Your search keyword '"Malcolm I. Heywood"' showing total 59 results

1. Analyzing Data Granularity Levels for Insider Threat Detection Using Machine Learning

Author

Nur Zincir-Heywood, Malcolm I. Heywood, and Duc C. Le

Subjects

Ground truth, Government, Computer Networks and Communications, business.industry, Computer science, Insider threat, 020206 networking & telecommunications, 02 engineering and technology, Machine learning, computer.software_genre, Insider, Action (philosophy), 0202 electrical engineering, electronic engineering, information engineering, Data analysis, Artificial intelligence, False positive rate, Electrical and Electronic Engineering, Set (psychology), business, computer

Abstract

Malicious insider attacks represent one of the most damaging threats to networked systems of companies and government agencies. There is a unique set of challenges that come with insider threat detection in terms of hugely unbalanced data, limited ground truth, as well as behaviour drifts and shifts. This work proposes and evaluates a machine learning based system for user-centered insider threat detection. Using machine learning, analysis of data is performed on multiple levels of granularity under realistic conditions for identifying not only malicious behaviours, but also malicious insiders. Detailed analysis of popular insider threat scenarios with different performance measures are presented to facilitate the realistic estimation of system performance. Evaluation results show that the machine learning based detection system can learn from limited ground truth and detect new malicious insiders in unseen data with a high accuracy. Specifically, up to 85% of malicious insiders are detected at only 0.78% false positive rate. The system is also able to quickly detect the malicious behaviours, as low as 14 minutes after the first malicious action. Comprehensive result reporting allows the system to provide valuable insights to analysts in investigating insider threat cases.

Published

2020

2. Discovering Agent Behaviors Through Code Reuse: Examples From Half-Field Offense and Ms. Pac-Man

Author

Stephen Kelly and Malcolm I. Heywood

Subjects

business.industry, Computer science, Code reuse, Genetic programming, 0102 computer and information sciences, 02 engineering and technology, Modular design, Machine learning, computer.software_genre, 01 natural sciences, Maintenance engineering, Task (project management), 010201 computation theory & mathematics, Artificial Intelligence, Control and Systems Engineering, Order (exchange), 0202 electrical engineering, electronic engineering, information engineering, Domain knowledge, A priori and a posteriori, 020201 artificial intelligence & image processing, Artificial intelligence, Electrical and Electronic Engineering, business, computer, Software

Abstract

This paper demonstrates how code reuse allows genetic programming (GP) to discover strategies for difficult gaming scenarios while maintaining relatively low model complexity. Critical factors in the proposed approach are illustrated through an in-depth study in two challenging task domains: RoboCup soccer and Ms. Pac-Man. In RoboCup, we demonstrate how policies initially evolved for simple subtasks can be reused, with no additional training or transfer function, in order to improve learning in the complex half-field offense (HFO) task. We then show how the same approach to code reuse can be applied directly in Ms. Pac-Man. In the latter case, the use of task-agnostic diversity maintenance removes the need to explicitly identify suitable subtasks a priori . The resulting GP policies achieve state-of-the-art levels of play in HFO and surpass scores previously reported in the Ms. Pac-Man literature, while employing less domain knowledge during training. Moreover, the highly modular policies discovered by GP are shown to be significantly less complex than state-of-the-art solutions in both domains. Throughout this paper, we pay special attention to a pair of task-agnostic diversity maintenance techniques, and empirically demonstrate their importance to the development of strong policies.

Published

2018

3. Unsupervised Monitoring of Networkand Service Behaviour Using SelfOrganizing Maps

Author

Malcolm I. Heywood, Duc C. Le, and A. Nur Zincir-Heywood

Subjects

Service (business), Computer Networks and Communications, Hardware and Architecture, Computer science, business.industry, Unsupervised learning, Artificial intelligence, business, Machine learning, computer.software_genre, computer

Published

2018

4. Dynamic Insider Threat Detection Based on Adaptable Genetic Programming

Author

A. Nur Zincir-Heywood, Malcolm I. Heywood, and Duc C. Le

Subjects

education.field_of_study, Computer science, business.industry, Computation, Population, Detector, Insider threat, 020206 networking & telecommunications, Genetic programming, 02 engineering and technology, Machine learning, computer.software_genre, Insider, Scratch, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, education, business, computer, computer.programming_language

Abstract

Different variations in deployment environments of machine learning techniques may affect the performance of the implemented systems. The variations may cause changes in the data for machine learning solutions, such as in the number of classes and the extracted features. This paper investigates the capabilities of Genetic Programming (GP) for malicious insider detection in corporate environments under such changes. Assuming a Linear GP detector, techniques are introduced to allow a previously trained GP population to adapt to different changes in the data. The experiments and evaluation results show promising insider threat detection performances of the techniques in comparison with training machine learning classifiers from scratch. This reduces the amount of data needed and computation requirements for obtaining dependable insider threat detectors under new conditions.

Published

2019

5. Benchmarking genetic programming in dynamic insider threat detection

Author

Malcolm I. Heywood, Duc C. Le, and Nur Zincir-Heywood

Subjects

education.field_of_study, Expediting, Computer science, business.industry, Feature vector, Population, Insider threat, Genetic programming, 0102 computer and information sciences, 02 engineering and technology, Benchmarking, Machine learning, computer.software_genre, 01 natural sciences, 010201 computation theory & mathematics, Software deployment, Linear genetic programming, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, business, education, computer

Abstract

In real world applications, variation in deployment environments, such as changes in data collection techniques, can affect the effectiveness and/or efficiency of machine learning (ML) systems. In this work, we investigate techniques to allow a previously trained population of Linear Genetic Programming (LGP) insider threat detectors to adapt to an expanded feature space. Experiments show that appropriate methods can be adopted to enable LGP to incorporate the new data efficiently, hence reducing computation requirements and expediting deployment under the new conditions.

Published

2019

6. Unsupervised Monitoring of Network and Service Behaviour Using Self Organizing Maps

Author

Malcolm I. Heywood, Duc C. Le, and Nur Zincir-Heywood

Subjects

Self-organizing map, Web server, Service (systems architecture), Computer Networks and Communications, business.industry, Computer science, Botnet, computer.software_genre, Machine learning, Visualization, Hardware and Architecture, Unsupervised learning, Anomaly detection, Artificial intelligence, Web service, business, computer

Abstract

Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. This paper investigates the capability of the Self Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, the aim is to understand how far such an approach could be pushed to analyze the network traffic, and to detect malicious behaviours in the wild. To this end, three different unsupervised SOM training scenarios for different data acquisition conditions are designed, implemented and evaluated. The approach is evaluated on publicly available network traffic (flows) and web server access (web requests) datasets. The results show that the approach has a high potential as a data analytics tool on unknown traffic/web service requests, and unseen attack behaviours. Malicious behaviours both on network and service datasets used could be identified with a high accuracy. Furthermore, the approach achieves comparable performances to that of popular supervised and unsupervised learning methods in the literature. Last but not the least, it provides unique visualization capabilities for enabling a simple yet effective network/service data analytics for security management.

Published

2018

7. On botnet detection with genetic programming under streaming data, label budgets and class imbalance

Author

A. Nur Zincir-Heywood, Sara Khanchi, Malcolm I. Heywood, and Ali Vahdat

Subjects

General Computer Science, Active learning (machine learning), Computer science, General Mathematics, Botnet, Genetic programming, 02 engineering and technology, Machine learning, computer.software_genre, Evolutionary computation, Class imbalance, Robustness (computer science), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business.industry, Supervised learning, Swarm behaviour, 020206 networking & telecommunications, Benchmarking, Task (computing), Streaming data, 020201 artificial intelligence & image processing, Data mining, Artificial intelligence, business, Classifier (UML), Model building, computer

Abstract

Algorithms for constructing models of classification under streaming data scenarios are becoming increasingly important. In order for such algorithms to be applicable under ‘real-world’ contexts we adopt the following objectives: 1) operate under label budgets, 2) make label requests without recourse to true label information, and 3) robustness to class imbalance. Specifically, we assume that model building is only performed using the content of a Data Subset (as in active learning). Thus, the principle design decisions are with regard to the definitions employed for sampling and archiving policies. Moreover, these policies should operate without prior information regarding the distribution of classes, as this varies over the course of the stream. A team formulation for genetic programming (GP) is assumed as the generic model for classification in order to support incremental changes to classifier content. Benchmarking is conducted with thirteen real-world Botnet datasets with label budgets of the order of 0.5–5% and significant amounts of class imbalance. Specific recommendations are made for detecting the costly minor classes under these conditions. Comparison with current approaches to streaming data under label budgets supports the significance of these findings.

Published

2018

8. Benchmarking evolutionary computation approaches to insider threat detection

Author

Malcolm I. Heywood, Duc C. Le, A. Nur Zincir-Heywood, and Sara Khanchi

Subjects

Computer science, Active learning (machine learning), business.industry, Insider threat, 020206 networking & telecommunications, Context (language use), Genetic programming, 02 engineering and technology, Benchmarking, Machine learning, computer.software_genre, Evolutionary computation, Data set, Active learning, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, Adaptation (computer science), business, computer

Abstract

Insider threat detection represents a challenging problem to companies and organizations where malicious actions are performed by authorized users. This is a highly skewed data problem, where the huge class imbalance makes the adaptation of learning algorithms to the real world context very difficult. In this work, applications of genetic programming (GP) and stream active learning are evaluated for insider threat detection. Linear GP with lexicase/multi-objective selection is employed to address the problem under a stationary data assumption. Moreover, streaming GP is employed to address the problem under a non-stationary data assumption. Experiments conducted on a publicly available corporate data set show the capability of the approaches in dealing with extreme class imbalance, stream learning and adaptation to the real world context.

Published

2018

9. Streaming Botnet traffic analysis using bio-inspired active learning

Author

Nur Zincir-Heywood, Malcolm I. Heywood, and Sara Khanchi

Subjects

Traffic analysis, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Botnet, Decision tree, Genetic programming, 02 engineering and technology, Network behavior, Machine learning, computer.software_genre, Electronic mail, Class imbalance, Robustness (computer science), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, business, computer

Abstract

Non-stationary network traffic, together with stealth occurrences of malicious behaviors, make analyzing network traffic challenging. In this research, a machine learning framework is used to incrementally learn the network behavior and adapt to the changes in the traffic. This framework works under two main constraints: 1) label budget, 2) class imbalance; which makes it suitable for real-world network scenarios. Evaluations are performed on a public dataset with multiple Botnet scenarios under 0.5% and 5% label budgets; only around 2.2% of traffic is Botnet. Our results demonstrate the significance of the proposed Stream Genetic Programming solution and a general robustness to factors such as long latencies between instances of the same Botnet.

Published

2018

10. Properties of a GP active learning framework for streaming data with class imbalance

Author

Sara Khanchi, A. Nur Zincir-Heywood, and Malcolm I. Heywood

Subjects

Class (computer programming), Active learning (machine learning), business.industry, Computer science, Minor (linear algebra), Sampling (statistics), Context (language use), Genetic programming, 0102 computer and information sciences, 02 engineering and technology, Machine learning, computer.software_genre, 01 natural sciences, 010201 computation theory & mathematics, Streaming data, Active learning, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Observability, Data mining, Artificial intelligence, business, computer

Abstract

Active learning algorithms attempt to interactively develop a subset of data from which fitness evaluation is performed. Moreover, the distribution of labeled content within the data subset may adapt over time as genetic programming (GP) individuals improve. The basic goal is therefore to identify the most meaningful subset of data to improve the current model. Under a streaming data context additional challenges exist relative to the non-streaming scenario: non-stationary processes, partial observability anytime operation. This means that it is not possible to guarantee that the content of the data subset even provides exemplars for each class that could appear in the stream (i.e., different classes appear/disappear at different parts of the stream). With this in mind, an investigation is performed into the impact of adopting different policies for controlling the development of data subset content. To do so, a generic framework is defined in terms of sampling and archiving policies. The resulting evaluation under several large multi-class datasets with class imbalance indicates that adopting random sampling with a biased archiving policy is sufficient for evolving GP classifiers that match or better the current state-of-the-art, particularly when detecting minor classes.

Published

2017

11. Evolutionary model building under streaming data for classification tasks: opportunities and challenges

Author

Malcolm I. Heywood

Subjects

Scope (project management), business.industry, Computer science, Process (engineering), media_common.quotation_subject, Machine learning, computer.software_genre, Ensemble learning, Oracle, Computer Science Applications, Theoretical Computer Science, Task (project management), Hardware and Architecture, Active learning, Artificial intelligence, business, Function (engineering), Model building, computer, Software, media_common

Abstract

Streaming data analysis potentially represents a significant shift in emphasis from schemes historically pursued for offline (batch) approaches to the classification task. In particular, a streaming data application implies that: (1) the data itself has no formal `start' or `end'; (2) the properties of the process generating the data are non-stationary, thus models that function correctly for some part(s) of a stream may be ineffective elsewhere; (3) constraints on the time to produce a response, potentially implying an anytime operational requirement; and (4) given the prohibitive cost of employing an oracle to label a stream, a finite labelling budget is necessary. The scope of this article is to provide a survey of developments for model building under streaming environments from the perspective of both evolutionary and non-evolutionary frameworks. In doing so, we bring attention to the challenges and opportunities that developing solutions to streaming data classification tasks are likely to face using evolutionary approaches.

Published

2014

12. Smart Phone User Behaviour Characterization Based on Autoencoders and Self Organizing Maps

Author

A. Nur Zincir-Heywood, Deepthi Rajashekar, and Malcolm I. Heywood

Subjects

Self-organizing map, Computer science, business.industry, 020206 networking & telecommunications, 02 engineering and technology, Construct (python library), computer.software_genre, Machine learning, Autoencoder, Identification (information), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Data mining, Artificial intelligence, Hidden Markov model, Cluster analysis, business, computer, Central element

Abstract

Building applications that are cognizant of temporal and spatial changes in human behaviour under a one-class learning restriction represents a requirement for many user centric systems. We are particularly motivated to demonstrate the utility of algorithms for the self identification of smart phones. A framework is designed to quantify: (i) the dissimilarity in behaviours among any two users, (ii) the exclusivity of each user's behaviour (inclass) from the world (outclass). A central element of the proposed framework is to first identify a discriminating representation for each user. To this end, an autoencoder is employed in which the goal is to identify an encoding that rebuilds the original data with maximum accuracy/ least loss. The hypothesis of this work is that such an autoencoding step provides an effective mechanism for discovering good data representations prior to the application of a data description technique, such as clustering. Both the autoencoder and the clustering steps are performed relative to a single user. We construct a user specific behavioural model using the most frequently used applications, cell towers and websites. We demonstrate that relative to the most up-to-date publicly available smart phone data set, the resulting behavioural models are capable of uniquely identifying each user under a one-class learning constraint.

Published

2016

13. On novelty driven evolution in Poker

Author

Andrew R. McIntyre, Jessica Pauli de Castro Bonson, and Malcolm I. Heywood

Subjects

business.industry, Computer science, media_common.quotation_subject, Novelty, Genetic programming, 0102 computer and information sciences, 02 engineering and technology, Variation (game tree), Benchmarking, Ambiguity, Machine learning, computer.software_genre, 01 natural sciences, Data science, Task (project management), 010201 computation theory & mathematics, Bluff, 0202 electrical engineering, electronic engineering, information engineering, Benchmark (computing), 020201 artificial intelligence & image processing, Artificial intelligence, business, computer, media_common

Abstract

This work asks the question as to whether ‘novelty as an objective’ is still beneficial under tasks with a lot of ambiguity, such as Poker. Specifically, Poker represents a task in which there is partial information (public and private cards) and stochastic changes in state (what card will be dealt next). In addition, bluffing plays a fundamental role in successful strategies for playing the game. On the face of it, it appears that multiple sources of variation already exist, making the additional provision of novelty as an objective unwarranted. Indeed, most previous work in which agent strategies are evolved with novelty appearing as an explicit objective are not rich in sources of ambiguity. Conversely, the task of learning strategies for playing Poker, even under the 2-player case of heads-up Limit Texas Hold'em, is widely considered to be particularly challenging on account of the multiple sources of uncertainty. We benchmark a form of genetic programming, both with and without (task independent) novelty objectives. It is clear that pursuing behavioural diversity, even under the heads-up Limit Texas Hold'em task is central to learning successful strategies. Benchmarking against static and Bayesian opponents illustrates the capability of the resulting Genetic Programming (GP) agents to bluff and vary their style of play.

Published

2016

14. Data analytics on network traffic flows for botnet behaviour detection

Author

A. Nur Zincir-Heywood, Malcolm I. Heywood, and Duc C. Le

Subjects

business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Botnet, 020206 networking & telecommunications, 02 engineering and technology, Machine learning, computer.software_genre, Electronic mail, Intrusion, 0202 electrical engineering, electronic engineering, information engineering, Data analysis, Malware, Unsupervised learning, 020201 artificial intelligence & image processing, Anomaly detection, Artificial intelligence, Data mining, business, computer, High potential

Abstract

Botnets represent one of the most destructive cybersecurity threats. Given the evolution of the structures and protocols botnets use, many machine learning approaches have been proposed for botnet analysis and detection. In the literature, intrusion and anomaly detection systems based on unsupervised learning techniques showed promising performances. In this paper, we investigate the capability of employing the Self-Organizing Map (SOM), an unsupervised learning technique as a data analytics system. In doing so, our aim is to understand how far such an approach could be pushed to analyze unknown traffic to detect botnets. To this end, we employed three different unsupervised training schemes using publicly available botnet data sets. Our results show that SOMs possess high potential as a data analytics tool on unknown traffic. They can identify the botnet and normal flows with high confidence approximately 99% of the time on the data sets employed in this work.

Published

2016

15. Benchmarking a coevolutionary streaming classifier under the individual household electric power consumption dataset

Author

Alexander Loginov, Garnett Wilson, and Malcolm I. Heywood

Subjects

business.industry, Financial market, Genetic programming, 0102 computer and information sciences, 02 engineering and technology, Benchmarking, Machine learning, computer.software_genre, 01 natural sciences, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, Preprocessor, 020201 artificial intelligence & image processing, Electricity, Data mining, Electric power, Artificial intelligence, business, computer, Model building, Classifier (UML)

Abstract

The application of genetic programming (GP) to streaming data analysis appears, on the face of it, to be a less than obvious choice. If nothing else, the (perceived) computational cost of model building under GP would preclude its application to tasks with non-stationary properties. Conversely, there is a rich history of applying GP to various tasks associated with trading agent design for currency and stock markets. In this work, we investigate the utility of a coevolutionary framework originally proposed for trading agent design to the related streaming data task of predicting individual household electric power consumption. In addition, we address several benchmarking issues, such as effective preprocessing of stream data using a candlestick representation originally developed for financial market analysis, and quantification of performance using a novel ‘area under the curve’ style metric for streaming data. The computational cost of evolving GP solutions is demonstrated to be suitable for real-time operation under this task and shown to provide classification performance competitive with current established methods for streaming data classification. Finally, we note that the individual household electric power consumption dataset is more flexible than the more widely used electricity utility prediction dataset, because it supports benchmarking at multiple temporal time scales.

Published

2016

16. Symbiotic coevolutionary genetic programming: a benchmarking study under large attribute spaces

Author

Andrew R. McIntyre, John A. Doucette, Peter Lichodzijewski, and Malcolm I. Heywood

Subjects

Team composition, education.field_of_study, Cooperative coevolution, Computer science, business.industry, Population, Genetic programming, Machine learning, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Hardware and Architecture, Preprocessor, Combinatorial search, Artificial intelligence, education, business, Classifier (UML), computer, Software, Subspace topology

Abstract

Classification under large attribute spaces represents a dual learning problem in which attribute subspaces need to be identified at the same time as the classifier design is established. Embedded as opposed to filter or wrapper methodologies address both tasks simultaneously. The motivation for this work stems from the observation that team based approaches to Genetic Programming (GP) have the potential to design multiple classifiers per class--each with a potentially unique attribute subspace--without recourse to filter or wrapper style preprocessing steps. Specifically, competitive coevolution provides the basis for scaling the algorithm to data sets with large instance counts; whereas cooperative coevolution provides a framework for problem decomposition under a bid-based model for establishing program context. Symbiosis is used to separate the tasks of team/ensemble composition from the design of specific team members. Team composition is specified in terms of a combinatorial search performed by a Genetic Algorithm (GA); whereas the properties of individual team members and therefore subspace identification is established under an independent GP population. Teaming implies that the members of the resulting ensemble of classifiers should have explicitly non-overlapping behaviour. Performance evaluation is conducted over data sets taken from the UCI repository with 649---102,660 attributes and 2---10 classes. The resulting teams identify attribute spaces 1---4 orders of magnitude smaller than under the original data set. Moreover, team members generally consist of less than 10 instructions; thus, small attribute subspaces are not being traded for opaque models.

Published

2011

17. Classification as Clustering: A Pareto Cooperative-Competitive GP Approach

Author

Malcolm I. Heywood and Andrew R. McIntyre

Subjects

business.industry, Supervised learning, Pareto principle, Genetic programming, Classification, Machine learning, computer.software_genre, Multi-objective optimization, Task (project management), Support vector machine, Computational Mathematics, Artificial Intelligence, Cluster Analysis, Humans, Artificial intelligence, Cluster analysis, business, computer, Membership function, Mathematics

Abstract

Intuitively population based algorithms such as genetic programming provide a natural environment for supporting solutions that learn to decompose the overall task between multiple individuals, or a team. This work presents a framework for evolving teams without recourse to prespecifying the number of cooperating individuals. To do so, each individual evolves a mapping to a distribution of outcomes that, following clustering, establishes the parameterization of a (Gaussian) local membership function. This gives individuals the opportunity to represent subsets of tasks, where the overall task is that of classification under the supervised learning domain. Thus, rather than each team member representing an entire class, individuals are free to identify unique subsets of the overall classification task. The framework is supported by techniques from evolutionary multiobjective optimization (EMO) and Pareto competitive coevolution. EMO establishes the basis for encouraging individuals to provide accurate yet nonoverlaping behaviors; whereas competitive coevolution provides the mechanism for scaling to potentially large unbalanced datasets. Benchmarking is performed against recent examples of nonlinear SVM classifiers over 12 UCI datasets with between 150 and 200,000 training instances. Solutions from the proposed coevolutionary multiobjective GP framework appear to provide a good balance between classification performance and model complexity, especially as the dataset instance count increases.

Published

2011

18. Coevolutionary bid-based genetic programming for problem decomposition in classification

Author

Peter Lichodzijewski and Malcolm I. Heywood

Subjects

Structured support vector machine, Computer science, business.industry, Linear classifier, Genetic programming, Bidding, Quadratic classifier, Machine learning, computer.software_genre, Computer Science Applications, Theoretical Computer Science, Support vector machine, Hardware and Architecture, Margin classifier, One-class classification, Artificial intelligence, business, computer, Software

Abstract

In this work a cooperative, bid-based, model for problem decomposition is proposed with application to discrete action domains such as classification. This represents a significant departure from models where each individual constructs a direct input-outcome map, for example, from the set of exemplars to the set of class labels as is typical under the classification domain. In contrast, the proposed model focuses on learning a bidding strategy based on the exemplar feature vectors; each individual is associated with a single discrete action and the individual with the maximum bid `wins' the right to suggest its action. Thus, the number of individuals associated with each action is a function of the intra-action bidding behaviour. Credit assignment is designed to reward correct but unique bidding strategies relative to the target actions. An advantage of the model over other teaming methods is its ability to automatically determine the number of and interaction between cooperative team members. The resulting model shares several traits with learning classifier systems and as such both approaches are benchmarked on nine large classification problems. Moreover, both of the evolutionary models are compared against the deterministic Support Vector Machine classification algorithm. Performance assessment considers the computational, classification, and complexity characteristics of the resulting solutions. The bid-based model is found to provide simple yet effective solutions that are robust to wide variations in the class representation. Support Vector Machines and classifier systems tend to perform better under balanced datasets albeit resulting in black-box solutions.

Published

2008

19. On the Impact of Class Imbalance in GP Streaming Classification with Label Budgets

Author

Sara Khanchi, A. Nur Zincir-Heywood, and Malcolm I. Heywood

Subjects

Data stream, Computer science, business.industry, Supervised learning, Real-time computing, Genetic programming, 0102 computer and information sciences, 02 engineering and technology, Benchmarking, Machine learning, computer.software_genre, 01 natural sciences, Partition (database), Class imbalance, 010201 computation theory & mathematics, Streaming data, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Artificial intelligence, business, Classifier (UML), computer

Abstract

Streaming data scenarios introduce a set of requirements that do not exist under supervised learning paradigms typically employed for classification. Specific examples include, anytime operation, non-stationary processes, and limited label budgets. From the perspective of class imbalance, this implies that it is not even possible to guarantee that all classes are present in the samples of data used to construct a model. Moreover, when decisions are made regarding what subset of data to sample, no label information is available. Only after sampling is label information provided. This represents a more challenging task than encountered under non-streaming (offline) scenarios because the training partition contains label information. In this work, we investigate the utility of different protocols for sampling from the stream under the above constraints. Adopting a uniform sampling protocol was previously shown to be reasonably effective under both evolutionary and non-evolutionary streaming classifiers. In this work, we introduce a scheme for using the current ‘champion’ classifier to bias the sampling of training instances during the course of the stream. The resulting streaming framework for genetic programming is more effective at sampling minor classes and therefore reacting to changes in the underlying process responsible for generating the data stream.

Published

2016

20. A hierarchical SOM-based intrusion detection system

Author

H. Gunes Kayacik, A. Nur Zincir-Heywood, and Malcolm I. Heywood

Subjects

Self-organizing map, Training set, Hierarchy (mathematics), Computer science, business.industry, Intrusion detection system, Machine learning, computer.software_genre, Set (abstract data type), Data set, Knowledge extraction, Artificial Intelligence, Control and Systems Engineering, Feature (computer vision), Unsupervised learning, Data mining, Artificial intelligence, Electrical and Electronic Engineering, business, computer

Abstract

Purely based on a hierarchy of self-organizing feature maps (SOMs), an approach to network intrusion detection is investigated. Our principle interest is to establish just how far such an approach can be taken in practice. To do so, the KDD benchmark data set from the International Knowledge Discovery and Data Mining Tools Competition is employed. Extensive analysis is conducted in order to assess the significance of the features employed, the partitioning of training data and the complexity of the architecture. Contributions that follow from such a holistic evaluation of the SOM include recognizing that (1) best performance is achieved using a two-layer SOM hierarchy, based on all 41-features from the KDD data set. (2) Only 40% of the original training data is sufficient for training purposes. (3) The 'Protocol' feature provides the basis for a switching parameter, thus supporting modular solutions to the detection problem. The ensuing detector provides false positive and detection rates of 1.38% and 90.4% under test conditions; where this represents the best performance to date of a detector based on an unsupervised learning algorithm.

Published

2007

21. Solving Complex Problems with Coevolutionary Algorithms

Author

Malcolm I. Heywood and Krzysztof Krawiec

Subjects

Computer science, business.industry, Artificial intelligence, Machine learning, computer.software_genre, business, Complex problems, computer

Published

2015

22. Knowledge Transfer from Keepaway Soccer to Half-field Offense through Program Symbiosis

Author

Stephen Kelly and Malcolm I. Heywood

Subjects

business.industry, Computer science, Multi-agent system, Reinforcement learning, Genetic programming, Artificial intelligence, Half field, business, Machine learning, computer.software_genre, computer, Knowledge transfer

Abstract

Half-field Offense (HFO) is a sub-task of Robocup 2D Simulated Soccer. HFO is a challenging, multi-agent machine learning problem in which a team of offense players attempt to manoeuvre the ball past a defending team and around the goalie in order to score. The agent's sensors and actuators are noisy, making the problem highly stochastic and partially observable. These same real-world characteristics have made Keepaway soccer, which represents one sub-task of HFO, a popular testbed in the reinforcement learning and task-transfer literature in particular. We demonstrate how policies initially evolved for Keepaway can be reused within a symbiotic framework for coevolving policies in genetic programming (GP), with no additional training or transfer function, in order to improve learning in the HFO task. Moreover, the highly modular policies discovered by GP are shown to be significantly less complex than solutions based on traditional value-function optimization while achieving the same level of play in HFO.

Published

2015

23. Speeding up the Self-Organizing Feature Map Using Dynamic Subset Selection

Author

Leigh Wetmore, A. Nur Zincir-Heywood, and Malcolm I. Heywood

Subjects

Artificial neural network, Computer Networks and Communications, Computer science, business.industry, Active learning (machine learning), General Neuroscience, Context (language use), computer.software_genre, Machine learning, Set (abstract data type), Information extraction, ComputingMethodologies_PATTERNRECOGNITION, Artificial Intelligence, Feature (machine learning), Unsupervised learning, Artificial intelligence, business, Selection algorithm, computer, Software

Abstract

An active learning algorithm is devised for training Self-Organizing Feature Maps on large data sets. Active learning algorithms recognize that not all exemplars are created equal. Thus, the concepts of exemplar age and difficulty are used to filter the original data set such that training epochs are only conducted over a small subset of the original data set. The ensuing Hierarchical Dynamic Subset Selection algorithm introduces definitions for exemplar difficulty suitable to an unsupervised learning context and therefore appropriate Self-organizing map (SOM) stopping criteria. The algorithm is benchmarked on several real world data sets with training set exemplar counts in the region of 30--500 thousand. Cluster accuracy is demonstrated to be at least as good as that from the original SOM algorithm while requiring a fraction of the computational overhead.

Published

2005

24. Training Genetic Programming on Half a Million Patterns: An Example From Anomaly Detection

Author

Dong Song, Malcolm I. Heywood, and A.N. Zincir-Heywood

Subjects

Memory hierarchy, Computer science, business.industry, Decision tree, Evolutionary algorithm, Genetic programming, Intrusion detection system, computer.software_genre, Machine learning, Data structure, Theoretical Computer Science, Computational Theory and Mathematics, Genetic algorithm, Anomaly detection, Data mining, Artificial intelligence, business, computer, Software

Abstract

The hierarchical RSS-DSS algorithm is introduced for dynamically filtering large datasets based on the concepts of training pattern age and difficulty, while utilizing a data structure to facilitate the efficient use of memory hierarchies. Such a scheme provides the basis for training genetic programming (GP) on a data set of half a million patterns in 15 min. The method is generic, thus, not specific to a particular GP structure, computing platform, or application context. The method is demonstrated on the real-world KDD-99 intrusion detection data set, resulting in solutions competitive with those identified in the original KDD-99 competition, while only using a fraction of the original features. Parameters of the RSS-DSS algorithm are demonstrated to be effective over a wide range of values. An analysis of different cost functions indicates that hierarchical fitness functions provide the most effective solutions.

Published

2005

25. Evolving GP Classifiers for Streaming Data Tasks with Concept Change and Label Budgets: A Benchmarking Study

Author

Jillian Morgan, Malcolm I. Heywood, Ali Vahdat, Andrew R. McIntyre, and A. Nur Zincir-Heywood

Subjects

Concept drift, Computer science, business.industry, Supervised learning, Genetic programming, Benchmarking, computer.software_genre, Machine learning, Class imbalance, ComputingMethodologies_PATTERNRECOGNITION, Data access, Streaming data, Artificial intelligence, Data mining, business, Classifier (UML), computer

Abstract

Streaming data classification requires that several additional challenges are addressed that are not typically encountered in offline supervised learning formulations. Specifically, access to data at any training generation is limited to a small subset of the data, and the data itself is potentially generated by a non-stationary process. Moreover, there is a cost to requesting labels, thus a label budget is enforced. Finally, an anytime classification requirement implies that it must be possible to identify a ‘champion’ classifier for predicting labels as the stream progresses. In this work, we propose a general framework for deploying genetic programming (GP) to streaming data classification under these constraints. The framework consists of a sampling policy and an archiving policy that enforce criteria for selecting data to appear in a data subset. Only the exemplars of the data subset are labeled, and it is the content of the data subset that training epochs are performed against. Specific recommendations include support for GP task decomposition/modularity and making additional training epochs per data subset. Both recommendations make significant improvements to the baseline performance of GP under streaming data with label budgets. Benchmarking issues addressed include the identification of datasets and performance measures.

Published

2015

26. Label free change detection on streaming data with cooperative multi-objective genetic programming

Author

Malcolm I. Heywood, Andrew R. McIntyre, Nur Zincir-Heywood, and Sara Rahimi

Subjects

Traffic analysis, Computer science, business.industry, Genetic programming, computer.software_genre, Machine learning, Multi objective genetic programming, Streaming data, Entropy (information theory), Data mining, Artificial intelligence, Entropy (energy dispersal), business, computer, Change detection, Label free

Abstract

Classification under streaming data conditions requires that the machine learning (ML) approach operate interactively with the stream content. Thus, given some initial ML classification capability, it is not possible to assume that stream content will be stationary. It is therefore necessary to first detect when the stream content changes. Only after detecting a change, can classifier retraining be triggered. Current methods for change detection tend to assume an entropy filter approach, where class labels are necessary. In practice, labeling the stream would be extremely expensive. This work proposes an approach in which the behaviour of GP individuals is used to detect change without the use of labels. Only after detecting a change is label information requested. Benchmarking under a computer network traffic analysis scenario demonstrates that the proposed approach performs at least as well as the filter method, while retaining the advantage of requiring no labels.

Published

2013

27. Hierarchical task decomposition through symbiosis in reinforcement learning

Author

Malcolm I. Heywood, Peter Lichodzijewski, and John A. Doucette

Subjects

Generalization, Computer science, business.industry, Reinforcement learning, Context (language use), Genetic programming, Sequence learning, Artificial intelligence, business, Machine learning, computer.software_genre, computer, Task (project management)

Abstract

Adopting a symbiotic model of evolution separates context for deploying an action from the action itself. Such a separation provides a mechanism for task decomposition in temporal sequence learning. Moreover, previously learned policies are taken to be synonymous with meta actions (actions that are themselves policies). Should solutions to the task not be forthcoming in an initial round of evolution, then solutions from the earlier round represent the 'meta' actions for a new round of evolution. This provides the basis for evolving policy trees. A benchmarking study is performed using the Acrobot handstand task. Solutions to date from reinforcement learning have not been able to approach the performance of those established 14 years ago using an A* search and a priori knowledge regarding the Acrobot energy equations. The proposed symbiotic approach is able to match and, for the first time, better these results. Moreover, unlike previous work, solutions are tested under a broad range of Acrobot initial conditions, with hierarchical solutions providing significantly better generalization performance.

Published

2012

28. Network Protocol Discovery and Analysis via Live Interaction

Author

A. Nur Zincir-Heywood, Patrick LaRoche, and Malcolm I. Heywood

Subjects

Service (systems architecture), Computer science, Network security, business.industry, Protocol analysis, Machine learning, computer.software_genre, Evolutionary computation, Human–computer interaction, Network service, Artificial intelligence, business, Set (psychology), Communications protocol, computer, Protocol (object-oriented programming)

Abstract

In this work, we explore the use of evolutionary computing toward protocol analysis. The ability to discover, analyse, and experiment with unknown protocols is paramount within the realm of network security; our approach to this crucial analysis is to interact with a network service, discovering sequences of commands that do not result in error messages. In so doing, our work investigates the real-life responses of a service, allowing for exploration and analysis of the protocol in question. Our system initiates sequences of commands randomly, interacts with and learns from the responses, and modifies its next set of sequences accordingly. Such an exploration results in a set of command sequences that reflect correct uses of the service in testing. These discovered sequences can then be used to identify the service, unforeseen uses of the service, and, most importantly, potential weaknesses.

Published

2012

29. Revisiting the Acrobot ‘height’ task: An example of efficient evolutionary policy search under an episodic goal seeking task

Author

John A. Doucette and Malcolm I. Heywood

Subjects

education.field_of_study, Computer science, business.industry, Heuristic, Heuristic (computer science), Goal seeking, Population, Genetic programming, Machine learning, computer.software_genre, Task (project management), Search algorithm, Bellman equation, Genetic algorithm, Artificial intelligence, Sequence learning, business, education, computer

Abstract

Evolutionary methods for addressing the temporal sequence learning problem generally fall into policy search as opposed to value function optimization approaches. Various recent results have made the claim that the policy search approach is at best inefficient at solving episodic ‘goal seeking’ tasks i.e., tasks under which the reward is limited to describing properties associated with a successful outcome have no qualification for degrees of failure. This work demonstrates that such a conclusion is due to a lack of diversity in the training scenarios. We therefore return to the Acrobot ‘height’ task domain originally used to demonstrate complete failure in evolutionary policy search. This time a very simple stochastic sampling heuristic for defining a population of training configurations is introduced. Benchmarking two recent evolutionary policy search algorithms — Neural Evolution of Augmented Topologies (NEAT) and Symbiotic Bid-Based (SBB) Genetic Programming — under this condition demonstrates solutions as effective as those returned by advanced value function methods. Moreover this is achieved while remaining within the evaluation limit imposed by the original study.

Published

2011

30. Novelty-Based Fitness: An Evaluation under the Santa Fe Trail

Author

Malcolm I. Heywood and John A. Doucette

Subjects

Fitness function, Generalization, Computer science, Fitness approximation, business.industry, media_common.quotation_subject, Novelty, Genetic programming, Machine learning, computer.software_genre, Test (assessment), Benchmark (computing), Quality (business), Artificial intelligence, business, computer, media_common

Abstract

We present an empirical analysis of the effects of incorporating novelty-based fitness (phenotypic behavioral diversity) into Genetic Programming with respect to training, test and generalization performance. Three novelty-based approaches are considered: novelty comparison against a finite archive of behavioral archetypes, novelty comparison against all previously seen behaviors, and a simple linear combination of the first method with a standard fitness measure. Performance is evaluated on the Santa Fe Trail, a well known GP benchmark selected for its deceptiveness and established generalization test procedures. Results are compared to a standard quality-based fitness function (count of food eaten). Ultimately, the quality style objective provided better overall performance, however, solutions identified under novelty based fitness functions generally provided much better test performance than their corresponding training performance. This is interpreted as representing a requirement for layered learning/ symbiosis when assuming novelty based fitness functions in order to more quickly achieve the integration of diverse behaviors into a single cohesive strategy.

Published

2010

31. Evolving Coevolutionary Classifiers Under Large Attribute Spaces

Author

John A. Doucette, Peter Lichodzijewski, and Malcolm I. Heywood

Subjects

business.industry, Principle of maximum entropy, Supervised learning, Genetic programming, Pattern recognition, Machine learning, computer.software_genre, ComputingMethodologies_PATTERNRECOGNITION, Binary classification, Attribute domain, Artificial intelligence, business, Classifier (UML), computer, Model building, Subspace topology, Mathematics

Abstract

Model-building under the supervised learning domain potentially face a dual learning problem of identifying both the parameters of the model and the subset of (domain) attributes necessary to support the model, thus using an embedded as opposed to wrapper or filter based design. Genetic Programming (GP) has always addressed this dual problem, however, further implicit assumptions are made which potentially increase the complexity of the resulting solutions. In this work we are specifically interested in the case of classification under very large attribute spaces. As such it might be expected that multiple independent/ overlapping attribute subspaces support the mapping to class labels; whereas GP approaches to classification generally assume a single binary classifier per class, forcing the model to provide a solution in terms of a single attribute subspace and single mapping to class labels. Supporting the more general goal is considered as a requirement for identifying a ‘team’ of classifiers with non-overlapping classifier behaviors, in which each classifier responds to different subsets of exemplars. Moreover, the subsets of attributes associated with each team member might utilize a unique ‘subspace’ of attributes. This work investigates the utility of coevolutionary model building for the case of classification problems with attribute vectors consisting of 650 to 100,000 dimensions. The resulting team based coevolutionary evolutionary method-Symbiotic Bid-based (SBB) GP-is compared to alternative embedded classifier approaches of C4.5 and Maximum Entropy Classification (MaxEnt). SSB solutions demonstrate up to an order of magnitude lower attribute count relative to C4.5 and up to two orders of magnitude lower attribute count than MaxEnt while retaining comparable or better classification performance. Moreover, relative to the attribute count of individual models participating within a team, no more than six attributes are ever utilized; adding a further level of simplicity to the resulting solutions.

Published

2009

32. Benchmarking coevolutionary teaming under classification problems with large attribute spaces

Author

John A. Doucette, Peter Lichodzijewski, and Malcolm I. Heywood

Subjects

education.field_of_study, Computer science, business.industry, Feature vector, Population, Feature selection, Genetic programming, Benchmarking, Machine learning, computer.software_genre, Artificial intelligence, education, business, computer, Coevolution

Abstract

Benchmarking of a team based model of Genetic Programming demonstrates that the naturally embedded style of feature selection is usefully extended by the teaming metaphor to provide solutions in terms of exceptionally low attribute counts. To take this concept to its logical conclusion the teaming model must be able to build teams with a non-overlapping behavioral trait, from a single population. The Symbiotic Bid-Based (SBB) algorithm is demonstrated to fit this purpose under an evaluation utilizing data sets with 650 to 5,000 attributes. The resulting solutions are one to two orders simpler than solutions identified under the alternative embedded paradigms of C4.5 and MaxEnt.

Published

2009

33. Evolving Indirectly Represented Melodies with Corpus-Based Fitness Evaluation

Author

Malcolm I. Heywood, Vlado Keselj, and Jacek Wolkowicz

Subjects

Computer science, business.industry, Crossover, Machine learning, computer.software_genre, Evolutionary computation, Domain (software engineering), Evolutionary music, Genetic algorithm, Musical composition, Artificial intelligence, Genetic representation, business, Representation (mathematics), computer

Abstract

The paper addresses the issue of automatic generation of music excerpts. The character of the problem makes it suitable for various kinds of evolutionary computation algorithms. We introduce a special method of indirect melodic representation that allows simple application of standard search operators like crossover and mutation with no repair mechanisms necessary. A method is proposed for automatic evaluation of melodies based upon a corpus of manually coded examples, such as classical music opi. Various kinds of Genetic Algorithm (GA) were tested against this e.g., generational GAs and steady-state GAs. The results show the ability of the method for further applications in the domain of automatic music composition.

Published

2009

34. Pareto Cooperative-Competitive Genetic Programming: A Classification Benchmarking Study

Author

Malcolm I. Heywood and Andrew R. McIntyre

Subjects

Mathematical optimization, Engineering, business.industry, Pareto principle, Genetic programming, Benchmarking, Genetic program, Machine learning, computer.software_genre, Support vector machine, Operator (computer programming), Problem domain, Decomposition (computer science), Artificial intelligence, business, computer

Abstract

A model for problem decomposition in Genetic Programming based classication is proposed consisting of four basic components: competitive coevolution, local Gaussian wrapper operators, evolutionary multiobjective (EMO) tness evaluation, and an explicitly cooperative objective. The framework specically emphasizes the relations between different components of the model. Thus, both the local wrapper operator and cooperative objective components work together to establish exemplar subsets against which performance is evaluated and the decomposition of the problem domain is achieved. Moreover, the cost of estimating tness over multiple objectives is mitigated by the ability to associate specic subsets of exemplars with each classier.

Published

2008

35. Managing team-based problem solving with symbiotic bid-based genetic programming

Author

Malcolm I. Heywood and Peter Lichodzijewski

Subjects

education.field_of_study, Learning classifier system, business.industry, Active learning (machine learning), Computer science, Supervised learning, Population, Pareto principle, Genetic programming, Machine learning, computer.software_genre, Class (biology), Support vector machine, ComputingMethodologies_PATTERNRECOGNITION, Active learning, Artificial intelligence, education, business, computer, Coevolution

Abstract

Bid-based Genetic Programming (GP) provides an elegant mechanism for facilitating cooperative problem decomposition without an a priori specification of the number of team members. This is in contrast to existing teaming approaches where individuals learn a direct input-output map (e.g., from exemplars to class labels), allowing the approach to scale to problems with multiple outcomes (classes), while at the same time providing a mechanism for choosing an outcome from those suggested by team members. This paper proposes a symbiotic relationship that continues to support the cooperative bid-based process for problem decomposition while making the credit assignment process much clearer. Specifically, team membership is defined by a team population indexing combinations of GP individuals in a separate team member population. A Pareto-based competitive coevolutionary component enables the approach to scale to large problems by evolving informative test points in a third population. The ensuing Symbiotic Bid-Based (SBB) model is evaluated on three large classification problems and compared to the XCS learning classifier system (LCS) formulation and to the support vector machine (SVM) implementation LIBSVM. On two of the three problems investigated the overall accuracy of the SBB classifiers was found to be competitive with the XCS and SVM results. At the same time, on all problems, the SBB classifiers were able to detect instances of all classes whereas the XCS and SVM models often ignored exemplars of minor classes. Moreover, this was achieved with a level of model complexity significantly lower than that identified by the SVM and XCS solutions.

Published

2008

36. GP Classification under Imbalanced Data sets: Active Sub-sampling and AUC Approximation

Author

John A. Doucette and Malcolm I. Heywood

Subjects

Fitness function, Computer science, business.industry, Pattern recognition, Genetic programming, Machine learning, computer.software_genre, Sub-sampling, Naive Bayes classifier, ComputingMethodologies_PATTERNRECOGNITION, Efficient estimator, Binary classification, Artificial intelligence, business, Performance metric, computer, Statistic

Abstract

The problem of evolving binary classification models under increasingly unbalanced data sets is approached by proposing a strategy consisting of two components: Sub-sampling and 'robust' fitness function design. In particular, recent work in the wider machine learning literature has recognized that maintaining the original distribution of exemplars during training is often not appropriate for designing classifiers that are robust to degenerate classifier behavior. To this end we propose a 'Simple Active Learning Heuristic' (SALH) in which a subset of exemplars is sampled with uniform probability under a class balance enforcing rule for fitness evaluation. In addition, an efficient estimator for the Area Under the Curve (AUC) performance metric is assumed in the form of a modified Wilcoxon-Mann-Whitney (WMW) statistic. Performance is evaluated in terms of six representative UCI data sets and benchmarked against: canonical GP, SALH based GP, SALH and the modified WMW statistic, and deterministic classifiers (Naive Bayes and C4.5). The resulting SALH-WMW model is demonstrated to be both efficient and effective at providing solutions maximizing performance assessed in terms of AUC.

Published

2008

37. One-class learning with multi-objective genetic programming

Author

Malcolm I. Heywood and Robert Curry

Subjects

business.industry, Computer science, Gaussian, Pattern recognition, Genetic programming, Construct (python library), Machine learning, computer.software_genre, Class (biology), Novelty detection, symbols.namesake, ComputingMethodologies_PATTERNRECOGNITION, Genetic algorithm, symbols, One-class classification, Artificial intelligence, business, computer, Gaussian process

Abstract

One-class classification naturally only provides one class of exemplars on which to construct the classification model. In this work, multi-objective genetic programming (GP) allows the one-class learning problem to be decomposed by multiple GP classifiers, each attempting to identify only a subset of the target data to classify. In order for GP to identify appropriate subsets of the one-class data, artificial outclass data is generated in and around the provided inclass data. A local Gaussian wrapper is employed where this reinforces a novelty detection as opposed to a discrimination approach to classification. Furthermore, a hierarchical subset selection strategy is used to deal with the necessarily large number of generated outclass exemplars. The proposed approach is demonstrated on three one-class classification datasets and was found to be competitive with a one-class SVM classifier and a binary SVM classifier.

Published

2007

38. Multi-objective competitive coevolution for efficient GP classifier problem decomposition

Author

Malcolm I. Heywood and A.R. Mclntyre

Subjects

Computer science, business.industry, Gaussian, Pareto principle, Genetic programming, Machine learning, computer.software_genre, Competitive coevolution, symbols.namesake, Genetic algorithm, symbols, Artificial intelligence, business, computer, Classifier (UML), Membership function

Abstract

A novel approach to the classification of large and unbalanced multi-class data sets is presented where the widely acknowledged issues of scalability, solution transparency, and problem decomposition are addressed simultaneously within the context of the genetic programming (GP) paradigm. A cooperative coevolutionary training environment that employs multi-objective evaluation provides the basis for problem decomposition and reduced solution complexity, while scalability is achieved through a Pareto competitive coevolutionary framework, allowing the system to be applied to large data sets (tens or hundreds of thousands of exemplars) without recourse to hardware-specific speedups. Moreover, a key departure from the canonical GP approach to classification is utilized in which the output of GP is expressed in terms of a non-binary, local membership function (e.g. a Gaussian), where it is no longer necessary for an expression to represent an entire class. Decomposition is then achieved through reformulating the classification problem as one of cluster consistency, where an appropriate subset of the training patterns can be associated with each individual such that problems are solved by several specialist classifiers rather than by a single 'super' individual.

Published

2007

39. Growing recurrent self organizing map

Author

A.N. Zincir-Heywood, Malcolm I. Heywood, and O. Yeloglu

Subjects

Self-organizing map, Hierarchy, business.industry, Computer science, Machine learning, computer.software_genre, Competition (economics), ComputingMethodologies_PATTERNRECOGNITION, Knowledge extraction, Benchmark (computing), Artificial intelligence, Data mining, business, computer

Abstract

The growing recurrent self-organizing map (GRSOM) is embedded into a standard self-organizing map (SOM) hierarchy. To do so, the KDD benchmark dataset from the International Knowledge Discovery and Data Mining Tools Competition is employed. This dataset consists of 500,000 training patterns and 41 features for each pattern. Unlike most of the previous methods, only 6 of the basic features are employed. The resulting model has a capability of detection (false positive) rate of 89.6% (5.66%), where this is as good as the data-mining approaches that uses all 41 features and twice as faster than a similar hierarchical SOM architecture.

Published

2007

40. Scaling genetic programming to large datasets using hierarchical dynamic subset selection

Author

Malcolm I. Heywood, Peter Lichodzijewski, and Robert Curry

Subjects

Databases, Factual, Computer science, Active learning (machine learning), Information Storage and Retrieval, Genetic programming, Machine learning, computer.software_genre, Decision Support Techniques, Pattern Recognition, Automated, Artificial Intelligence, Genetic algorithm, Computer Simulation, Electrical and Electronic Engineering, Selection (genetic algorithm), Block (data storage), business.industry, General Medicine, Models, Theoretical, Computer Science Applications, Human-Computer Interaction, Statistical classification, Binary classification, Control and Systems Engineering, Active learning, Database Management Systems, Artificial intelligence, Data mining, business, Heuristics, computer, Software, Algorithms, Information Systems

Abstract

The computational overhead of genetic programming (GP) may be directly addressed without recourse to hardware solutions using active learning algorithms based on the random or dynamic subset selection heuristics (RSS or DSS). This correspondence begins by presenting a family of hierarchical DSS algorithms: RSS-DSS, cascaded RSS-DSS, and the balanced block DSS algorithm, where the latter has not been previously introduced. Extensive benchmarking over four unbalanced real-world binary classification problems with 30000-500000 training exemplars demonstrates that both the cascade and balanced block algorithms are able to reduce the likelihood of degenerates while providing a significant improvement in classification accuracy relative to the original RSS-DSS algorithm. Moreover, comparison with GP trained without an active learning algorithm indicates that classification performance is not compromised, while training is completed in minutes as opposed to half a day.

Published

2007

41. Pareto-coevolutionary genetic programming for problem decomposition in multi-class classification

Author

Peter Lichodzijewski and Malcolm I. Heywood

Subjects

education.field_of_study, Computer science, business.industry, Population, Supervised learning, Pareto principle, Genetic programming, Bidding, Machine learning, computer.software_genre, Multiclass classification, Artificial intelligence, Genetic representation, education, business, Classifier (UML), computer, Coevolution

Abstract

A bid-based approach for coevolving Genetic Programming classifiers is presented. The approach coevolves a population of learners thatdecompose the instance space by way of their aggregate bidding behaviour. To reduce computation overhead, a small, relevant, subsetof training exemplars is (competitively) coevolved alongside the learners. The approach solves multi-class problems using a single population and is evaluated on three large datasets. It is found tobe competitive, especially compared to classifier systems, whilesignificantly reducing the computation overhead associated withtraining.

Published

2007

42. Probabilistic (Genotype) Adaptive Mapping Combinations for Developmental Genetic Programming

Author

Garnett Wilson and Malcolm I. Heywood

Subjects

education.field_of_study, Computer science, business.industry, Population, Probabilistic logic, Genetic programming, Space (commercial competition), Machine learning, computer.software_genre, Development (topology), Genotype, Benchmark (computing), Genetic representation, Artificial intelligence, education, business, computer

Abstract

In development genetic programming (DGP) approaches where the search space is divided into genotypes and phenotypes, a mapping (or "genetic code") is needed to connect the two spaces. This model has subsequently been extended so that mappings evolve, and recently an implementation was proposed that co-evolves a genotype population and a population of adaptive mappings. Here, the authors identify and investigate performance obstacles for this recent implementation. They then introduce a new probabilistic adaptive mapping DGP that avoids those performance problems and explores a greater search space of genotype-mapping combinations without significant computational expense. The algorithm is shown to be more robust and to outperform the comparison adaptive mapping algorithm on challenging settings of the chosen test benchmark.

Published

2006

43. Improving GP classifier generalization using a cluster separation metric

Author

Malcolm I. Heywood and Ashley George

Subjects

Computer science, business.industry, Supervised learning, Genetic programming, Genetic representation, Maximization, Artificial intelligence, Cluster analysis, Machine learning, computer.software_genre, business, computer, Classifier (UML)

Abstract

Genetic Programming offers freedom in the definition of the cost function that is unparalleled among supervised learning algorithms. However, this freedom goes largely unexploited in previous work. Here, we revisit the design of fitness functions for genetic programming by explicitly considering the contribution of the wrapper and cost function. Within the context of supervised learning, as applied to classification problems, a clustering methodology is introduced using cost functions which encourage maximization of separation between in and out of class exemplars. Through a series of empirical investigations of the nature of these functions, we demonstrate that classifier performance is much more dependable than previously the case under the genetic programming paradigm.

Published

2006

44. Pareto-coevolutionary genetic programming classifier

Author

Michal Lemczyk and Malcolm I. Heywood

Subjects

Training set, Computer science, business.industry, Supervised learning, Pareto principle, Genetic programming, Pattern recognition, Quadratic classifier, Machine learning, computer.software_genre, Evolutionary computation, Margin classifier, Artificial intelligence, business, Classifier (UML), computer

Abstract

The conversion and extension of the Incremental Pareto-Coevolution Archive algorithm (IPCA) into the domain of Genetic Programming classifier evolution is presented. In order to accomplish efficiency in regards to classifier evaluation on training data, the coevolutionary aspect of the IPCA algorithm is utilized to simultaneously evolve a subset of the training data that provides distinctions between candidate classifiers. The algorithm is compared in terms of classification "score" (equal weight to detection rate, and 1 - false positive rate), and run-time against a traditional GP classifier using the entirety of the training data for evaluation, and a GP classifier which performs Dynamic Subset Selection. The results indicate that the presented algorithm outperforms the subset selection algorithm in terms of classification score, and outperforms the traditional classifier while requiring roughly 1430 of the wall-clock time.

Published

2006

45. MOGE

Author

Andrew R. McIntyre and Malcolm I. Heywood

Subjects

business.industry, Pareto principle, Binary number, Genetic programming, Extension (predicate logic), computer.software_genre, Machine learning, Multi-objective optimization, Ranking, Benchmark (computing), Decomposition (computer science), Artificial intelligence, Data mining, business, computer, Mathematics

Abstract

A novel approach to classification is proposed in which a Pareto-based ranking of individuals is used to encourage multiple individuals to participate in the solution. To do so, the classification problem is re-expressed as a cluster consistency problem, thus allowing utilization of techniques from multi-objective optimization. Such a formulation enables classification problems to be automatically decomposed and solved by several specialist classifiers rather than by a single 'super' individual. In this paper, we demonstrate the proposed approach to two benchmark binary problems and recommend a natural extension to multi-class problems. Results indicate the general appropriateness of the approach.

Published

2006

46. Evaluation of cluster combination functions for mixture of experts

Author

R. Redhead and Malcolm I. Heywood

Subjects

Basis (linear algebra), Artificial neural network, Computer science, business.industry, Time delay neural network, Machine learning, computer.software_genre, Modular neural network, Mixture of experts, Cluster (physics), Artificial intelligence, Data mining, business, computer

Abstract

The mixtures of experts (MoE) model provides the basis for building modular neural network solutions. In this work we are interested in methods for decomposing the input before forwarding to the MoE architecture. By doing so we are able to define the number of experts from the data itself. Specific schemes are shown to be appropriate for regression and classification problems, where each appear to have different preferences.

Published

2006

47. Training the SOFM efficiently: an example from intrusion detection

Author

Malcolm I. Heywood, L. Wetmore, and A.N. Zincir-Heywood

Subjects

Training set, Early stopping, Wake-sleep algorithm, Computer science, business.industry, Active learning (machine learning), Competitive learning, Pattern recognition, Intrusion detection system, Semi-supervised learning, Machine learning, computer.software_genre, Active learning, Feature (machine learning), Unsupervised learning, Artificial intelligence, business, computer

Abstract

The dynamic subset selection (DSS) active learning algorithm is generalized to include the case of unsupervised learning. To do so, training set partitioning, exemplar difficulty and age, and early stopping criteria are introduced into the self organizing feature map algorithm. The resulting model is able to build a hierarchical SOFM on a large (500,000 pattern) dataset in 3 hours. In comparison, the same architecture without active learning requires 33 hours to construct. No reduction in accuracy is recorded for the DSS SOFM model.

Published

2006

48. Toward Co-Evolutionary Training of a Multi-Class Classifier

Author

Malcolm I. Heywood and A.R. Mclntyre

Subjects

education.field_of_study, Computer science, business.industry, Cultural algorithm, Population, Genetic programming, Machine learning, computer.software_genre, Crowding, Evolutionary computation, Genetic algorithm, Genetic representation, Artificial intelligence, business, education, computer, Classifier (UML), Evolutionary programming

Abstract

In this work the multi-class classification capabilities of genetic programming (GP) are explored in the context of a competitive co-evolutionary system, in which a population of GP classifiers is trained against an evolving population of trainers (exemplar selectors) with the goal of reducing GP training time for large multi-class classification problems. Moreover, the niche-enabling mechanisms established in the genetic algorithm (GA) literature, known as crowding and sharing, are implemented for the classifier population in order to provide multi-class solutions from a single population in the same trial. The results as presented in the paper indicate the appropriateness of the competitive co-evolutionary training approach under GP multi-class classification.

Published

2005

49. On the capability of an SOM based intrusion detection system

Author

A.N. Zincir-Heywood, Hilmi Gunes Kayacik, and Malcolm I. Heywood

Subjects

Hierarchy (mathematics), Computer science, business.industry, Intrusion detection system, computer.software_genre, Machine learning, Knowledge-based systems, Knowledge extraction, Feature (computer vision), Benchmark (computing), Unsupervised learning, The Internet, Data mining, Artificial intelligence, business, computer

Abstract

An approach to network intrusion detection is investigated, based purely on a hierarchy of Self-Organizing Feature Maps. Our principle interest is to establish just how far such an approach can be taken in practice. To do so, the KDD benchmark dataset from the International Knowledge Discovery and Data Mining Tools Competition is employed. This supplies a connection-based description of a factitious computer network in which each connection is described in terms of 41 features. Unlike previous approaches, only 6 of the most basic features are employed. The resulting system is capable of detection (false positive) rates of 89% (4.6%), where this is at least as good as the alternative data-mining approaches that require all 41 features.

Published

2004

50. Predicting intrusions with local linear models

Author

Malcolm I. Heywood and Pingzhao Hu

Subjects

Support vector machine, business.industry, Computer science, System safety, Artificial intelligence, Intrusion detection system, Data mining, business, computer.software_genre, Machine learning, Local linear models, computer, Classifier (UML)

Abstract

Intrusion Detection Systems are typically deployed for real time operation, but are limited to identifying attacks once initiated. In this work we instead investigate the potential for predicting an attack before it occurs. To do so, a two-stage process is employed with a classification stage following that of a predictor. Predictors are based on the SOM and classifier on an SVM. Training and test is conducted using the 'TCP' connection features from the DARPA KDD competition data set. In spite of the simplicity of the model, the system is able to provide false positive and false negative rates of 23.8% and 7.1% respectively for one step-ahead prediction.

Published

2004