WILEE: Agent-Based Threat Detection and Adaptive Collection for Cyber Hunting at Scale

It is imperative in cybersecurity to research and develop techniques that generate a prioritized set of threats from the adversary’s perspective. This project develops algorithms that genetically perturb threat implementations to improve detection accuracy and eliminate model overfitting. It also investigates how to efficiently access public sources of threat and vulnerability knowledge and exploit this knowledge for improved adversarial analysis.

 

This project is in collaboration with    sponsored by 

 

LIPIZZANER: GANs and Competitive Coevolution

GANs are difficult to train due to convergence pathologies such as mode and discriminator collapse. Lipizzaner, an open source software system, allows machine learning programmers to train GANs in a distributed and robust way by using spatially distributed generator and discriminator populations. Theoretical problems and image data sets demonstrate the improved performance and scalability.
Website   Publication   Publication   Blog   Blog  

This projct is funded by 

 

 

---

Machine Learning in Adversarial Settings

 

Tackling Disinformation Narratives

Understanding the tactics, techniques, and procedures of disinformation is important to developing methods of identification, countermeasures, and disinformation policy. However, large scale analysis of disinformation to understand TTP is time consuming and expensive. Therefore, a methodology that enables the automation of disinformation TTP characterization could be a useful tool for educators, researchers and policy makers. In this project we use data from euvsdisinfo.eu and perform large scale analysis of disinformation articles from online news media. Furthermore, we analyze the summary of the disinformation and the disproof of the disinformation written by news analysts. Google translate is used to automatically translate full texts of disinformation into English. Then, sentiment analysis is performed using Python's NLTK (Bird). Finally, the Propaganda Persuasion Techniques Analyzer (PRTA) from (Da San Martino et. al.) is used to detect argumentation techniques within the text. Sentiment analysis reveals that the full texts of disinformation tend to be highly polarized across topic and across target population. Furthermore, the news analysts do not appear to mimic the sentiment of the full article when writing their summary or disproof, nor are they entirely neutral. Preliminary results from PRTA demonstrate that the literary techniques used by pro-Kremlin disinformation vary across target population as well as topic. Comparing the proportion of spans detected in each type of text (e.g. summary, disproof, and full text) also reveals that the news analysts do not mirror the literary techniques of the disinformation itself.

Publication

 

SignHunter

In SignHunter, we present a novel black-box adversarial attack algorithm with state-of-the-art model evasion rates for query efficiency under L-1 and L-infinity metrics. SignHunter exploits a sign-based, rather than a magnitude-based, gradient estimation approach. This shifts the gradient estimation from continuous to binary black-box optimization. SignHunter adaptively constructs queries to estimate the gradient, one query relying upon the previous, rather than re-estimating the gradient each step with random query construction. Its reliance on sign bits yields a smaller memory footprint and it requires neither hyperparameter tuning nor dimensionality reduction.

Publication   Video

This project is sponsored by 

 

 

 

Zo-Min-Max

ZO-Min-Max provides a principled optimization framework integrating a zeroth-order (ZO) gradient estimator with an alternating projected stochastic gradient descent-ascent method, where the former only requires a small number of function queries and the latter needs just one-step descent/ascent update. The proposed framework has a sub-linear convergence rate under mild conditions and scales gracefully with problem size.

Publication

This project is sponsored by 

 

 

 

Bayesian Optimization for Nash Equilibrium

Game theory has emerged as a powerful framework for modeling a large range of multi-agent scenarios. Many algorithmic solutions require discrete, finite games with payoffs that have a closed-form specification. In contrast, many real-world applications require modeling with continuous/discrete action spaces and black-box utility functions where payoff information is available only in the form of empirical (often expensive and/or noisy) observations of strategy profiles. Few tools exist for solving the class of expensive, black-box continuous games. In this project, we investigate methods to find equilibria for such games in a sequential decision-making framework using Bayesian Optimization.
Publication   Blog

This project is sponsored by 

 

 

 

SLEIPNIR: Adversarial Machine Learning

Model based malware detectors, such as SVM and neural networks, are vulnerable to so-called adversarial examples which are modest changes to detectable malware that allows the resulting malware to evade detection. In this project, we develop methods capable of generating functionally preserved adversarial malware examples in the binary domain. We develop a method to adversarially harden malware detectors for binary representations under a bit setting constraint. Furthermore, we investigate visual hallmarks of robust generalization: good performance against unseen attacks.
Publication   Publication   Blog

This project is sponsored by 

 

 

 

Automated Vulnerability and Malware Detection in Source Code

We are developing machine learning approaches that detect bugs and vulnerabilities, and are able to classify malicious code. We use technologies from traditional programming analysis and combining them with machine learning to spot malicious and vulnerable programs in the wild. We are working with two programming languages- Powershell and Solidity. To date, we have shown that our neural and graph-based representations of programs provide informative features to detect program properties signaling bugs.
Publication   Publication

This project is sponsored by 

 

 

---

Understanding Programs and Programming

For a variety of applications, we need systems that understand code and that are able to represent the meaning of code in a way that suits an intended purpose. This leads to us working on deep learning representations of code and collaborating with neuroscientists to understand how humans understand code.

---

 

Related publications:

CLAWSAT: Towards Both Robust and Accurate Code Models. Jia*, J., Srikant*, S., Mitrovska, T., Chang, S., Gan, C., Liu, S., and O'Reilly, U.M. (2023). SANER 2023.

Convergent representations of computer programs in human and artificial neural networks. Srikant*, S., Lipkin*, B., Ivanova, A. A., Fedorenko, E., and O'Reilly, U.M. (2022). NeurIPS 2022.

Generating adversarial computer programs using optimized obfuscations. Srikant, S., Liu, S., Mitrovska, T., Chang, S., Fan, Q., Zhang, G., and O'Reilly, U.M. (2021). ICLR 2021.

STRATA: Simple, Gradient-Free Attacks for Models of Code. Springer J.M., Reinstadler B.M., O'Reilly U.M., AdvML Workshop, KDD 2021.

Can cognitive neuroscience inform neuro-symbolic inference models? Srikant, S. and O'Reilly, UM (2021). In Is Neuro-Symbolic SOTA still a myth for Natural Language Inference? (NSNLI) The first workshop, IJCAI 2021

Comprehension of computer code relies primarily on domain-general executive brain regions. Ivanova, A. A., Srikant, S., Sueoka, Y., Kean, H. H., Dhamala, R., O'Reilly, U.M., Bers, M. U., and Fedorenko, E. (2020). Elife, 9:e58906.

Representation Learning for Code Malware.  Sanja Simonovikj, Al-Dujaili A., Hemberg E., Srikant S., O'Reilly UM.  MIT-IBM AI Research Week 2019.

AST-Based Deep Learning for Detecting Malicious PowerShell.  Rusak G., Al-Dujaili A., O'Reilly UM (2018). CCS 2018.

Exploring the Use of Autoencoders for Botnets Traffic Representation  Dargenio R, Srikant S, Hemberg E, O'Reilly UM (2018). IEEE S&P 2018.

THESES:

Modeling concurrency bugs using machine learning. Rares Begu, T., Srikant, S., and O'Reilly, UM (2020). MIT SuperUROP Thesis.

Vulcan: classifying vulnerabilities in solidity smart contracts using dependency-based deep program representations. Srikant, S. (2020). MSc thesis, Massachusetts Institute of Technology.

 

 

These projects have been sponsored by    and  

 

 

 

---

Data Analytics

---

 

Real-time Modeling of Network Activity in the Developing Brain

Understanding how brain cells form functional networks during early life is key to understanding information processing in the developing brain and how this processing is disrupted in neurodevelopmental disorders. The communication between brain cells can be observed in real-time by neuroscientists using two-photon calcium imaging and/or microelectrode arrays. Yet the time necessary for analyzing these large datasets can limit our ability to study network development over time using existing methods. We use machine learning to accelerate this analysis pipeline and to enhance both the signal extraction and feature selection. Multiple opportunities exist for students to apply their interests in machine learning and (real!) neural networks into our analysis pipeline.

This project is in collaboration with      at  

 

 

 

---

Past Projects

---

E-Learning

MOOC Learner Project: Advancing Learning Behavioral Analytics through Data Science

Each time a learner interacts with an e-learning system it is possible to capture a record of their engagement. Data comprising mouse clicks, video controls, problem responses, programming, collaborations and discussions then becomes available to learning science. MLP’s goal is to tap into the immense potential of this data to provide insights into how students learn and how instructors can effectively teach. The challenge is to provide technology and develop new approaches that transforms this fundamentally different set of observations into actionable knowledge.
Website

An Open Learning Design, Data Analytics and Visualization Framework for E-Learning
In a continuation of previous work, we mature the end-to-end software workflow that encompasses data curation and machine learning enabled analytics by maintenance and extensions such as student programming trajectories. We conduct learning analytics research on the teaching and learning of computational thinking and computer science.
Publication   Publication

This project is in collaboration & sponsored by    under the  

 

 

Tax Non-Compliance

STEALTH (Simulating Tax Evasion and Law Through Heuristics)

Allows us to identify sequences of financial transactions around partnerships that accomplish the same economic purpose with differences in tax consequence. By applying a robust co-optimization and artificial intelligence modeling approach, it learns observables that indicate the presence of non-compliant behavior.
Website

STEALTH: Understanding the Relationship Between Tax Non-compliance and Tax Law
Through the use of partnerships and other "flow-through entities", taxpayers underreported more than $91 billion of income annually between 2006 and 2009 (GAO-14-453), and the trend shows little sign of stopping. Our goal is to develop technology that enables the discovery of non-compliant partnership transaction patterns.
Publication   Publication   Videos

Sponsored by    September 2012 - August 2015.

 

 

Flexible Machine Learning with Genetic Programming

FlexGP

The FlexGP project goal is scalable machine learning using genetic programming (GP). Genetic programming is a mature, robust multi-point search technique (inspired by evolution) which supports readable, and flexibly specified learning representations which can readily express linear or non-linear data relationships. It is well suited to parallelization and machine learning. It has a strong record in real world domains.
Website   Code

FlexGP:
A cloud based platform for generating transparent non-linear large scale regression problems.
Website   Publication

FCUBE
A data parallel approach to building ensemble of classifiers.
Website   Publication

Feature Learning
Evolutionary Feature Synthesis (EFS) generates accurate, readable, nonlinear features for tabular data.
Website   Publication

 

More Past Projects

ALFA's research would not be possible without the past and ongoing support of our industry sponsors

The views, opinions and positions expressed by ALFA Group and on this site are theirs alone, and do not necessarily reflect the views, opinions or positions of their sponsors