Throwing Darts in the Dark? Detecting Bots with Limited Data using Neural Data Augmentation
2020 IEEE Symposium on Security and Privacy (SP)(2020)
摘要
Machine learning has been widely applied to building security applications. However, many machine learning models require the continuous supply of representative labeled data for training, which limits the models' usefulness in practice. In this paper, we use bot detection as an example to explore the use of data synthesis to address this problem. We collected the network traffic from 3 online services in three different months within a year (23 million network requests). We develop a stream-based feature encoding scheme to support machine learning models for detecting advanced bots. The key novelty is that our model detects bots with extremely limited labeled data. We propose a data synthesis method to synthesize unseen (or future) bot behavior distributions. The synthesis method is distribution-aware, using two different generators in a Generative Adversarial Network to synthesize data for the clustered regions and the outlier regions in the feature space. We evaluate this idea and show our method can train a model that outperforms existing methods with only 1% of the labeled data. We show that data synthesis also improves the model's sustainability over time and speeds up the retraining. Finally, we compare data synthesis and adversarial retraining and show they can work complementary with each other to improve the model generalizability.
更多查看译文
关键词
detecting bots,neural data augmentation,machine learning models,representative labeled data,bot detection,network traffic,advanced bots,model detects bots,data synthesis method,unseen bot behavior distributions,Generative Adversarial Network,model generalizability
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络