小样本下未知内部威胁检测的方法研究

摘要/Abstract

摘要： 极少量的内部威胁通常被淹没在海量的正常数据中,而传统的有监督检测方法在此很难发挥作用。此外,各类新形式内部威胁的出现使得传统需要大量同类标记样本数据学习特征的方法在实际中并不适用。针对检测未知内部威胁,文中提出了一种基于原型的分类检测方法。该方法使用长短期记忆网络提取用户行为数据的特征,通过在特征空间上比较与各类原型的距离(余弦相似度)来发现未知内部威胁,并采用元学习方法更新参数。最终通过基于CMU-CERT的合成数据集的实验也验证了该方法的有效性,在小样本条件下,对新出现的未知内部威胁的分类的准确率达到了88%。

关键词: 未知内部威胁, 小样本学习, 元学习, 原型网络

Abstract: Few insider threats are usually covered by a mass of normal data.It is difficult for traditional anomaly detection method based on machine learning to detect insider threats because of lacking in sufficient labeled data.To detect these unknown insider threats with small samples,this paper proposed a method based on prototypical networks witch used Long Short Term Memory networks to extract the features of user behavior data and updated parameters by meta learning.This method uses cosine similarity to classify new class samples which are not seen in training set.The experimental results with generated data based on CMU-CERT dataset finally show that the proposed method is effective,and the classification accuracy of detecting unknown insider threat is 88%.

Key words: Few-lhot learning, Meta learning, Prototypical networks, Unknown insider threat

中图分类号:

TP393

王一丰, 郭渊博, 李涛, 孔菁. 小样本下未知内部威胁检测的方法研究[J]. 计算机科学, 2019, 46(11A): 496-501. https://doi.org/

WANG Yi-feng, GUO Yuan-bo, LI Tao, KONG Jing. Method for Unknown Insider Threat Detection with Small Samples[J]. Computer Science, 2019, 46(11A): 496-501. https://doi.org/

参考文献

[1]MUKHERJEE B,HEBERLEIN L T,LEVITT K N,et al.Network intrusion detection[J].IEEE Network,1994,8(3):26-41.
[2]张蕾,崔勇,刘静,等.机器学习在网络空间安全研究中的应用[J].计算机学报,2018,9:1943-1975.
[3]KOTSIANTIS S B.Supervised machine learning:a review ofclassification techniques[J].Informatica (lithuanian Academy of Sciences),2007,31(3):249-268.
[4]VILALTA R,DRISSI Y.A perspective view and survey of meta-learning[J].Artificial Intelligence Review,2002,18(2):77-95.
[5]KRIZHEVSKY A,SUTSKEVER I,HINTON G E,et al.ImageNet classification with deep convolutional neural networks[C]∥Neural Information Processing Systems,2012:1097-1105.
[6]LECUN Y,BENGIO Y,HINTON G.Deep learning[J].Nature,2015,521(7553):436.
[7]HINTON G E,SALAKHUTDINOV R.Reducing the dimen-sionality of data with neural networks[J].Science,2006,313(5786):504-507.
[8]焦李成,杨淑媛,刘芳,等.神经网络七十年:回顾与展望[J].计算机学报,2016,39(8):1697-1716.
[9]YOUNG W T,GOLDBERG H G,MEMORY A,et al.Use of domain knowledge to detect insider threats in computer activities[C]∥IEEE Symposium on Security and Privacy.2013:60-67.
[10]SENATOR T E,GOLDBERG H G,MEMORY A,et al.Detecting insider threats in a real corporate database of computer usage activity[C]∥Knowledge Discovery and Data Mining.2013:1393-1401.
[11]FINN C,ABBEEL P,LEVINE S,et al.Model-agnostic meta-learning for fast adaptation of deep networks[J].International Conference on Machine Learning,2017:1126-1135.
[12]LAKE B M,SALAKHUTDINOV R,TENENBAUM J B,et al.Human-level concept learning through probabilistic program induction[J].Science,2015,350(6266):1332-1338.
[13]SNELL J,SWERSKY K,ZEMEL R S,et al.Prototypical Networks for Few-shot Learning[J].Neural Information Processing Systems,2017:4077-4087.
[14]VINYALS O,BLUNDELL C,LILLICRAP T P,et al.Matching networks for one shot learning[J].Neural Information Processing Systems,2016:3637-3645.
[15]HOCHREITER S,YOUNGER A S,CONWELL P R,et al.Learning to Learn Using Gradient Descent[J].International Conference on Artificial Neural Networks,2001:87-94.
[16]SANTORO A,BARTUNOV S,BOTVINICK M M,et al.Meta-learning with memory-augmented neural networks[C]∥International Conference on Machine Learning.2016:1842-1850.
[17]SANTORO A,BARTUNOV S,BOTVINICK M M,et al.One-shot learning with memory-augmented neural networks[J].arXiv:Learning,2016.
[18]RAVI S,LAROCHELLE H.Optimization as a model for few-shot learning[C]∥International Conference on Learning Representations.2017.
[19]LI F F,FERGUS R,PERONA P,et al.One-shot learning of object categories[J].IEEE Transactions on Pattern Analysis and Machine Intelligence,2006,28(4):594-611.
[20]SATORRAS V G,ESTRACH J B.Few-shot learning withgraph neural networks[C]∥International Conference on Learning Representations.2018.
[21]YOUNG W T,MEMORY A,GOLDBERG H G,et al.Detecting unknown insider threat scenarios[C]∥IEEE Symposium on Security and Privacy.2014:277-288.
[22]LI Y H,XIA J B,ZHANG S L,et al.An efficient intrusion detection system based on support vector machines and gradually feature removal method[J].Expert Systems with Applications,2012,39(1):424-430.
[23]LIPPMANN R P,CUNNINGHAM R K.Improving intrusiondetection performance using keyword selection and neural networks[J].Computer Networks,2000,34(4):597-603.
[24]HOCHREITER S,SCHMIDHUBER J.Long short-term memory[J].Neural Computation,1997,9(8):1735-1780.
[25]VINYALS O,BENGIO S,KUDLUR M.Order matters:se-quence to sequence for sets[C]∥Trnational Conference on Learning Representations.2016.
[26]LAKE B M,SALAKHUTDINOV R,GROSS J,et al.One shot learning of simple visual concepts[J].Cognitive Science,2011,33(33).
[27]RUSSAKOVSKY O,DENG J,SU H,et al.ImageNet large scale visual recognition challenge[J].International Journal of Computer Vision,2015,115(3):211-252.
[28]LINDAUER B,GLASSER J,ROSEN M,et al.Generating test data for insider threat detectors[J].Journal of Wireless Mobile Networks,Ubiquitous Computing,and Dependable Applications,2013,5(2):80-94.
[29]CAPPELLI D M,MOORE A P,TRZECIAK R F.The CERT Guide to Insider Threats:How to Prevent,Detect,and Respond to Information Technology Crimes[M].Hoboken:Addison-Wesley Professional,2012.
[30]MERKEL D.Docker:lightweight linux containers for consistent development and deployment[J].Linux Journal,2014,2014(239):2.

相关文章 12

[1]	齐秀秀, 王佳昊, 李文雄, 周帆. 基于概率元学习的矩阵补全预测融合算法 Fusion Algorithm for Matrix Completion Prediction Based on Probabilistic Meta-learning 计算机科学, 2022, 49(7): 18-24. https://doi.org/10.11896/jsjkx.210600126
[2]	彭云聪, 秦小林, 张力戈, 顾勇翔. 面向图像分类的小样本学习算法综述 Survey on Few-shot Learning Algorithms for Image Classification 计算机科学, 2022, 49(5): 1-9. https://doi.org/10.11896/jsjkx.210500128
[3]	周颖, 常明新, 叶红, 张燕. 基于元迁移的太阳能电池板缺陷图像超分辨率重建方法 Super Resolution Reconstruction Method of Solar Panel Defect Images Based on Meta-transfer 计算机科学, 2022, 49(3): 185-191. https://doi.org/10.11896/jsjkx.210100234
[4]	刘洋, 李凡长. 基于变分贝叶斯的纤维丛元学习算法 Fiber Bundle Meta-learning Algorithm Based on Variational Bayes 计算机科学, 2022, 49(3): 225-231. https://doi.org/10.11896/jsjkx.201100111
[5]	方仲礼, 王喆, 迟子秋. 面向多标签小样本学习的双流重构网络 Dual-stream Reconstruction Network for Multi-label and Few-shot Learning 计算机科学, 2022, 49(1): 212-218. https://doi.org/10.11896/jsjkx.201100143
[6]	吴少波, 傅启明, 陈建平, 吴宏杰, 陆悠. 基于相对熵的元逆强化学习方法 Meta-inverse Reinforcement Learning Method Based on Relative Entropy 计算机科学, 2021, 48(9): 257-263. https://doi.org/10.11896/jsjkx.200700044
[7]	陆嘉猷, 凌兴宏, 刘全, 朱斐. 基于自适应调节策略熵的元强化学习算法 Meta-reinforcement Learning Algorithm Based on Automating Policy Entropy 计算机科学, 2021, 48(6): 168-174. https://doi.org/10.11896/jsjkx.200600133
[8]	汪航, 陈晓, 田晟兆, 陈端兵. 基于小样本学习的SAR图像识别 SAR Image Recognition Based on Few-shot Learning 计算机科学, 2020, 47(5): 124-128. https://doi.org/10.11896/jsjkx.190400136
[9]	于诚, 朱皖宁, 游坤, 朱金付. 基于Attention机制与LRUA模块的ESports行为模式预测模型 Prediction Model of E-sports Behavior Pattern Based on Attention Mechanism and LRUA Module 计算机科学, 2019, 46(11A): 76-79.
[10]	于旭,杨静,谢志强. 虚拟样本生成技术研究 Research on Virtual Sample Generation Technology 计算机科学, 2011, 38(3): 16-19.
[11]	. 知识网格环境下基于TMs的协同认知计算机科学, 2006, 33(5): 222-226.
[12]	. 非平衡数据训练方法概述计算机科学, 2005, 32(10): 181-186.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed