Back to Search
Start Over
Interactive Machine Learning for Data Exfiltration Detection: Active Learning with Human Expertise
- Source :
- SMC
- Publication Year :
- 2020
- Publisher :
- IEEE, 2020.
-
Abstract
- Data exfiltration is a serious threat to organizations. Such exfiltrations cause breach events that can lead to millions of dollars of loss. Perimeter defense is not enough by itself since successful exploits from insiders can also be very damaging. Internal network user activities need to be monitored to detect malicious actions. Automatic machine learning methods can be applied for network anomaly detection, but they create a lot of false alarms. Domain experts can identify malicious users, but they are unable to process large volumes of data. Interactive machine learning (iML) deals with this tradeoff by creating an efficient collaboration between domain experts and machine learning algorithms. Previous research in iML has focused mainly on collaboration with non-experts. The design and requirements for expertise-driven iML have yet to be delineated for cybersecurity applications. In this research, we proposed an Active Learning (AL) model trained with outputs from a liberal (outputting many false alarms as well as possible hits) anomaly detection (AD) criterion to study expert-iML collaboration in anomaly detection. The results showed that: iML in this context can prune false alarms and minimize misses; the performance/compatibility tradeoff that typically occurs in conventional machine learning updates may be less salient in iML. We suggest that compatibility between experts and algorithms can be improved by presenting information about feature relevance during the training process.
- Subjects :
- 0303 health sciences
business.industry
Active learning (machine learning)
Process (engineering)
Computer science
Context (language use)
02 engineering and technology
Machine learning
computer.software_genre
Domain (software engineering)
03 medical and health sciences
Salient
Active learning
0202 electrical engineering, electronic engineering, information engineering
020201 artificial intelligence & image processing
Anomaly detection
Artificial intelligence
business
computer
030304 developmental biology
Subjects
Details
- Database :
- OpenAIRE
- Journal :
- 2020 IEEE International Conference on Systems, Man, and Cybernetics (SMC)
- Accession number :
- edsair.doi...........e3fc8ed4a4709f680f3f77444a91b165
- Full Text :
- https://doi.org/10.1109/smc42975.2020.9282831