CRII: SaTC: Towards Data-effective and Cost-efficient Security Attack Detections

CRII：SaTC：迈向数据有效且经济高效的安全攻击检测

• 批准号: 2245968
• 负责人: Lingwei Chen
• 金额: $ 17.49万
• 依托单位: Wright State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-03-15 至 2025-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2245968&HistoricalAwards=false
• 关键词: CRII; SaTC; Towards; Data; effective

Increased connectivity of devices and people to the Internet has created an ever-expanding security attack surface. Machine learning (ML) techniques have been used to help detect attacks and may offer a more scalable way to deal with an increasingly large attack surface. However, acquiring a large volume of high-quality labelled attack samples is both costly and time consuming. Further, the acquired data set quite often do not fully represent the true data distribution. Given the challenge of labeled data scarcity and imbalance in representation, this project's novelties are to explore new ways to build data driven cyber-attack detection systems that can learn effectively from limited or biased cyber data set in a cost-efficient manner. The project's broader significance and importance are 1) enhancing the data-driven security attack detection infrastructure that leads to more secure and trustworthy cyberspace; 2) bridging the gap between research and practice by creating open-source systems that encourage real security productions, 3) providing research opportunities to both undergraduate and graduate students in the area of AI/ML enabled cyber defense.This project unveils an insight on how limited and/or imbalanced attack samples can be used as effective training data to facilitate data-driven model construction and enable high-performance security attack detection with low cost in practice. Towards this insight, this project contains three technical approaches: (1) cross-modal adversarial reprogramming that repurposes prior trained transformer models by inserting patch-level perturbations to inputs, reducing the number of parameters needed yet still maintaining its capability for data-limited learning; (2) scalable semi-supervised learning through consistency and contrastive regularization to boost model generalization for performing pseudo-labeling tasks and to help reduce label bias; (3) leveraging labeled and unlabeled objects to extend these two learning pipelines for more effective attack detection.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

设备和人员与互联网的连接性不断增强，导致安全攻击面不断扩大。机器学习（ML）技术已被用来帮助检测攻击，并可能提供一种更具可扩展性的方法来应对日益扩大的攻击面。然而，获取大量高质量的标记攻击样本既昂贵又耗时。此外，获取的数据集通常不能完全代表真实的数据分布。考虑到标记数据稀缺和代表性不平衡的挑战，该项目的新颖之处在于探索构建数据驱动的网络攻击检测系统的新方法，该系统可以以经济高效的方式从有限或有偏见的网络数据集中有效地学习。该项目更广泛的意义和重要性是：1）增强数据驱动的安全攻击检测基础设施，从而打造更安全、更值得信赖的网络空间； 2) 通过创建鼓励真正安全生产的开源系统来弥合研究与实践之间的差距，3) 为人工智能/机器学习网络防御领域的本科生和研究生提供研究机会。该项目揭示了如何将有限和/或不平衡的攻击样本用作有效的训练数据，以促进数据驱动的模型构建，并在实践中以低成本实现高性能安全攻击检测。为了实现这一见解，该项目包含三种技术方法：（1）跨模式对抗性重新编程，通过在输入中插入补丁级扰动来重新调整先前训练的变压器模型的用途，减少所需参数的数量，但仍保持其数据有限学习的能力； (2) 通过一致性和对比正则化进行可扩展的半监督学习，以提高执行伪标签任务的模型泛化能力，并帮助减少标签偏差； (3) 利用标记和未标记对象来扩展这两个学习管道，以实现更有效的攻击检测。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

HOVER: Homophilic Oversampling via Edge Removal for Class-Imbalanced Bot Detection on Graphs

• DOI: 10.1145/3583780.3615264
• 发表时间: 2023-10
• 期刊: Proceedings of the 32nd ACM International Conference on Information and Knowledge Management
• 作者: Bradley Ashmore;Lingwei Chen

Pseudo-Labeling with Graph Active Learning for Few-shot Node Classification

• DOI: 10.1109/icdm58522.2023.00133
• 发表时间: 2023-12
• 期刊: 2023 IEEE International Conference on Data Mining (ICDM)
• 作者: Quan Li;Lingwei Chen;Shixiong Jing;Dinghao Wu