skip to main content
10.1145/3196494.3196502acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
short-paper

Detection under Privileged Information

Published: 29 May 2018 Publication History

Abstract

For well over a quarter century, detection systems have been driven by models learned from input features collected from real or simulated environments. An artifact (e.g., network event, potential malware sample, suspicious email) is deemed malicious or non-malicious based on its similarity to the learned model at runtime. However, the training of the models has been historically limited to only those features available at runtime. In this paper, we consider an alternate learning approach that trains models using privileged information--features available at training time but not at runtime--to improve the accuracy and resilience of detection systems. In particular, we adapt and extend recent advances in knowledge transfer, model influence, and distillation to enable the use of forensic or other data unavailable at runtime in a range of security domains. An empirical evaluation shows that privileged information increases precision and recall over a system with no privileged information: we observe up to 7.7% relative decrease in detection error for fast-flux bot detection, 8.6% for malware traffic detection, 7.3% for malware classification, and 16.9% for face recognition. We explore the limitations and applications of different privileged information techniques in detection systems. Such techniques provide a new means for detection systems to learn from data that would otherwise not be available at runtime.

References

[1]
Mansour A. et almbox. 2015. Novel feature extraction, selection and fusion for effective malware family classification. arXiv preprint arXiv:1511.04317.
[2]
R. Barbosa, R. Sadre, A. Pras, and R. Meent. 2010. University of Twente traffic traces data repository University of Twente Tech Report.
[3]
J. Bickford et almbox. 2011. Security versus energy tradeoffs in host-based mobile malware detection Mobile systems, applications, and services.
[4]
Equifax Data Breach. 2018. https://en.wikipedia.org/wiki/Equifax. (2018). {Online; accessed 15-January-2018}.
[5]
I. Butun et almbox. 2014. A survey of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys & Tutorials.
[6]
A. A. Cardenas et almbox. 2013. Big data analytics for security. IEEE System Security.
[7]
Z. B. Celik, R. Izmailov, and P. McDaniel. 2015 a. Proof and implementation of algorithmic realization of learning using privileged information (LUPI) paradigm: SVM. Technical Report NAS-TR-0187-2015. NSCR, CSE, PSU.
[8]
Z. Berkay Celik, David Lopez-Paz, and Patrick McDaniel. 2016. Patient-driven privacy control through generalized distillation. IEEE Symposium on Privacy-Aware Computing (PAC).
[9]
Z. B. Celik, P. McDaniel, and R. Izmailov. 2017. Feature cultivation in privileged information-augmented detection ACM CODASPY IWSPA.
[10]
Z. Berkay Celik, Patrick McDaniel, Rauf Izmailov, Nicolas Papernot, Ryan Sheatsley, Raquel Alvarez, and Ananthram Swami. 2018. Detection under privileged information (Extended Version).

Cited By

View all
  • (2021)Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information2021 IEEE International Conference on Intelligence and Security Informatics (ISI)10.1109/ISI53945.2021.9624757(1-6)Online publication date: 2-Nov-2021

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security
May 2018
866 pages
ISBN:9781450355766
DOI:10.1145/3196494
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2018

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. detection systems
  2. machine learning
  3. privileged information

Qualifiers

  • Short-paper

Funding Sources

Conference

ASIA CCS '18
Sponsor:

Acceptance Rates

ASIACCS '18 Paper Acceptance Rate 52 of 310 submissions, 17%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)14
  • Downloads (Last 6 weeks)3
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)Intrusion Detection for Industrial Control Systems by Machine Learning using Privileged Information2021 IEEE International Conference on Intelligence and Security Informatics (ISI)10.1109/ISI53945.2021.9624757(1-6)Online publication date: 2-Nov-2021

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media