Abstract
Event detection is a very important problem across many domains and is a broadly applicable encompassing many disciplines within engineering systems. In this paper, we focus on improving the user’s ability to quickly identify threat events such as malware, military policy violations, and natural environmental disasters. The information to perform these detections is extracted from text data sets in the latter two cases. Malware threats are important as they compromise computer system integrity and potentially allow the collection of sensitive information. Military policy violations such as ceasefire policies are important to monitor as they disrupt the daily lives of many people within countries that are torn apart by social violence or civil war. The threat of environmental disasters takes many forms and is an ever-present danger worldwide, and indiscriminate regarding who is harmed or killed. In this paper, we address all three of these threat event types using the same underlying technology for mining the information that leads to detecting such events. We approach malware event detection as a binary classification problem, i.e., one class for the threat mode and another for non-threat mode. We extend our novel classifier utilizing constrained low rank approximation as the core algorithm innovation and apply our Nonnegative Generalized Moody-Darken Architecture (NGMDA) hybrid method using various combinations of input and output layer algorithms. The new algorithm uses a nonconvex optimization problem via the nonnegative matrix factorization (NMF) for the hidden layer of a single layer perceptron and a nonnegative constrained adaptive filter for the output layer estimator. We first show the utility of the core NMF technology for both ceasefire violation and environmental disaster event detection. Next NGMDA is applied to the problem of malware threat events, again based on the NMF as the core computational tool. Also, we demonstrate that an algorithm should be appropriately selected for the data generation process. All this has critical implications for design of solutions for important threat/event detection scenarios. Lastly, we present experimental results on foreign language text for ceasefire violation and environmental disaster events. Experimental results on a KDD competition data set for malware classification are presented using our new NGMDA classifier.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The UNB ISCX NSL-KDD malware dataset was obtained from http://www.unb.ca/research/iscx/dataset/iscx-NSL-KDD-dataset.html and a github site for the data used in this work: https://github.com/defcom17/NSL_KDD.
References
Moody, J., Darken, C.: Fast learning in networks of locally-tuned processing units. Neural Comput. 1(1), 281–294 (1989)
Lippmann, R.P.: Pattern classification using neural networks. IEEE Commun. Mag. 27(11), 47–54 (1989)
Drake, B., Huang, T., Cistola, C.: Malware detection based on new implementations of the moody-darken single-layer perceptron architecture: when the data speaks, are we listening? In: Ahram, T., Karwowski, W. (eds.) Proceedings of the 7th International Conference on Applied Human Factors and Ergonomics, Human Factors in Cybersecurity, Orlando, Florida, USA, 27–21 July. Springer (2016, invited paper)
Kim, J., He, Y., Park, H.: Algorithms for nonnegative matrix and tensor factorizations: a unified view based on block coordinate descent framework. J. Glob. Optim. 58, 285–319 (2014)
Haykin, S.: Adaptive Filter Theory, 5th edn. Pearson Education, Inc., New Jersey (2014)
Haykin, S.: Neural Networks and Learning Machines, 3rd edn. Prentice Hall, Upper Saddle River (2009)
Bishop, C.: Neural Networks for Pattern Recognition. Oxford University Press, New York (2005)
Drake, B., Luk, F., Speiser, J.M., Symanski, J.: SLAPP: a systolic linear algebra parallel processor: IEEE. Computer 20(7), 45–49 (1987)
Chen, J., Richard, C., Bermudez, J., Honeine, P.: Nonnegative least-mean-square algorithm. IEEE Trans. Sig. Process. 59(11), 5225–5235 (2011)
Golub, G.H., Van Loan, C.F.: Matrix Computations. The Johns Hopkins University Press, Baltimore (2013)
Franc, V., Hlaváč, V., Navara, M.: Sequential coordinate-wise algorithm for the non-negative least squares problem. In: Proceedings of the 11th International Conference on Computer Analysis of Images and Patterns (CAIP), pp. 407–414 (2005)
Drake, B., Kim, J., Mallick, M., Park, H.: Supervised Raman spectra estimation based on nonnegative rank deficient least squares. In: Proceedings 13th International Conference on Information Fusion, Edinburgh, UK (2010)
Kay, S.M.: Fundamentals of Statistical Signal Processing: Detection Theory, vol. 2. Prentice Hall PTR, Englewood Cliffs (1998)
Acknowledgments
The authors thank Dr. Richard Boyd for his significant contributions to SmallK and LEAN, both of which were essential tools used in our topic refinement process. We would also like to thank Dr. Elizabeth Whitaker for the opportunity to present this work and the Information and Communication Laboratory (ICL) at Georgia Tech Research Institute for supporting this research. This work was supported in part by the Defense Advanced Research Projects Agency (DARPA) XDATA program grant FA8750-12-2-0309. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of DARPA.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Drake, B., Huang, T., Beavers, A., Du, R., Park, H. (2018). Event Detection Based on Nonnegative Matrix Factorization: Ceasefire Violation, Environmental, and Malware Events. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-60585-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60584-5
Online ISBN: 978-3-319-60585-2
eBook Packages: EngineeringEngineering (R0)