Cyberspace Security Using Adversarial Learning and Conformal Prediction


This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.

Share and Cite:

Wechsler, H. (2015) Cyberspace Security Using Adversarial Learning and Conformal Prediction. Intelligent Information Management, 7, 195-222. doi: 10.4236/iim.2015.74016.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] Olmedo, O., Zhang, J., Wechsler, H., Poland, A. and Borne, K. (2008) Automatic Detection and Tracking of Coronal Mass Ejections (CMEs) in Coronagraph Time Series. Solar Physics, 248, 485-499.
[2] Miller, B., Kantchelian, A., Afroz, S., Bachwani, R., Dauber, E., Huang, L., Tschantz, M.C., Joseph, A.D. and Tygar J.D. (2014) Adversarial Active Learning. Proceeding of the 2014 Workshop on Artificial Intelligent and Security Workshop AI, Scottsdale, 3-7 November 2014, 3-14.
[3] Thiel, C. (2008) Classification on Soft Labels Is Robust Against Label Noise. Proceeding of the 12th International Conference on Knowledge-Based Intelligent Information and Engineering Systems, Zagreb, 3-5 September 2008, 65-73.
[4] Tygar, J.D. (2011) Adversarial Machine Learning. IEEE Internet Computing, 15, 4-6.
[5] Nelson, B., Barreno, M., Chi, F.J., Joseph, A.D., Rubinstein, B.I.P., Saini, U., Sutton, C., Tygar, J.D. and Xia, K. (2008) Exploiting Machine Learning to Subvert Your Spam Filter. Proceeding of 1st Usenix Workshop on Large Scale Exploits and Emergent Threats, San Francisco, 15 April 2008, 1-9.
[6] Bootkrajang, J. and Kaban, A. (2012) Label-Noise Robust Logistic Regression and Its Applications. Proceedings of the 2012 European Conference on Machine Learning and Knowledge Discovery in Database, Bristol, 24-28 September 2012, 143-158.
[7] DeBarr, D., Sun, H. and Wechsler, H. (2013) Adversarial Spam Detection Using the Randomized Hough Transform-Support Vector Machine. Proceedings of the IEEE International Conference on Machine Learning and Applications (ICMLA), Miami, 4-7 December 2013, 299-304.
[8] Basit, N. and Wechsler, H. (2011) Function Prediction for in Silico Protein Mutagenesis Using Transduction and Active Learning, Proceedings of the IEEE International Conference on Bioinformatics and Biomedicine, Atlanta, 12-15 November 2011, 939-940.
[9] Sculley, D., Otey, M.E., Pohl, M., Spitznagel, B., Hainsworth, J. and Zhou, Y. (2011) Detecting Adversarial Advertisements in the Wild. Proceeding of the 17th ACM SKIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, 21-24 August 2011, 274-282.
[10] Biggio, B., Fumera, G. and Roli, F. (2014) Security Evaluation of Pattern Classifiers under Attack. IEEE Transaction on Knowledge and Data Engineering, 26, 984-996.
[11] Huang, L., Joseph, A.D., Nelson, B., Rubinstein, B. and Tygar, J.D. (2011) Adversarial Machine Learning. Proceedings of the 4th Workshop on Artificial Intelligence and Security and Artificial Intelligence, Chicago, 17-21 October 2011, 43-57.
[12] Vorobeychik, Y. and Li, B. (2014) Optimal Randomized Classification in Adversarial Settings. International Conference on Autonomous Agents and Multi-Agents Systems (AAMAS), Paris, 5-9 May 2014, 485-492.
[13] DeBarr, D. and Wechsler, H. (2012) Spam Detection using Random Boost. Pattern Recognition Letters, 33, 1237- 1244.
[14] DeBarr, D. and Wechsler, H. (2009) Spam Detection Using Clustering, Random Forests, and Active Learning. Proceedings of the 6th Conference on E-Mail and Anti-Spam (CEAS), Mountain View, 16-17 July 2009, 16-17.
[15] DeBarr, D. and Wechsler, H. (2010) Using Social Network Analysis for Spam Detection. Proceedings of the 3rd Conference on Social Computing, Behavioral Modeling and Prediction (SBP), Bethesda, 30-31 March 2010, 62-69.
[16] DeBarr, D., Ramanathan, V. and Wechsler, H. (2013) Phishing Detection Using Traffic Behavior, Spectral Clustering, and Random Forests. Proceedings of the IEEE International Conference on Intelligence and Security Informatics (ISI), Seattle, 4-7 June 2013, 67-72.
[17] DeBarr, D. and Wechsler, H. (2013) Fraud Detection Using Reputation Features, SVMs, and Random Forests. Proceedings of the 9th International Conference on Data Mining, Las Vegas, 22-25 July 2013, 238-244.
[18] Cherkassky, V. and Mulier, F. (2007) Learning from Data. 2nd Edition, Wiley, Hoboken.
[19] Vapnik, V. (1998) Statistical Learning Theory. Springer, Berlin.
[20] Chapelle, O., Scholkopf, B. and Zien, A. (Eds.) (2006) Semi-Supervised Learning. MIT Press, Cambridge.
[21] Wechsler, H. and Li, F. (2014) Biometrics and Face Recognition. In: Balasubramanian, V., Ho, S.S. and Vovk, V., Eds., Conformal Predictions for Reliable Machine Learning: Theory, Adaptations, and Applications, Elsevier, Amsterdam, 189-215.
[22] Ho, S.S., and Wechsler, H. (2010) A Martingale Framework for Detecting Changes in The Data Generating Model in Data Streams. IEEE Transaction on Pattern Analysis and Machine Intelligence, 32, 2113-2127.
[23] Ho, S.S., and Wechsler, H. (2014) On Line Change Detection Using Exchangeability. In: Balasubramanian, V., Ho, S.S. and Vovk, V., Eds., Conformal Predictions for Reliable Machine Learning: Theory, Adaptations, and Applications, Elsevier, Amsterdam, 99-114.
[24] Proedrou, K., Nouretdinov, I., Vovk, V. and Gammerman, A. (2002) Transductive Confidence Machine for Pattern Recognition. Proceeding of the 13th European Conference on Machine Learning, Royal Holloway, 19-23 August 2002, 81-390.
[25] Vapnik,V. (2000) The Nature of Statistical Learning Theory. 2nd Edition, Springer, New York.
[26] Li, F. and Wechsler, H. (2005) Open Set Face Recognition Using Transduction. IEEE Transaction on Pattern Analysis and Machine Intelligence, 27, 1686-1698.
[27] Vovk, V., Gammerman, A. and Shafer, G. (2005) Algorithmic Learning in a Random World. Springer, Berlin.
[28] Wechsler, H. and Ho, S.S. (2011) Evidence-Based Management of Data Collection and Decision-Making Using Algorithmic Randomness and Active Learning. Journal of Intelligent Information Management, 3, 142-159.
[29] Li, Y., Fang, B., Guo, L. and Chen, Y. (2007) Network Anomaly Detection based on TCM-KNN Algorithm. Proceeding of the 2nd ACM Symposium on Information, Computer and Communications Security, Singapore, 20-22 March 2007, 13-19.
[30] Li, Y. and Guo, L. (2007) An Efficient Network Anomaly Detection Scheme Based on TCM-KNN Algorithm and Data Reduction Mechanism. Proceeding of the IEEE Workshop on Information Assurance, West Point, 20-22 June 2007, 221-227.
[31] Ho, S.S. and Wechsler, H. (2008) Query by Transduction. IEEE Transaction on Pattern Analysis and Machine Intelligence, 30, 1557-1571.
[32] Balasubramanian, V., Chakraborty, S., Ho, S.S., Wechsler, H. and Panchanathan, S. (2014) Active Learning. In: Balasubramanian, V., Ho, S.S. and Vovk, V., Eds., Conformal Predictions for Reliable Machine Learning: Theory, Adaptations, and Applications, Elsevier, Amsterdam, 49-70.
[33] Li, Y., Guo, L., Fang, B.X., Tian, Z.H. and Zhang, Y.Z. (2008) Detecting DoS Attacks Against Web Server via Lightweight TCM-KNN Algorithm. Proceeding of the ACM SIGCOMM 2008 Conference on Data Communication, Seattle, 17-22 August 2008, 497-498.
[34] Liu, A., Chen, j.X. and Wechsler, H. (2013) Real-Time Covert Timing Channels Detection in a Networked Virtual Environment. Proceeding of the 9th Annual International Federation for Information Processing, Orlando, 28-30 January 2013, 273-288.
[35] Li, Y. and Guo, L. (2007) An Active Learning based TCM-KNN Algorithm for Supervised Network Intrusion Detection. Computers and Security, 26, 459-467.
[36] Basseville, M. and Nikiforov, I.V. (1993) Detection of Abrupt Changes: Theory and Application, 104. Prentice Hall, Englewood Cliffs.
[37] Ramanathan, V. and Wechsler, H. (2013) Phishing Detection and Impersonated Entity Discovery Using Conditional Random Field and Latent Dirichlet Allocation. Computer and Security, 34, 123-139.
[38] Ramanathan, V. and Wechsler, H. (2012) PhishGILLNET—Phishing Detection Methodology Using Probabilistic Latent Semantic Analysis, AdaBoost, and Co-Training. EURASIP Journal of Information Security, 2012, 1.
[39] Freund, Y. and Shapire, R.E. (1996) Experiments with a New Boosting Algorithm. Proceeding of 13th International Conference on Machine Learning (ICML), Bari, 3-6 July 1996, 148-156.
[40] Blum, A. and Mitchell, T. (1998) Combining Labeled and Unlabeled Data with Co-Training. Proceedings of the Workshop on Computational Learning Theory, Morgan Kaufmann, 24-26 July 1998, 92-100.
[41] Ramanathan, V. and Wechsler, H. (2012) Phishing Website Detection using Latent Dirichlet Allocation and AdaBoost. Proceedings of the IEEE International Conference on Intelligence and Security Informatics, Washington, 11-14 June 2012, 102-107.
[42] Blei, D.M. and Frazier, P. (2010) Distance Dependent Chinese Restaurant Process. Proceedings of the 27th International Conference on Machine Learning (ICML), Haifa, 21-24 June 2010, 87-94.
[43] Sun, H., Chen, J.X. and Wechsler, H. (2014) A New Segmentation Method for Broadcast Sports Video. Proceedings of the 8th International Conference on Frontier of Computer Science and Technology (FCST), Chengdu, 19-21 December 2014, 1789-1793.
[44] Balcan, M.F., Beygelzimer, A. and Langford, J. (2009) Agnostic Active Learning. Journal of Computer and System Sciences, 75, 78-89.
[45] Balcan, M.F., Beygelzimer, A. and Langford, J. (2006) Agnostic Active Learning. Proceedings of the International Conference on Machine Learning (ICML), Pittsburgh, 25-29 June 2006, 65-72.
[46] Kim, J., Bentley, P., Aiklelin, U., Greesmith, J., Tedesco, G. and Twycross, J. (2007) Immune System Approaches to Intrusion Detection—A Review. Natural Computing, 6, 413-466.
[47] Boudec, J.Y. and Sarafijanovic, S. (2004) An Artificial Immune System Approach to Misbehavior Detection on Mobile Ad-Hoc Networks, Proceeding of Biologically Inspired Approaches to Advanced Information Technology, Lausanne, 29-30 January 2004, 96-111.
[48] Tang, W., Yang, X.M., Xie, X., Peng, L.M., Youn, C.H. and Cao, Y. (2010) Avidity-Model based Clonal Selection Algorithm for Network Intrusion Detection. Proceedings of the 18th International Workshop on Quality of Service (IWQoS), Beijing, 16-18 June 2010, 1-5.
[49] Doddington, G.R., Liggett, W., Martin, A., Przybocki, M. and Reynolds, D. (1998) Sheep, Goats, Lambs and Wolves: A Statistical Analysis of Speaker Performance. Proceedings of 5th International Conference Spoken Language Pro- cessing, Sydney, 30 November-4 December 1998, 1351-1354.
[50] Yager, N. and Dunstone, T. (2010) The Biometric Menagerie. IEEE Transaction on Pattern Analysis and Machine Intelligence, 32, 220-230.
[51] Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D. and Stolfo, S.J. (2010) On the Infeasibility of Modeling Polymorphic Shell Code. Machine Learning Journal, 81, 179-205.
[52] Laskov, P. and Lippmann, R. (2010) Machine Learning in Adversarial Environments. Machine Learning Journal, 81, 115-119.
[53] Stein, T., Chen, E. and Mangla, K. (2011) Facebook Immune System. Proceeding of the 4th Workshop on Social Network Systems (SNS), Salzburg, 10-13 April 2011, 1-8.
[54] Lippmann, R. et al. (2000) Evaluating Intrusion Detection Systems: The 1998 DARPA Off-Line Intrusion Detection Evaluation. Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX), Los Alamitos, 25-27 January 2000, 12-26.
[55] Barbara, D., Couto, J., Jajodia, S., Poypack, L. and Wu, N. (2001) ADAM: Detection Intrusions by Data Mining. Proceedings of the IEEE Workshop on Information Assurance and Security, West Point, 5-6 June 2001, 11-16.
[56] Nappi, M. and Wechsler, H. (2012) Robust Re-Identification Using Randomness and Statistical Learning: Quo Vadis. Pattern Recognition Letters, 33, 1820-1827.
[57] Berlin, I. (1953) The Hedgehog and the Fox. Weidenfeld & Nicolson, London.
[58] Ganek, A. and Corbi, T. (2003) The Dawning of The Autonomic Computing Era. IBM Systems Journal, 42, 5-18.
[59] Fonash, P. and Schneck, P. (2015) Cybersecurity: From Months to Milliseconds. Computer, 48, 42-49.
[60] Scheirer, W.J., Rocha, A., Parris, J. and Boult, T.E. (2012) Learning for Meta-Recognition. IEEE Transactions on Information Forensics and Security, 7, 1214-1224.
[61] Wechsler, H. (2007) Reliable Face Recognition Methods. Springer, New York.
[62] Laxhammar, R. and Falkman, G. (2014) On-Line Learning and Sequential Anomaly Detection in Trajectories. IEEE Transaction on Pattern Analysis and Machine Intelligence, 36, 1158-1173.
[63] Keogh, E., Lin, J. and Fu, A. (2005) HOT SAX: Efficiently Finding the Most Unusual Time Series Subsequence. Proceeding of the 5th IEEE International Conference on Data Mining (ICDM), Houston, 27-30 November 2005, 226-233.
[64] Nischenko, I. and Jordaan, E.M. (2006) Confidence of SVM Predictions Using a Strangeness Measure. Proceedings of the International Joint Conference on Neural Networks (IJCNN), Vancouver, 16-21 July 2006, 1239-1246.
[65] Camerra, A., Palpanas, T., Shieh, J., and Keogh, E. (2010) iSAX 2.0: Indexing and Mining One Billion Time Series, Proceeding of the 10th IEEE International Conference on Data Mining (ICDM), Sydney, 13-17 December 2010, 58-67.
[66] Leskovec, J., Rajaraman, A. and Ullman, J.D. (2015) Mining of Massive Data Sets. 2nd Edition, Cambridge University Press, Cambridge.
[67] Rockwell, M. (2015) IARPA Eyes Insider-Threat Tech.
[68] El Masri, A., Likarish, P., Wechsler, H. and Kang, B.B. (2014) Identifying Users with Application-Specific Command Streams. Proceedings of the 12th International Conference on Privacy, Security and Trust (PST 2014), Toronto, 23-24 July 2014, 232-238.
[69] El Masri, A., Likarish, P., Wechsler, H. and Kang, B.B. (2015) Active Authentication Using Scrolling Behaviors. Proceedings of the 6th IEEE International Conference on Information and Communication Systems (ICICS 2015), Amman, 7-9 April 2015, 257-262.
[70] Socher, R., Ganjoo, M., Sridhar, H., Bastani, O., Manning, C.D. and Ng, A.Y. (2013) Zero-Shot Learning through Cross-Modal Transfer. Proceedings of the Advances in Neural Information Processing Systems (NIPS), 26, Lake Tahoe, 5-10 December 2013, 935-943.
[71] SchÖlkopf, B., Williamson, R.C., Smola, A.J., Shawe-Taylor, J. and Platt, J.C. (2000) Support Vector Machine for Novelty Detection. MIT Press, Cambridge, 582-588.
[72] Tax, D.M.J. and W Duin, R.P. (2004) Support Vector Data Description. Machine Learning, 54, 45-66.
[73] McDaniel, P., Jaeger, T., La Porta, T.F., et al. (2014) Security and Science of Agility. Proceedings of the 1st ACM Workshop on Moving Target Defense, Scottsdale, 3-7 November 2014, 13-19.
[74] Plerou, V., Gopikrishnan, P., Rosenow, B., Amaral, L., Guhr, T. and Stanley, H.E. (2002) A Random Matrix Theory Approach to Quantifying Collective Behavior of Stock Price Fluctuations. Empirical Science of Financial Fluctuations, 88, 35-40.
[75] Rosenow, B. (2005) DPG-School on Dynamics of Socio-Economic Systems. Bad Honnef, Germany.
[76] Kritchman, S. and Nadler, B. (2009) Non-Parametric Detection of the Number of Signal: Hypothesis Testing and Random Matrix Theory. IEEE Transactions on Signal Processing, 57, 3930-3941.
[77] Baroni, M., Dinu, G. and Kruszewski, G. (2014) Don’t Count, Predict! A Systematic Comparison of Context-Counting vs. Context-Predicting Semantic Vectors. Proceeding of the 25nd Annual Meeting of the Association for Computational Linguistics, Baltimore, 23-25 June 2014, 238-247.
[78] Mikolov, T., Chen, K., Conrado, G. and Dean, J. (2013) Efficient Estimation of Word Representations in Vector Space. Proceedings of the Workshop at ICLR, Scottsdale, 2-4 May 2013, 1-12.
[79] Pennington, J., Socher, R. and Manning, C.D. (2014) GloVe: Global Vectors for Word Representation. Conference on Empirical Methods in Natural Language Processing (EMNLP 2014), Doha, 26-28 October 2014, 1532-1543.
[80] Kraemer, H.C. (1992) Evaluating Medical Tests: Objectives and Quantitative Guidelines. Sage Public-ation, Thousand Oaks.
[81] Axelsson, S. (1999) The Base-Rate Fallacy and Its Implications for The Difficulty of Intrusion Detection. Proceedings of the 6th ACM Conference on Computer and Communications Security, Sing-apore, 1-4 November 1999, 1-7.
[82] Carr, N. (2014)
[83] Cranor, L.F. and Buchler, N. (2015) Better Together: Usability and Security Go Hand in Hand. IEEE Security and Privacy, 12, 89-93.
[84] Yadron, D. and Beck, M. (2015) Investigators Eye China in Anthem Hack.
[85] Stahl, A.E. and Feigenson, L. (2015) Observing the Unexpected Enhances Infants’ Learning and Exploration. Science, 348, 91-94.
[86] Sun, T. (1988) The Art of War. Thomas, C. (Translator), Shambhala Publications, Boston & London.
[87] Rohrbach, M., Stark, M. and Schiele, B. (2011) Evaluating Knowledge Transfer and Zero-Shot Learning in A Large Scale Setting. Proceedings of the Computer Vision and Pattern Recognition (CVPR), Colorado Springs, 20-25 June 2011, 1641-1648.
[88] Raina, R., Battle, A., Lee, H., Packer, B. and Ng, A.Y. (2007) Self-Taught Learning: Transfer Learning from Unlabeled Data. Proceedings of the 24th International Conference on Machine Learning, Corvalis, 20-24 June 2007, 759-766.
[89] Dwork, C. (2009) The Differential Privacy Frontier. Proceedings of the 6th Theory of Cryptography Conference (TCC), San Francisco, 15-17 March 2009, 496-502.
[90] McGinty, J.C. (2015) How Anti-vaccine Views Hurt Herd Immunity. Wall Street Journal.
[91] Eubanks, S. (2003) Social Networks and Epidemics.
[92] Eubank, S., Kumar, V.S., Marathe, M., Srinivasan, A. and Wang, N. (2006) Structure of Social Contact Networks and Their Impact on Epidemics. AMS-DIMACS Special Volume on Epidemiology, 70, 181-213.
[93] Volz, E. and Meyers, L.A. (2009) Epidemic Thresholds in Dynamic Contact Networks. Journal of The Royal Society Interface, 6, 233-241.
[94] Lewontin, R. (2000) The Triple Helix. Harvard University Press, Cambridge.
[95] Rothman, S. (2002) Lessons from the Living Cell: The Limits of Reductionism. McGraw-Hill, New York.
[96] Heckman, K.E., Stech, F.J., Schmocker, B.S. and Thomas, R.K. (2015) Denial and Deception in Cyber Defense. Computer, 48, 36-44.
[97] Wechsler, H. (2012) Biometrics, Forensics, Security, and Privacy using Smart Identity Management and Interoperability: Validation and Vulnerabilities of Various Techniques. Review of Policy Research, 29, 63-89.
[98] Kott, A., Swami, A. and McDaniel, P. (2014) Security Outlook: Six Cyber Game Changers for the Next 15 Years. Computer, 47, 104-106.
[99] Yoran, A. (2015) Computer-Security Industry Critiques Itself Following High-Profile Breaches.
[100] Lee, R.B. (2015) Rethinking Computers for Cyber Security. Computer, 48, 16-25.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.