Implementing Active Learning in Cybersecurity: Detecting Anomalies in
Redacted Emails
- URL: http://arxiv.org/abs/2303.00870v2
- Date: Fri, 3 Mar 2023 02:09:06 GMT
- Title: Implementing Active Learning in Cybersecurity: Detecting Anomalies in
Redacted Emails
- Authors: Mu-Huan Chung, Lu Wang, Sharon Li, Yuhong Yang, Calvin Giang, Khilan
Jerath, Abhay Raman, David Lie, Mark Chignell
- Abstract summary: We present research results concerning the application of Active Learning to anomaly detection in redacted emails.
We evaluate different AL strategies and their impact on resulting model performance.
- Score: 10.303697869042283
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Research on email anomaly detection has typically relied on specially
prepared datasets that may not adequately reflect the type of data that occurs
in industry settings. In our research, at a major financial services company,
privacy concerns prevented inspection of the bodies of emails and attachment
details (although subject headings and attachment filenames were available).
This made labeling possible anomalies in the resulting redacted emails more
difficult. Another source of difficulty is the high volume of emails combined
with the scarcity of resources making machine learning (ML) a necessity, but
also creating a need for more efficient human training of ML models. Active
learning (AL) has been proposed as a way to make human training of ML models
more efficient. However, the implementation of Active Learning methods is a
human-centered AI challenge due to potential human analyst uncertainty, and the
labeling task can be further complicated in domains such as the cybersecurity
domain (or healthcare, aviation, etc.) where mistakes in labeling can have
highly adverse consequences. In this paper we present research results
concerning the application of Active Learning to anomaly detection in redacted
emails, comparing the utility of different methods for implementing active
learning in this context. We evaluate different AL strategies and their impact
on resulting model performance. We also examine how ratings of confidence that
experts have in their labels can inform AL. The results obtained are discussed
in terms of their implications for AL methodology and for the role of experts
in model-assisted email anomaly screening.
Related papers
- SecureNet: A Comparative Study of DeBERTa and Large Language Models for Phishing Detection [0.0]
Phishing is a major threat to organizations by using social engineering to trick users into revealing sensitive information.
In this paper, we investigate whether the remarkable performance of Large Language Models (LLMs) can be leveraged for particular task like text classification.
We demonstrate how LLMs can generate convincing phishing emails, making it harder to spot scams.
arXiv Detail & Related papers (2024-06-10T13:13:39Z) - Advancing Anomaly Detection: Non-Semantic Financial Data Encoding with LLMs [49.57641083688934]
We introduce a novel approach to anomaly detection in financial data using Large Language Models (LLMs) embeddings.
Our experiments demonstrate that LLMs contribute valuable information to anomaly detection as our models outperform the baselines.
arXiv Detail & Related papers (2024-06-05T20:19:09Z) - Maximizing Information Gain in Privacy-Aware Active Learning of Email Anomalies [7.770699559625337]
We develop an enhanced method of Active Learning using an information gain maximizing data.
We evaluate its effectiveness in a real world setting where only redacted versions of email could be labeled by human analysts.
arXiv Detail & Related papers (2024-05-13T02:58:59Z) - The Frontier of Data Erasure: Machine Unlearning for Large Language Models [56.26002631481726]
Large Language Models (LLMs) are foundational to AI advancements.
LLMs pose risks by potentially memorizing and disseminating sensitive, biased, or copyrighted information.
Machine unlearning emerges as a cutting-edge solution to mitigate these concerns.
arXiv Detail & Related papers (2024-03-23T09:26:15Z) - C-ICL: Contrastive In-context Learning for Information Extraction [54.39470114243744]
c-ICL is a novel few-shot technique that leverages both correct and incorrect sample constructions to create in-context learning demonstrations.
Our experiments on various datasets indicate that c-ICL outperforms previous few-shot in-context learning methods.
arXiv Detail & Related papers (2024-02-17T11:28:08Z) - Unsupervised Learning of Distributional Properties can Supplement Human
Labeling and Increase Active Learning Efficiency in Anomaly Detection [0.0]
Exfiltration of data via email is a serious cybersecurity threat for many organizations.
Active Learning is a promising approach for labeling data efficiently.
We propose an adaptive AL sampling strategy to produce batches of cases to be labeled that contain instances of rare anomalies.
arXiv Detail & Related papers (2023-07-13T22:14:30Z) - Editing Large Language Models: Problems, Methods, and Opportunities [51.903537096207]
This paper embarks on a deep exploration of the problems, methods, and opportunities related to model editing for LLMs.
We provide an exhaustive overview of the task definition and challenges associated with model editing, along with an in-depth empirical analysis of the most progressive methods currently at our disposal.
Our objective is to provide valuable insights into the effectiveness and feasibility of each editing technique, thereby assisting the community in making informed decisions on the selection of the most appropriate method for a specific task or context.
arXiv Detail & Related papers (2023-05-22T16:00:00Z) - Addressing contingency in algorithmic (mis)information classification:
Toward a responsible machine learning agenda [0.9659642285903421]
Data scientists need to take a stance on the objectivity, authoritativeness and legitimacy of the sources of truth" used for model training and testing.
Despite (and due to) their reported high accuracy and performance, ML-driven moderation systems have the potential to shape online public debate and create downstream negative impacts such as undue censorship and the reinforcing of false beliefs.
arXiv Detail & Related papers (2022-10-05T17:34:51Z) - Data-efficient Weakly-supervised Learning for On-line Object Detection
under Domain Shift in Robotics [24.878465999976594]
Several object detection methods have been proposed in the literature, the vast majority based on Deep Convolutional Neural Networks (DCNNs)
These methods have important limitations for robotics: Learning solely on off-line data may introduce biases, and prevents adaptation to novel tasks.
In this work, we investigate how weakly-supervised learning can cope with these problems.
arXiv Detail & Related papers (2020-12-28T16:36:11Z) - Transfer Learning without Knowing: Reprogramming Black-box Machine
Learning Models with Scarce Data and Limited Resources [78.72922528736011]
We propose a novel approach, black-box adversarial reprogramming (BAR), that repurposes a well-trained black-box machine learning model.
Using zeroth order optimization and multi-label mapping techniques, BAR can reprogram a black-box ML model solely based on its input-output responses.
BAR outperforms state-of-the-art methods and yields comparable performance to the vanilla adversarial reprogramming method.
arXiv Detail & Related papers (2020-07-17T01:52:34Z) - Learning with Weak Supervision for Email Intent Detection [56.71599262462638]
We propose to leverage user actions as a source of weak supervision to detect intents in emails.
We develop an end-to-end robust deep neural network model for email intent identification.
arXiv Detail & Related papers (2020-05-26T23:41:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.