Current browse context:
cs.CR
Change to browse by:
References & Citations
Computer Science > Cryptography and Security
Title: Detection under Privileged Information
(Submitted on 31 Mar 2016 (v1), last revised 31 Mar 2018 (this version, v4))
Abstract: For well over a quarter century, detection systems have been driven by models learned from input features collected from real or simulated environments. An artifact (e.g., network event, potential malware sample, suspicious email) is deemed malicious or non-malicious based on its similarity to the learned model at runtime. However, the training of the models has been historically limited to only those features available at runtime. In this paper, we consider an alternate learning approach that trains models using "privileged" information--features available at training time but not at runtime--to improve the accuracy and resilience of detection systems. In particular, we adapt and extend recent advances in knowledge transfer, model influence, and distillation to enable the use of forensic or other data unavailable at runtime in a range of security domains. An empirical evaluation shows that privileged information increases precision and recall over a system with no privileged information: we observe up to 7.7% relative decrease in detection error for fast-flux bot detection, 8.6% for malware traffic detection, 7.3% for malware classification, and 16.9% for face recognition. We explore the limitations and applications of different privileged information techniques in detection systems. Such techniques provide a new means for detection systems to learn from data that would otherwise not be available at runtime.
Submission history
From: Berkay Celik [view email][v1] Thu, 31 Mar 2016 15:28:45 GMT (76kb,D)
[v2] Wed, 20 Jul 2016 13:59:01 GMT (145kb,D)
[v3] Tue, 15 Nov 2016 01:17:06 GMT (285kb,D)
[v4] Sat, 31 Mar 2018 02:12:21 GMT (329kb,D)
Link back to: arXiv, form interface, contact.