WILEE: Agent-Based Threat Detection and Adaptive Collection for Cyber Hunting at Scale

It is imperative in cybersecurity to research and develop techniques that generate a prioritized set of threats from the adversary’s perspective. This project develops algorithms that genetically perturb threat implementations to improve detection accuracy and eliminate model overfitting. It also investigates how to efficiently access public sources of threat and vulnerability knowledge and exploit this knowledge for improved adversarial analysis.

 

This project is in collaboration with    sponsored by 

 

LIPIZZANER: GANs and Competitive Coevolution

GANs are difficult to train due to convergence pathologies such as mode and discriminator collapse. Lipizzaner, an open source software system, allows machine learning programmers to train GANs in a distributed and robust way by using spatially distributed generator and discriminator populations. Theoretical problems and image data sets demonstrate the improved performance and scalability.
Website   Publication   Publication   Blog   Blog  

This projct is funded by 

 

 

---

Machine Learning in Adversarial Settings

 

Tackling Disinformation Narratives

Understanding the tactics, techniques, and procedures of disinformation is important to developing methods of identification, countermeasures, and disinformation policy. However, large scale analysis of disinformation to understand TTP is time consuming and expensive. Therefore, a methodology that enables the automation of disinformation TTP characterization could be a useful tool for educators, researchers and policy makers. In this project we use data from euvsdisinfo.eu and perform large scale analysis of disinformation articles from online news media. Furthermore, we analyze the summary of the disinformation and the disproof of the disinformation written by news analysts. Google translate is used to automatically translate full texts of disinformation into English. Then, sentiment analysis is performed using Python's NLTK (Bird). Finally, the Propaganda Persuasion Techniques Analyzer (PRTA) from (Da San Martino et. al.) is used to detect argumentation techniques within the text. Sentiment analysis reveals that the full texts of disinformation tend to be highly polarized across topic and across target population. Furthermore, the news analysts do not appear to mimic the sentiment of the full article when writing their summary or disproof, nor are they entirely neutral. Preliminary results from PRTA demonstrate that the literary techniques used by pro-Kremlin disinformation vary across target population as well as topic. Comparing the proportion of spans detected in each type of text (e.g. summary, disproof, and full text) also reveals that the news analysts do not mirror the literary techniques of the disinformation itself.

Publication

 

SignHunter

In SignHunter, we present a novel black-box adversarial attack algorithm with state-of-the-art model evasion rates for query efficiency under L-1 and L-infinity metrics. SignHunter exploits a sign-based, rather than a magnitude-based, gradient estimation approach. This shifts the gradient estimation from continuous to binary black-box optimization. SignHunter adaptively constructs queries to estimate the gradient, one query relying upon the previous, rather than re-estimating the gradient each step with random query construction. Its reliance on sign bits yields a smaller memory footprint and it requires neither hyperparameter tuning nor dimensionality reduction.

Publication   Video

This project is sponsored by 

 

 

 

Zo-Min-Max

ZO-Min-Max provides a principled optimization framework integrating a zeroth-order (ZO) gradient estimator with an alternating projected stochastic gradient descent-ascent method, where the former only requires a small number of function queries and the latter needs just one-step descent/ascent update. The proposed framework has a sub-linear convergence rate under mild conditions and scales gracefully with problem size.

Publication

This project is sponsored by 

 

 

 

Bayesian Optimization for Nash Equilibrium

Game theory has emerged as a powerful framework for modeling a large range of multi-agent scenarios. Many algorithmic solutions require discrete, finite games with payoffs that have a closed-form specification. In contrast, many real-world applications require modeling with continuous/discrete action spaces and black-box utility functions where payoff information is available only in the form of empirical (often expensive and/or noisy) observations of strategy profiles. Few tools exist for solving the class of expensive, black-box continuous games. In this project, we investigate methods to find equilibria for such games in a sequential decision-making framework using Bayesian Optimization.
Publication   Blog

This project is sponsored by 

 

 

 

SLEIPNIR: Adversarial Machine Learning

Model based malware detectors, such as SVM and neural networks, are vulnerable to so-called adversarial examples which are modest changes to detectable malware that allows the resulting malware to evade detection. In this project, we develop methods capable of generating functionally preserved adversarial malware examples in the binary domain. We develop a method to adversarially harden malware detectors for binary representations under a bit setting constraint. Furthermore, we investigate visual hallmarks of robust generalization: good performance against unseen attacks.
Publication   Publication   Blog

This project is sponsored by 

 

 

 

Automated Vulnerability and Malware Detection in Source Code

We are developing machine learning approaches that detect bugs and vulnerabilities, and are able to classify malicious code. We are using technologies from traditional programming analysis and combining them with machine learning to spot malicious and vulnerable programs in the wild. We are working with two programming languages- Powershell and Solidity. To date, we have shown that our neural and graph-based representations of programs provide informative features to detect program properties signaling bugs. We are presently considering featureless deep learning methods.
Publication   Publication

This project is sponsored by 

 

 

 

Building Robustness with a Simple Method for Generating Black-box Adversarial Attacks for Models of Code

The challenge of adversarial examples, i.e., imperceptible perturbations in the input that result in misclassification, is now well-known to the machine learning research community, especially in the image and natural language domains. However, generating adversarial examples in the source code domain poses additional problems. Unlike vision and natural language, source code perturbations must adhere to strict semantic guidelines so that the resulting programs do not change the functional meaning of the code. We are working on a simple and efficient black-box method for generating state-of-the-art adversarial examples on models of code.

This project is sponsored by 

 

 

---

Understanding Programs and Programming

For a variety of applications, we need systems that understand code and that are able to represent the meaning of code in a way that suits an intended purpose. This leads to us working on deep learning representations of code and collaborating with neuroscientists to understand how humans understand code.

---

 

Neural Bases of Comprehending Computer Programs

In an attempt at understanding why we introduce bugs in the programs we write, we have studied the functions in the human brain when we read and understand computer programs. We studied whether comprehending programming languages activate the same regions of the brain as those recruited when comprehending natural languages. We found in our study that the brain regions for natural and programming languages are different. This opens up an exciting area to explore whether the bugs we introduce can be localized to activities in specific parts of the brain responsible for code processing.

Publication

This project is sponsored by 

 

 

 

Deep Code Representation for Bug Detection

As domain-specific languages such as Solidity for Ethereum have emerged to program blockchain distributed ledgers, domain-specific bugs and vulnerabilities have reciprocally arisen. We propose a machine learning approach to designing classifiers that can flag specific lines of programs containing such vulnerabilities. This classification task calls for reasoning beyond what tokens are in a line to reasoning about how each token lies within a control context (e.g. loop) and how its meaning depends on its preceding definition. We are developing a distributed representation in latent feature space to express these properties while ensuring that lines of similar meaning have similar features.

This project is sponsored by    previously funded by 

 

 

 

---

Data Analytics

---

 

Real-time Modeling of Network Activity in the Developing Brain

Understanding how brain cells form functional networks during early life is key to understanding information processing in the developing brain and how this processing is disrupted in neurodevelopmental disorders. The communication between brain cells can be observed in real-time by neuroscientists using two-photon calcium imaging and/or microelectrode arrays. Yet the time necessary for analyzing these large datasets can limit our ability to study network development over time using existing methods. We use machine learning to accelerate this analysis pipeline and to enhance both the signal extraction and feature selection. Multiple opportunities exist for students to apply their interests in machine learning and (real!) neural networks into our analysis pipeline.

This project is in collaboration with      at  

 

 

 

---

Past Projects

---

E-Learning

MOOC Learner Project: Advancing Learning Behavioral Analytics through Data Science

Each time a learner interacts with an e-learning system it is possible to capture a record of their engagement. Data comprising mouse clicks, video controls, problem responses, programming, collaborations and discussions then becomes available to learning science. MLP’s goal is to tap into the immense potential of this data to provide insights into how students learn and how instructors can effectively teach. The challenge is to provide technology and develop new approaches that transforms this fundamentally different set of observations into actionable knowledge.
Website

An Open Learning Design, Data Analytics and Visualization Framework for E-Learning
In a continuation of previous work, we mature the end-to-end software workflow that encompasses data curation and machine learning enabled analytics by maintenance and extensions such as student programming trajectories. We conduct learning analytics research on the teaching and learning of computational thinking and computer science.
Publication   Publication

This project is in collaboration & sponsored by    under the  

 

 

Tax Non-Compliance

STEALTH (Simulating Tax Evasion and Law Through Heuristics)

Allows us to identify sequences of financial transactions around partnerships that accomplish the same economic purpose with differences in tax consequence. By applying a robust co-optimization and artificial intelligence modeling approach, it learns observables that indicate the presence of non-compliant behavior.
Website

STEALTH: Understanding the Relationship Between Tax Non-compliance and Tax Law
Through the use of partnerships and other "flow-through entities", taxpayers underreported more than $91 billion of income annually between 2006 and 2009 (GAO-14-453), and the trend shows little sign of stopping. Our goal is to develop technology that enables the discovery of non-compliant partnership transaction patterns.
Publication   Publication   Videos

Sponsored by    September 2012 - August 2015.

 

 

Flexible Machine Learning with Genetic Programming

FlexGP

The FlexGP project goal is scalable machine learning using genetic programming (GP). Genetic programming is a mature, robust multi-point search technique (inspired by evolution) which supports readable, and flexibly specified learning representations which can readily express linear or non-linear data relationships. It is well suited to parallelization and machine learning. It has a strong record in real world domains.
Website   Code

FlexGP:
A cloud based platform for generating transparent non-linear large scale regression problems.
Website   Publication

FCUBE
A data parallel approach to building ensemble of classifiers.
Website   Publication

Feature Learning
Evolutionary Feature Synthesis (EFS) generates accurate, readable, nonlinear features for tabular data.
Website   Publication

 

More Past Projects

ALFA's research would not be possible without the past and ongoing support of our industry sponsors

The views, opinions and positions expressed by ALFA Group and on this site are theirs alone, and do not necessarily reflect the views, opinions or positions of their sponsors