Effective detection of security compromises in enterprises using feature engineering
Duan, Jiayi
Loading…
Permalink
https://hdl.handle.net/2142/95622
Description
Title
Effective detection of security compromises in enterprises using feature engineering
Author(s)
Duan, Jiayi
Issue Date
2016-12-08
Director of Research (if dissertation) or Advisor (if thesis)
Vasudevan, Shobha
Department of Study
Electrical & Computer Eng
Discipline
Electrical & Computer Engr
Degree Granting Institution
University of Illinois at Urbana-Champaign
Degree Name
M.S.
Degree Level
Thesis
Keyword(s)
Feature engineering
Abstract
"We present a method to effectively detect malicious activity in the data of enterprise logs. Our method involves feature engineering, or generating new features by applying operators on the features of the raw data. We apply the Fourier expansion of Boolean functions to generate parity functions on feature subsets, or parity features. We also investigate a heuristic method of applying Boolean operators to raw data features, generating propositional features. We demonstrate with real data sets that the engineered features enhance the performance of classifiers and clustering algorithms. As compared to classification of raw data features, the engineered features achieve up to 50.6% improvement in malicious recall while sacrificing no more than 0.47% in accuracy. Clustering with respect to the engineered features finds up to 6 ""pure"" malicious clusters, as compared to 0 ""pure"" clusters with raw data features. In one case, exactly one (1) engineered feature could achieve higher performance than 91 raw data features. In general, a small number (<10) of engineered features achieve higher performance than raw data features."
Use this login method if you
don't
have an
@illinois.edu
email address.
(Oops, I do have one)
IDEALS migrated to a new platform on June 23, 2022. If you created
your account prior to this date, you will have to reset your password
using the forgot-password link below.
