Collaborative Research: SaTC: CORE: Small: Machine Learning for Cybersecurity: Robustness Against Concept Drift

协作研究：SaTC：核心：小型：网络安全机器学习：针对概念漂移的稳健性

• 批准号: 2154874
• 负责人: Suman Jana
• 金额: $ 30万
• 依托单位: Columbia University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2154874&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

A promising direction for cybersecurity is to use machine learning to detect threats and attacks. For instance, machine learning is currently used to detect computer viruses, malware, malicious mobile applications, spam email, and network intrusions. However, one fundamental challenge for using machine learning in this way is the problem of concept drift. Concept drift refers to the problem that threats change over time, and normal benign behavior changes over time, and as a result, machine learning algorithms rapidly degrade and become less effective as time passes. Empirically, concept drift is one of the main challenges that make it hard to apply machine learning more broadly in cybersecurity. This project will develop new methods tailored to the cybersecurity domain for addressing concept drift, and it will advance the state of knowledge on robustness against concept drift in cybersecurity. The project has the potential to improve cybersecurity protections for everyday people, including improving antivirus software, phishing detectors, fraud/scam detection, and more, thereby making the Internet safer for everyone.The team's approach is based on an understanding of the fundamental drivers of concept drift, including both gradual drift and emergence of entirely new types of threats. Threats can often be categorized into multiple categories. For instance, malware falls into many different "malware families". Each category may experience concept drift at a different rate. This provides an opportunity for new methods that take advantage of such differences across categories. To address the problem of categories that are experiencing rapid concept drift, the team plans to develop techniques to detect which categories are suffering from concept drift to the greatest degree and then select samples from those categories for human analysts to evaluate. For new types of threats, the team plans to develop techniques to identify samples from new categories so they can be submitted for human analysis. For categories that are experiencing gradual but sustained concept drift, the team plans to explore use of semi-supervised learning and pseudo labels to help the machine learning algorithm adapt to these changes in the data.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络安全的一个有前途的方向是使用机器学习来检测威胁和攻击。 例如，机器学习目前用于检测计算机病毒、恶意软件、恶意移动应用程序、垃圾邮件和网络入侵。 然而，以这种方式使用机器学习的一个基本挑战是概念漂移问题。 概念漂移是指威胁随着时间的推移而变化，正常的良性行为随着时间的推移而变化，导致机器学习算法随着时间的推移而迅速退化并变得不太有效的问题。 根据经验，概念漂移是导致机器学习难以在网络安全中更广泛应用的主要挑战之一。 该项目将开发适合网络安全领域的新方法来解决概念漂移问题，并将提高网络安全中针对概念漂移的鲁棒性知识水平。 该项目有潜力改善日常生活中的网络安全保护，包括改进防病毒软件、网络钓鱼检测器、欺诈/诈骗检测等，从而使每个人的互联网更加安全。该团队的方法基于对基本驱动因素的理解。概念漂移，包括逐渐漂移和全新类型威胁的出现。 威胁通常可以分为多个类别。 例如，恶意软件属于许多不同的“恶意软件家族”。 每个类别可能会以不同的速度经历概念漂移。 这为利用跨类别差异的新方法提供了机会。 为了解决正在经历快速概念漂移的类别问题，该团队计划开发技术来检测哪些类别遭受最大程度的概念漂移，然后从这些类别中选择样本供人类分析师进行评估。对于新类型的威胁，该团队计划开发技术来识别新类别的样本，以便将它们提交进行人工分析。对于正在经历逐渐但持续的概念漂移的类别，团队计划探索使用半监督学习和伪标签来帮助机器学习算法适应数据中的这些变化。该奖项反映了 NSF 的法定使命，并被认为是值得的通过使用基金会的智力优势和更广泛的影响审查标准进行评估来获得支持。