Automated Generation and Selection of Interpretable Features for Enterprise Security
| Autor: | Alina Oprea, Ziheng Zeng, Shobha Vasudevan, Jiayi Duan |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Feature engineering
Computer science 020208 electrical & electronic engineering 02 engineering and technology Enterprise information security architecture computer.software_genre 020204 information systems 0202 electrical engineering electronic engineering information engineering Leverage (statistics) Data mining Boolean function Raw data Cluster analysis computer Interpretability |
| Zdroj: | IEEE BigData |
| DOI: | 10.1109/bigdata.2018.8621986 |
| Popis: | We present an effective machine learning method for malicious activity detection in enterprise security logs. Our method involves feature engineering, or generating new features by applying operators on features of the raw data. We generate DNF formulas from raw features, extract Boolean functions from them, and leverage Fourier analysis to generate new parity features and rank them based on their highest Fourier coefficients. We demonstrate on real enterprise data sets that the engineered features enhance the performance of a wide range of classifiers and clustering algorithms. As compared to classification of raw data features, the engineered features achieve up to 50.6% improvement in malicious recall, while sacrificing no more than 0.47% in accuracy. We also observe better isolation of malicious clusters, when performing clustering on engineered features. In general, a small number of engineered features achieve higher performance than raw data features according to our metrics of interest. Our feature engineering method also retains interpretability, an important consideration in cyber security applications. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|