TINET:通过知识转移学习不变网络TINET: Learning Invariant Networks via Knowledge Transfer |
|
课程网址: | http://videolectures.net/kdd2018_luo_tinet/ |
主讲教师: | Chen Luo |
开课单位: | 莱斯大学 |
开课时间: | 2018-11-23 |
课程语种: | 英语 |
中文简介: | 信息系统可能表现出极端事件(如系统故障或网络攻击)的潜在行为是复杂的。最近,不变网络被证明是表征复杂系统行为的有力方法。不变性网络的结构和演化,特别是消失的相关性,可以为识别因果异常和执行系统诊断提供帮助。然而,由于真实世界信息系统的动态和复杂性,在新环境中学习可靠的不变网络通常需要连续几周甚至几个月收集和分析系统监视数据。尽管从旧环境中学习到的不变网络具有一些常见的实体和实体关系,但由于域多样性问题,这些网络不能直接用于新环境。为了避免令人望而却步的时间和资源消耗网络构建过程,我们提出了TINET,这是一种基于知识转移的模型,用于加速不变网络构建。特别地,我们首先提出了一个实体估计模型,以估计每个源域实体的概率,这些实体可以被包括在目标域的最终不变网络中。然后,我们通过解决一个双约束优化问题,提出了一个用于构建无偏依赖关系的依赖构建模型。在合成数据集和真实数据集上的大量实验证明了TINET的有效性和效率。我们还将TINET应用于一个真实的企业安全系统中进行入侵检测。TINET可提前至少20天实现卓越的检测性能,准确率超过75%。 |
课程简介: | The latent behavior of an information system that can exhibit extreme events, such as system faults or cyber-attacks, is complex. Recently, the invariant network has shown to be a powerful way of characterizing complex system behaviors. Structures and evolutions of the invariance network, in particular, the vanishing correlations, can shed light on identifying causal anomalies and performing system diagnosis. However, due to the dynamic and complex nature of real-world information systems, learning a reliable invariant network in a new environment often requires continuous collecting and analyzing the system surveillance data for several weeks or even months. Although the invariant networks learned from old environments have some common entities and entity relationships, these networks cannot be directly borrowed for the new environment due to the domain variety problem. To avoid the prohibitive time and resource consuming network building process, we propose TINET, a knowledge transfer based model for accelerating invariant network construction. In particular, we first propose an entity estimation model to estimate the probability of each source domain entity that can be included in the final invariant network of the target domain. Then, we propose a dependency construction model for constructing the unbiased dependency relationships by solving a two-constraint optimization problem. Extensive experiments on both synthetic and real-world datasets demonstrate the effectiveness and efficiency of TINET. We also apply TINET to a real enterprise security system for intrusion detection. TINET achieves superior detection performance at least 20 days lead-lag time in advance with more than 75% accuracy. |
关 键 词: | 复杂系统行为的有力方法; 系统故障或网络攻击; 分析系统监视数据; 加速不变网络构建 |
课程来源: | 视频讲座网 |
数据采集: | 2023-01-28:cyh |
最后编审: | 2023-01-28:cyh |
阅读次数: | 42 |