Heterogeneous Domain Adaptation for Multistream Classification on Cyber Threat Data

Under a newly introduced setting of multistream classification, two data streams are involved, which are referred to as source and target streams. The source stream continuously generates data instances from a certain domain with labels, while the target stream does the same task without labels from...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2024-01, Vol.21 (1), p.1-11
Main Authors: Li, Yi-Fan, Gao, Yang, Ayoade, Gbadebo, Khan, Latifur, Singhal, Anoop, Thuraisingham, Bhavani
Format: Article
Language:English
Subjects:
Algorithms
Classification
Data transmission
Empirical analysis
Labels
Synthetic data
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Under a newly introduced setting of multistream classification, two data streams are involved, which are referred to as source and target streams. The source stream continuously generates data instances from a certain domain with labels, while the target stream does the same task without labels from another domain. Existing approaches assume that domains for both data streams are identical, which is not quite true, since data streams from different sources may contain distinct features. Indeed, they may even have different numbers of features. Furthermore, obtaining labels for every instance in a data stream is often expensive and time-consuming. Therefore, it has become an important topic to explore if classes of labeled instances from other related streams are helpful to predict the classes of unlabeled instances in a different stream. Note that domains of source and target streams may have distinct feature spaces and data distributions. Our objective is to predict class labels of data instances in the target stream by using the classifiers trained by the source stream. We propose a framework of multistream classification by using projected data from a common latent feature space, which is embedded from both source and target domains. This framework is also crucial for enterprise system defenders to detect cross-platform attacks, such as Advanced Persistent Threats (APTs). Empirical valuation and analysis on both real-world and synthetic datasets are performed to validate the effectiveness of our proposed algorithm, comparing to state-of-the-art techniques. Experimental results show that our approach significantly outperforms other existing approaches.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2022.3181682