当前位置: X-MOL 学术arXiv.cs.CR › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Tackling Imbalanced Data in Cybersecurity with Transfer Learning: A Case with ROP Payload Detection
arXiv - CS - Cryptography and Security Pub Date : 2021-05-06 , DOI: arxiv-2105.02996
Haizhou Wang, Peng Liu

In recent years, deep learning gained proliferating popularity in the cybersecurity application domain, since when being compared to traditional machine learning, it usually involves less human effort, produces better results, and provides better generalizability. However, the imbalanced data issue is very common in cybersecurity, which can substantially deteriorate the performance of the deep learning models. This paper introduces a transfer learning based method to tackle the imbalanced data issue in cybersecurity using Return-Oriented Programming (ROP) payload detection as a case study. We achieved 0.033 average false positive rate, 0.9718 average F1 score and 0.9418 average detection rate on 3 different target domain programs using 2 different source domain programs, with 0 benign training data samples in the target domain. The performance improvement compared to the baseline is a trade-off between false positive rate and detection rate. Using our approach, the number of false positives is reduced by 23.20%, and as a trade-off, the number of detected malicious samples is reduced by 0.50%.

中文翻译:

通过转移学习解决网络安全中的不平衡数据:ROP有效负载检测的案例

近年来,深度学习在网络安全应用领域中迅速普及,因为与传统的机器学习相比,它通常需要较少的人力,产生更好的结果,并提供更好的通用性。但是,不平衡的数据问题在网络安全中非常常见,这可能会严重影响深度学习模型的性能。本文以基于返回学习的编程(ROP)有效载荷检测为案例,介绍了一种基于转移学习的方法来解决网络安全中的不平衡数据问题。我们使用2个不同的源域程序在3个不同的目标域程序上获得了0.033的平均假阳性率,0.9718的平均F1得分和0.9418的平均检测率,目标域中有0个良性训练数据样本。与基线相比,性能提高是误报率和检测率之间的权衡。使用我们的方法,误报的数量减少了23.20%,作为一种折衷,检测到的恶意样本的数量也减少了0.50%。
更新日期:2021-05-10
down
wechat
bug