Presentation is loading. Please wait.

Presentation is loading. Please wait.

CNN are proven image classifiers, performing better than humans over the last several year.

Published byDaniella Viviani Modified over 5 years ago

Similar presentations

Presentation on theme: "CNN are proven image classifiers, performing better than humans over the last several year."— Presentation transcript:

1

2 CNN are proven image classifiers, performing better than humans over the last several year.
They are also used in non-image classification such as sound, genes, and malware. They process data in organized in vectors, matrices, or tensors. Normally that organization is naturally laid out. Spatial location such as images. Temporal location such as sound waves. Physical proximity such as a DNA strand. But what about non-natural data like machine process metrics? Extending the research by Dr. Abdelsalam for identifying malware infected machines in a cloud environment.

3 Metric columns (m) Organized by Process rows (p)
into a “Process/Metric” Image Process Image Columns: Metrics Sampled What’s the best order for the rows and columns?

4 Process Row Ordering 129 non-unique processes (of 408) Process name alphanumeric. Sibling relationships. VM then PID count. PID the VM count. 10 Randomly Generated Row Ordering Metric Column Ordering 28 Numeric metrics and two strings. Correlated. Absolute Value of Correlated. Anti-Correlated (Counter point). 10 Randomly Generated Row Ordering

5

6 Conclusion: Maintaining an order of process rows between experiments greatly improves performance. Ordering the metrics according to statistical correlation improves performance. Future work: Construct a ‘correlation’ ordering for process rows to see if that improves performance. Increase the malware data pool to include other machines (Windows OS, IOS, Android, etc.). Use data sets with a model independent machine learning such as AutoKeras. Identify other non-natural data for testing this methodology. Include time based LSTM as the output blackbox node for time based analysis.

7 Data Acquisition: LINUX/Wordpress Application Server Virtual Machine is Infected, Samples taken from All Servers Tier 1 Tier 2 Tier 3 LOAD BALANCED FIREWALL Web Server Application Server Database Clients ... . . . Web Server . . . Web Server Application Server Clients ... Web Server

8 Metric samples taken every 10 second for 30 minutes from all machines.
15 minute mark malware is injected into application server. 114 different linux malware injected. Samples from 912 machines. 29 million process samples, 2.9 million from infected machines.

9 Experiment Workflow Gather Raw Data Generate TF Records Run CNN
Focused on the Generate TF Records step. This is where the data is preprocessed for the CNN .

10 Metric column ordering:
Needed to define relationships between metrics. Picture image rows are positively correlated for surfaces and negatively correlated for edges. Ran exhaustive MySQL query to identify correlations between metrics for all samples (912 VMs)

11 Metric column ordering:
Ordered the results by the correlation [1,-1] relating metrics. Statistical Correlation: Correlated: ABS-Correlated: Anti-Correlated: 10 Randomly Generated Columns Ordering

12 Process row ordering: Determined that the initial paper did not stabilize process ordering between experiments, only by experiment. Identified 129 “non-unique” processes by name (out of 408) that were run on more than one virtual machine. Used these process as the first 129 in a list for ordering across all experiments. A process missing in an experiment sample is filled with zeros. “Unique” processes not in this list are added as a bottom row when they appear.

13 Process Row Ordering Attempted running a MySQL query to identity correlation between processes, proved infeasible with questionable results. Instead found other relationships between processes for mapping out the row order. Process name alphanumeric. Sibling relationships. VM then PID count. PID the VM count. 10 Randomly Generated Row Ordering

14 CNN Model: Used original 2D-CNN model for all experiments. 2 Convolutional layers, first is 32 nodes, second is 64 nodes, each use a 3x3 filter and relu activation. Pooling layer with a downsize of a factor of 2 after each convolutional layers. 2 Dense layers first with 1024 nodes, second 512 nodes, and relu activation each. Predictive layer is binary and produces a probability. Ordered columns and rows during the construction of the tensorflow records before processing CNN.

15 Processing Machine: Central Processor Unit: Inte Corei GHz x 12 Memory: 15.6 GB Graphical Processor Unit: GeForceTMGTX 1070i/PCIe/SSE2 OS: 64-bit Ubuntu 18.04LTS (Gnome ) CUDA: 10.0 Python: 3.6 using Tensorflow and Tensorboard

16

17

18

19

20

21

22

23

24

25

Download ppt "CNN are proven image classifiers, performing better than humans over the last several year."

Similar presentations

Symbiotic Scheduling for Shared Caches in Multi-Core Systems Using Memory Footprint Signature  Mrinmoy Ghosh  Ripal Nathuji Min Lee Karsten Schwan Hsien-Hsin.

Symbiotic Scheduling for Shared Caches in Multi-Core Systems Using Memory Footprint Signature  Mrinmoy Ghosh  Ripal Nathuji Min Lee Karsten Schwan Hsien-Hsin.
University of Notre Dame

University of Notre Dame
1 NETE4631 Cloud deployment models and migration Lecture Notes #4.

1 NETE4631 Cloud deployment models and migration Lecture Notes #4.
Grape Detection in Vineyards Ishay Levi Eran Brill.

Grape Detection in Vineyards Ishay Levi Eran Brill.
Classifier Decision Tree A decision tree classifies data by predicting the label for each record. The first element of the tree is the root node, representing.

Classifier Decision Tree A decision tree classifies data by predicting the label for each record. The first element of the tree is the root node, representing.
Introduction to DoC Private Cloud

Introduction to DoC Private Cloud
Virtualization for Cloud Computing

Virtualization for Cloud Computing
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
Virtualization A way To Begin with Virtual Reality… - Rahul Khanwani.

Virtualization A way To Begin with Virtual Reality… - Rahul Khanwani.
Distributed Data Stores – Facebook Presented by Ben Gooding University of Arkansas – April 21, 2015.

Distributed Data Stores – Facebook Presented by Ben Gooding University of Arkansas – April 21, 2015.
Paper on Best implemented scientific concept for E-Governance projects Virtual Machine By Nitin V. Choudhari, DIO,NIC,Akola.

Paper on Best implemented scientific concept for E-Governance projects Virtual Machine By Nitin V. Choudhari, DIO,NIC,Akola.
Industrial Project (234313) Final Presentation “App Analyzer” Deliver the right apps users want! (VMware) Students: Edward Khachatryan & Elina Zharikov.

Industrial Project (234313) Final Presentation “App Analyzer” Deliver the right apps users want! (VMware) Students: Edward Khachatryan & Elina Zharikov.
Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.
Simple Database.

Simple Database.
Goodbye rows and tables, hello documents and collections.

Goodbye rows and tables, hello documents and collections.
Chapter 3 Digital Representation of Geographic Data.

Chapter 3 Digital Representation of Geographic Data.
HTCondor and Beyond: Research Computer at Syracuse University Eric Sedore ACIO – Information Technology and Services.

HTCondor and Beyond: Research Computer at Syracuse University Eric Sedore ACIO – Information Technology and Services.
Dynamic Resource Monitoring and Allocation in a virtualized environment.

Dynamic Resource Monitoring and Allocation in a virtualized environment.
Microsoft Azure SoftUni Team Technical Trainers Software University

Microsoft Azure SoftUni Team Technical Trainers Software University
© 2008 Quest Software, Inc. ALL RIGHTS RESERVED. Perfmon and Profiler 101.

© 2008 Quest Software, Inc. ALL RIGHTS RESERVED. Perfmon and Profiler 101.

Similar presentations

Ads by Google