Building Research Capacity in AI Based Anomaly Detection in Cybersecurity

Researcher(s)

Sponsoring Agency
National Science Foundation

Summary

This collaborative project between Penn State University (PSU), an R1 institution, and Tuskegee University (TU), a HBCU institution, proposes to improve the solutions for the intrusion detection tasks by means of the Anomaly Detection framework in cyber systems by incorporating recent advancements in big data and machine learning techniques. The project team has a sound research record in cybersecurity, machine learning, big data, and natural language processing. Anomaly detection is a widely adopted framework to identify rare events that severely deviate from the rest of observations. Since such anomalous events are viewed as an indication of some problems, the framework has been used in many applications in cybersecurity, e.g., protecting systems from cyber-attacks, which are rampant across public and private sectors. In this project, we explore how to advance existing Anomaly Detection Systems (ADSs) to prevent more diverse and challenging types of network intrusions with higher detection accuracies. Recent advances in big data and machine learning, especially deep learning, provide an unprecedented opportunity for building highly effective ADSs. Therefore, the team will investigate methods in various data science and machine learning fields, and seek to exploit them in the context of network intrusion detection. For instance, we will explore the recent successes in detecting highly-subtle and nuanced “fake news” using advanced techniques (e.g., data augmentation via GAN, co-attention network, few-shot learning, knowledge distillation, and adversarial examples) by the PSU team and extend/apply them in the intrusion detection tasks. The improved ADS to be developed includes novel strategies for collecting, labeling, enhancing, and augmenting labeled data for advanced analytics; solutions for data representation, feature/representation learning and classification of system behaviors; and an implementation of the framework to build an ADS. We expect the new techniques will help achieve state- of-the-art accuracy in anomaly detection with low false-positive rates, compared to existing techniques. The other important goal of this project is to enhance the research capability in cybersecurity of TU, and to encourage minorities to pursue Ph.D. in data science and cybersecurity areas.

Research Area

Term
 -