely known to pose challenges for machine learning because of their heavily imbalanced data (e.g., a small number of labeled attack samples buried in a sea of mostly benign, unlabeled data). Semi-supervised learning leverages a small subset of labeled data and a large subset of unlabeled data to train a learning model. While semi-supervised methods have been well studied in image and language domains, in security domains they remain underutilized, especially on tabular security data sets which pose especially difficult contextual information loss and balance challenges for machine learning. Experiments applying MCoM to collected security data sets show promise for addressing these challenges, achieving state-of-the-art performance compared with other methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://zerodium.com.

  2. 2.

    https://cve.mitre.org.

  3. 3.

    https://nvd.nist.gov.

  4. 4.

    https://cwe.mitre.org.

References

  1. Berthelot, D., Carlini, N., Goodfellow, I., Papernot, N., Oliver, A., Raffel, C.A.: MixMatch: a holistic approach to semi-supervised learning. Advances in Neural Information Processing Systems (NeurIPS), vol. 32 (2019)

    Google Scholar 

  2. Caron, M., Misra, I., Mairal, J., Goyal, P., Bojanowski, P., Joulin, A.: Unsupervised learning of visual features by contrasting cluster assignments. In: Advances in Neural Information Processing Systems (NeurIPS), vol. 33, pp. 9912–9924 (2020)

    Google Scholar 

  3. Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. (JAIR) 16(1), 321–357 (2002)

    Article  Google Scholar 

  4. Chen, T., Guestrin, C.: XGBoost: a scalable tree boosting system. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDDM), pp. 785–794 (2016)

    Google Scholar 

  5. Chen, T., Kornblith, S., Norouzi, M., Hinton, G.: A simple framework for contrastive learning of visual representations. In: Proceedings of the 37th IEEE International Conference on Machine Learning (ICML), pp. 1597–1607 (2020)

    Google Scholar 

  6. Cui, Y., Jia, M., Lin, T.Y., Song, Y., Belongie, S.: Class-balanced loss based on effective number of samples. In: Proceedings of the 37th IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 9268–9277 (2019)

    Google Scholar 

  7. Darabi, S., Fazeli, S., Pazoki, A., Sankararaman, S., Sarrafzadeh, M.: Contrastive mixup: Self-and semi-supervised learning for tabular domain. arXiv Preprint arXiv:2108.12296 (2021)

  8. Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: ImageNet: a large-scale hierarchical image database. In: Proceedings of the 27th IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 248–255 (2009)

    Google Scholar 

  9. Doyle, M., Walden, J.: An empirical study of the evolution of PHP web application security. In: Proceedings of the 3rd International Workshop on Security Measurements and Metrics, pp. 11–20 (2011)

    Google Scholar 

  10. Du, X., et al.: Leopard: identifying vulnerable code for vulnerability assessment through program metrics. In: Proceedings of the 41st International Conference on Software Engineering (ICSE), pp. 60–71 (2019)

    Google Scholar 

  11. Feng, S.Y., et al.: A survey of data augmentation approaches for NLP. arXiv Preprint arXiv:2105.03075 (2021)

  12. Fenton, N., Bieman, J.: Software Metrics: A Rigorous and Practical Approach, 3rd edn. CRC Press, Boca Raton (2014)

    Book  Google Scholar 

  13. Gao, Y., Li, Y.F., Lin, Y., Aggarwal, C., Khan, L.: SetConv: a new approach for learning from imbalanced data. In: Proceedings of the Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1284–1294 (2021)

    Google Scholar 

  14. Gegick, M., Williams, L., Osborne, J., Vouk, M.: Prioritizing software security fortification through code-level metrics. In: Proceedings of the 4th ACM Workshop on Quality of Protection (QoP), pp. 31–38 (2008)

    Google Scholar 

  15. He, K., Fan, H., Wu, Y., Xie, S., Girshick, R.: Momentum contrast for unsupervised visual representation learning. In: Proceedings of the 38th IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 9729–9738 (2020)

    Google Scholar 

  16. Ioffe, S., Szegedy, C.: Batch normalization: accelerating deep network training by reducing internal covariate shift. In: Proceedings of the 32nd International Conference on Machine Learning (ICML), pp. 448–456 (2015)

    Google Scholar 

  17. Iscen, A., Tolias, G., Avrithis, Y., Chum, O.: Label propagation for deep semi-supervised learning. In: Proceedings of the 37th IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 5070–5079 (2019)

    Google Scholar 

  18. Kobayashi, S.: Contextual augmentation: data augmentation by words with paradigmatic relations. In: Proceedings of the Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (NAACL-HLT), vol. 2, pp. 452–457 (2018)

    Google Scholar 

  19. Krizhevsky, A., Sutskever, I., Hinton, G.E.: ImageNet classification with deep convolutional neural networks. In: Advances in Neural Information Processing Systems (NeurIPS), vol. 25 (2012)

    Google Scholar 

  20. Lavee, G., Khan, L., Thuraisingham, B.: A framework for a video analysis tool for suspicious event detection. Multimedia Tools Appl. 35(1), 109–123 (2007)

    Article  Google Scholar 

  21. Lin, T.Y., Goyal, P., Girshick, R., He, K., Dollár, P.: Focal loss for dense object detection. In: Proceedings of the IEEE International Conference on Computer Vision (ICCV), pp. 2980–2988 (2017)

    Google Scholar 

  22. Masud, M.M., Gao, J., Khan, L., Han, J., Thuraisingham, B.: Classification and novel class detection in data streams with active mining. In: Zaki, M.J., Yu, J.X., Ravindran, B., Pudi, V. (eds.) PAKDD 2010. LNCS (LNAI), vol. 6119, pp. 311–324. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13672-6_31

    Chapter  Google Scholar 

  23. Masud, M.M., Khan, L., Thuraisingham, B.: A hybrid model to detect malicious executables. In: 2007 IEEE International Conference on Communications, pp. 1443–1448. IEEE (2007)

    Google Scholar 

  24. McCabe, T.: A complexity measure. IEEE Trans. Softw. Eng. (TSE) SE-2(4), 308–320 (1976)

    Google Scholar 

  25. Meneely, A., Williams, L.: Strengthening the empirical analysis of the relationship between Linus’ Law and software security. In: Proceedings of the 4th ACM International Symposium on Empirical Software Engineering and Measurement (ESEM) (2010)

    Google Scholar 

  26. Misra, I., van der Maaten, L.: Self-supervised learning of pretext-invariant representations. In: Proceedings of the 38th IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pp. 6707–6717 (2020)

    Google Scholar 

  27. Nagappan, N., Ball, T., Zeller, A.: Mining metrics to predict component failures. In: Proceedings of the 28th International Conference on Software Engineering (ICSE), pp. 452–461 (2006)

    Google Scholar 

  28. Parveen, P., Weger, Z.R., Thuraisingham, B., Hamlen, K., Khan, L.: Supervised learning for insider threat detection using stream mining. In: 2011 IEEE 23rd International Conference on Tools with Artificial Intelligence, pp. 1032–1039. IEEE (2011)

    Google Scholar 

  29. Piwowarski, P.: A nesting level complexity measure. ACM SIGPLAN Notices 17(9), 44–50 (1982)

    Article  Google Scholar 

  30. Sennrich, R., Haddow, B., Birch, A.: Improving neural machine translation models with monolingual data. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (ACL) (2016)

    Google Scholar 

  31. Shin, Y., Williams, L.: Can traditional fault prediction models be used for vulnerability prediction? Empir. Softw. Eng. 18(1), 25–59 (2013)

    Article  Google Scholar 

  32. Simonyan, K., Zisserman, A.: Very deep convolutional networks for large-scale image recognition. In: Proceedings of the 3rd International Conference on Learning Representations (ICLR) (2015)

    Google Scholar 

  33. Sohn, K., et al.: FixMatch: simplifying semi-supervised learning with consistency and confidence. In: Advances in Neural Information Processing Systems (NeurIPS), vol. 33, pp. 596–608 (2020)

    Google Scholar 

  34. Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., Salakhutdinov, R.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. (JMLR) 15(1), 1929–1958 (2014)

    MathSciNet  MATH  Google Scholar 

  35. Tian, Y., Sun, C., Poole, B., Krishnan, D., Schmid, C., Isola, P.: What makes for good views for contrastive learning? In: Advances in Neural Information Processing Systems (NeurIPS), vol. 33, pp. 6827–6839 (2020)

    Google Scholar 

  36. Trinh, T.H., Luong, M.T., Le, Q.V.: Selfie: Self-supervised pretraining for image embedding. arXiv Preprint arXiv:1906.02940 (2019)

  37. Wang, Z., Dong, B., Lin, Y., Wang, Y., Islam, M.S., Khan, L.: Co-representation learning framework for the open-set data classification. In: IEEE International Conference on Big Data (BigData), pp. 239–244 (2019)

    Google Scholar 

  38. Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: Proceedings of the 35th IEEE Symposium on Security and Privacy (S &P) (2014)

    Google Scholar 

  39. Yoon, J., Zhang, Y., Jordon, J., van der Schaar, M.: VIME: extending the success of self-and semi-supervised learning to tabular domain. In: Advances in Neural Information Processing Systems (NeurIPS), vol. 33, pp. 11033–11043 (2020)

    Google Scholar 

  40. Younis, A., Malaiya, Y., Anderson, C., Ray, I.: To fear or not to fear that is the question: code characteristics of a vulnerable function with an existing exploit. In: Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY), pp. 97–104 (2016)

    Google Scholar 

  41. Zeller, A., Zimmermann, T., Bird, C.: Failure is a four-letter word: a parody in empirical research. In: Proceedings of the 7th International Conference on Predictive Models in Software Engineering (Promise) (2011)

    Google Scholar 

  42. Zhang, H., Cisse, M., Dauphin, Y.N., Lopez-Paz, D.: Mixup: beyond empirical risk minimization. arXiv Preprint arXiv:1710.09412 (2017)

  43. Zhou, D., Bousquet, O., Lal, T., Weston, J., Schölkopf, B.: Learning with local and global consistency. In: Advances in Neural Information Processing Systems (NeurIPS), vol. 16 (2003)

    Google Scholar 

  44. Zhu, X.J.: Semi-supervised learning literature survey. Technical report, University of Wisconsin-Madison (2008)

    Google Scholar 

  45. Zimmermann, T., Nagappan, N.: Predicting defects using network analysis on dependency graphs. In: Proceedings of the 30th ACM/IEEE International Conference on Software Engineering (ICSE), pp. 531–540 (2008)

    Google Scholar 

Download references

Acknowledgement

The research reported herein was supported in part by NSF awards DMS-1737978, DGE-2039542, OAC-1828467, OAC-1931541, and DGE-1906630, ONR awards N00014-17-1-2995 and N00014-20-1-2738, DARPA FA8750-19-C-0006, Army Research Office Contract No. W911NF2110032 and IBM faculty award (Research).

Author information

Authors and Affiliations

  1. The University of Texas at Dallas, Richardson, TX, 75080, USA

    Xiaodi Li, Latifur Khan, Mahmoud Zamani, Shamila Wickramasuriya, Kevin W. Hamlen & Bhavani Thuraisingham

Authors
  1. Xiaodi Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Latifur Khan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mahmoud Zamani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shamila Wickramasuriya
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Kevin W. Hamlen
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Bhavani Thuraisingham
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiaodi Li .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, West Bengal, India

    Shamik Sural

  2. Department of Information Systems and Analytics, Santa Clara University, Santa Clara, CA, USA

    Haibing Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, X., Khan, L., Zamani, M., Wickramasuriya, S., Hamlen, K.W., Thuraisingham, B. (2022). MCoM: A Semi-Supervised Method for Imbalanced Tabular Security Data. In: Sural, S., Lu, H. (eds) Data and Applications Security and Privacy XXXVI. DBSec 2022. Lecture Notes in Computer Science, vol 13383. Springer, Cham. https://doi.org/10.1007/978-3-031-10684-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10684-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10683-5

  • Online ISBN: 978-3-031-10684-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation