Malware Triage Approach using a Task Memory based on Meta-Transfer Learning Framework

To enhance the efficiency of incident response triage operations, it is not cost-effective to defend all systems equally in a complex cyber environment. Instead, prioritizing the defense of critical functionality and the most vulnerable systems is desirable. Threat intelligence is crucial for guiding Security Operations Center (SOC) analysts' focus toward specific system activity and provides the primary contextual foundation for interpreting security alerts. This paper explores novel approaches for improving incident response triage operations, including dealing with attacks and zero-day malware. This solution for rapid prioritization of different malware have been raised to formulate fast response plans to minimize socioeconomic damage from the massive growth of malware attacks in recent years, it can also be extended to other incident response. We propose a malware triage approach that can rapidly classify and prioritize different malware classes to address this concern. We utilize a pre-trained ResNet18 network based on Siamese Neural Network (SNN) to reduce the biases in weights and parameters. Furthermore, our approach incorporates external task memory to retain the task information of previously encountered examples. This helps to transfer experience to new samples and reduces computational costs, without requiring backpropagation on external memory. Evaluation results indicate that the classification aspect of our proposed method surpasses other similar classification techniques in terms of performance. This new triage strategy based on task memory with meta-learning evaluates the level of similarity matching across malware classes to identify any risky and unknown malware (e.g., zero-day attacks) so that a defense of those that support critical functionality can be conducted

Genetic Programming for Automatically Synthesising Robust Image Descriptors with A Small Number of Instances

Image classification is a core task in many applications of computer vision, including object detection and recognition. It aims at analysing the visual content and automatically categorising a set of images into different groups. Performing image classification can largely be affected by the features used to perform this task. Extracting features from images is a challenging task due to the large search space size and practical requirements such as domain knowledge and human intervention. Human intervention is usually needed to identify a good set of keypoints (regions of interest), design a set of features to be extracted from those keypoints such as lines and corners, and develop a way to extract those features. Automating these tasks has great potential to dramatically decrease the time and cost, and may potentially improve the performance of the classification task. There are two well-recognised approaches in the literature to automate the processes of identifying keypoints and extracting image features. Designing a set of domain-independent features is the first approach, where the focus is on dividing the image into a number of predefined regions and extracting features from those regions. The second approach is synthesising a function or a set of functions to form an image descriptor that aims at automatically detecting a set of keypoints such as lines and corners, and performing feature extraction. Although employing image descriptors is more effective and very popular in the literature, designing those descriptors is a difficult task that in most cases requires domain-expert intervention. The overall goal of this thesis is to develop a new domain independent Genetic Programming (GP) approach to image classification by utilising GP to evolve programs that are capable of automatically detecting diverse and informative keypoints, designing a set of features, and performing feature extraction using only a small number of training instances to facilitate image classification, and are robust to different image changes such as illumination and rotation. This thesis focuses on incorporating a variety of simple arithmetic operators and first-order statistics (mid-level features) into the evolutionary process and on representation of GP to evolve programs that are robust to image changes for image classification. This thesis proposes methods for domain-independent binary classification in images using GP to automatically identify regions within an image that have the potential to improve classification while considering the limitation of having a small training set. Experimental results show that in over 67% of cases the new methods significantly outperform the use of existing hand-crafted features and features automatically detected by other methods. This thesis proposes the first GP approach for automatically evolving an illumination-invariant dense image descriptor that detects automatically designed keypoints, and performs feature extraction using only a few instances of each class. The experimental results show improvement of 86% on average compared to two GP-based methods, and can significantly outperform domain-expert hand-crafted descriptors in more than 89% of the cases. This thesis also considers rotation variation of images and proposes a method for automatically evolving rotation-invariant image descriptors through integrating a set of first-order statistics as terminals. Compared to hand-crafted descriptors, the experimental results reveal that the proposed method has significantly better performance in more than 83% of the cases. This thesis proposes a new GP representation that allows the system to automatically choose the length of the feature vector side-by-side with evolving an image descriptor. Automatically determining the length of the feature vector helps to reduce the number of the parameters to be set. The results show that this method has evolved descriptors with a very small feature vector which yet still significantly outperform the competitive methods in more than 91% of the cases. This thesis proposes a method for transfer learning by model in GP, where an image descriptor evolved on instances of a related problem (source domain) is applied directly to solve a problem being tackled (target domain). The results show that the new method evolves image descriptors that have better generalisability compared to hand-crafted image descriptors. Those automatically evolved descriptors show positive influence on classifying the target domain datasets in more than 56% of the cases

Keypoints Detection and Feature Extraction: A Dynamic Genetic Programming Approach for Evolving Rotation-invariant Texture Image Descriptors

1089-778X © 2017 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. The goodness of the features extracted from the instances and the number of training instances are two key components in machine learning, and building an effective model is largely affected by these two factors. Acquiring a large number of training instances is very expensive in some situations such as in the medical domain. Designing a good feature set, on the other hand, is very hard and often requires domain expertise. In computer vision, image descriptors have emerged to automate feature detection and extraction; however, domain-expert intervention is typically needed to develop these descriptors. The aim of this paper is to utilize genetic programming to automatically construct a rotation-invariant image descriptor by synthesizing a set of formulas using simple arithmetic operators and first-order statistics, and determining the length of the feature vector simultaneously using only two instances per class. Using seven texture classification image datasets, the performance of the proposed method is evaluated and compared against eight domain-expert hand-crafted image descriptors. Quantitatively, the proposed method has significantly outperformed, or achieved comparable performance to, the competitor methods. Qualitatively, the analysis shows that the descriptors evolved by the proposed method can be interpreted

Automatically Evolving Rotation-Invariant Texture Image Descriptors by Genetic Programming

© 2016 IEEE. In computer vision, training a model that performs classification effectively is highly dependent on the extracted features, and the number of training instances. Conventionally, feature detection and extraction are performed by a domain expert who, in many cases, is expensive to employ and hard to find. Therefore, image descriptors have emerged to automate these tasks. However, designing an image descriptor still requires domain-expert intervention. Moreover, the majority of machine learning algorithms require a large number of training examples to perform well. However, labeled data is not always available or easy to acquire, and dealing with a large dataset can dramatically slow down the training process. In this paper, we propose a novel genetic programming-based method that automatically synthesises a descriptor using only two training instances per class. The proposed method combines arithmetic operators to evolve a model that takes an image and generates a feature vector. The performance of the proposed method is assessed using six datasets for texture classification with different degrees of rotation and is compared with seven domain-expert designed descriptors. The results show that the proposed method is robust to rotation and has significantly outperformed, or achieved a comparable performance to, the baseline methods

A multitree genetic programming representation for automatically evolving texture image descriptors

© Springer International Publishing AG 2017. Image descriptors are very important components in computer vision and pattern recognition that play critical roles in a wide range of applications. The main task of an image descriptor is to automatically detect micro-patterns in an image and generate a feature vector. A domain expert is often needed to undertake the process of developing an image descriptor. However, such an expert, in many cases, is difficult to find or expensive to employ. In this paper, a multitree genetic programming representation is adopted to automatically evolve image descriptors. Unlike existing hand-crafted image descriptors, the proposed method does not rely on predetermined features, instead, it automatically identifies a set of features using a few instances of each class. The performance of the proposed method is assessed using seven benchmark texture classification datasets and compared to seven state-of-the-art methods. The results show that the new method has significantly outperformed its counterpart methods in most cases

Binary image classification: A genetic programming approach to the problem of limited training instances

© 2016 by the Massachusetts Institute of Technology. In the computer vision and pattern recognition fields, image classification represents an important yet difficult task. It is a challenge to build effective computer models to replicate the remarkable ability of the human visual system, which relies on only one or a few instances to learn a completely new class or an object of a class. Recently we proposed two genetic programming (GP) methods, one-shot GP and compound-GP, that aim to evolve a program for the task of binary classification in images. The two methods are designed to use only one or a few instances per class to evolve the model. In this study, we investigate these two methods in terms of performance, robustness, and complexity of the evolved programs. We use ten data sets that vary in difficulty to evaluate these two methods. We also compare them with two other GP and six non-GP methods. The results show that one-shot GP and compound-GP outperform or achieve results comparable to competitor methods. Moreover, the features extracted by these two methods improve the performance of other classifiers with handcrafted features and those extracted by a recently developed GP-based method in most cases

A One-shot Learning Approach to Image Classification using Genetic Programming

In machine learning, it is common to require a large number of instances to train a model for classification. In many cases, it is hard or expensive to acquire a large number of instances. In this paper, we propose a novel genetic programming (GP) based method to the problem of automatic image classification via adopting a one-shot learning approach. The proposed method relies on the combination of GP and Local Binary Patterns (LBP) techniques to detect a predefined number of informative regions that aim at maximising the between-class scatter and minimising the within-class scatter. Moreover, the proposed method uses only two instances of each class to evolve a classifier. To test the effectiveness of the proposed method, four different texture data sets are used and the performance is compared against two other GP-based methods namely Conventional GP and Two-tier GP. The experiments revealed that the proposed method outperforms these two methods on all the data sets. Moreover, a better performance has been achieved by Naïve Bayes, Support Vector Machine, and Decision Trees (J48) methods when extracted features by the proposed method have been used compared to the use of domain-specific and Two-tier GP extracted features. © Springer International Publishing 2013