CP

Can Feature Engineering Help Quantum Machine Learning for Malware Detection?

With the increasing number and sophistication of malware attacks, malware detection systems based on machine learning (ML) grow in importance. At the same time, many popular ML models used in malware classification are supervised solutions. These …

Malware Antivirus Scan Pattern Mining via Tensor Decomposition

Accurate labeling is important for detecting malware and building reference datasets which can be used for evaluating machine learning (ML) based malware classification and clustering approaches. Labels obtained from Anti-Virus (AV) vendors (such as …

Random Forest of Tensors (RFoT)

Machine learning has become an invaluable tool in the fight against malware. Traditional supervised and unsupervised methods are not designed to capture the multi-dimensional details that are often present in cyber data. In contrast, tensor …

Multi-Dimensional Anomalous Entity Detection via Poisson Tensor Factorization

As the attack surfaces of large enterprise networks grow, anomaly detection systems based on statistical user behavior analysis play a crucial role in identifying malicious activities. Previous work has shown that link prediction algorithms based on …

Anomalous Event Detection using Non-Negative Poisson Tensor Factorization

Network intrusion detection systems that are based on statistical User Behaviour Analytics play a fundamental role in the identification of anomalous agents such as malicious insiders, misused accounts, and users with compromised credentials. To this extent, there have been significant results in detecting anomalies from learned user behavior models via non-negative Poisson matrix factorization. We expand upon previous work in this project by exploiting the higher dimensional and sparse problems created by the user authentication data. An integrated multidimensional anomaly scoring method based on tensors and Poisson recommender systems is proposed. In our experiments, we build a higher-order model that can detect the accounts compromised by red-team during penetration testing activities at a large organization.