DOCSLIB.ORG

Automated Feature Learning for Intrusion Detection in Unstructured Log Data

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automated Feature Learning for Intrusion Detection in Unstructured Log Data Automated Feature Learning for Intrusion Detection in Unstructured Log Data Master Thesis submitted for completion of the MSc Cognitive Science and Artificial Intelligence at Tilburg University by Martijn van Laar under supervision of Martijn van Otterlo (Tilburg University) Abstract: Log-based anomaly detection for cybersecurity has focused on different types of log files. Natural language-based log files, particularly the more dynamic log types, have received little attention in previous research. In the current thesis, features are automatically learned from HTTP log data from a live server, using various classifiers. An Host-based Intrusion Detection System (HIDS) provides input for this task. An LSTM-based classifier with a final AUROC of 0.98 shows features in dynamic unstructured log data can be learned from examples. 1. Motivation According to a recent survey, more than half of all internet traffic is generated automatically (Zeifman 2017). These automated agents or bots can be defined as systems being part of an online environment, acting within that environment in pursuit of their own agenda (Franklin and Graesser 1997). Bots in that respect can perform different actions, depending on their built-in agenda. Some benign bots index the internet for search engines, while others identify and reverse so-called Wikipedia vandalism. On the other hand, malicious bots search the internet for email addresses to send spam to, or perform DDoS attacks (Tsvetkova et al. 2017). Of all internet traffic in 2016, as much as 28.9% originated from different kinds of malicious bots. A large portion of this traffic can be attributed to DDoS-attacks and other traffic without immediate security risks for end users. However, as much as 2.6% of all traffic can be traced back to hackers looking for sites with vulnerabilities they might exploit. 94.2% of websites part of a survey auditing 100,000 websites experienced at least one bot attack within a period of 90 days (Zeifman 2017). With the internet by now an essential part of everyday life, security on the internet is of greater importance than ever before. Most attacks are preventable, for example by having up to date software installed, having secure passwords and monitoring known vulnerabilities. However, not all websites and servers are maintained as well as would be desirable. Bots oriented towards intrusion on websites or servers can have differing agendas. Some try and infiltrate contact forms in order to send spam using a website’s email functionality, while others work towards database intrusion to find badly encrypted user data. Results from these efforts can include selling user accounts and passwords or using badly secured servers as nodes for the TOR network, aimed at masking identities and used for accessing the dark web. A widely-used strategy for locating insecure websites entails requesting possible paths on a website for applications or plugins that are known to have vulnerabilities. Once such an application is located, these vulnerabilities are employed, with varying consequences depending on the application in question. This scanning tactic can be used to identify bots in website access logs. Identifying these bots can require large amounts of domain knowledge, which is not always available. This thesis will focus on modelling an Intrusion Detection System (IDS), automatically detecting features using deep neural networks in access log data gathered from a live environment. Since the amount of available data is vast and labelled data is lacking, defined intrusions by an often used implementation of these IDSs, OSSEC (Hay, Cid, and Bray 2008), will provide labelled input for this task. The main goal in this thesis is not to replace the already fully functional IDS, but to indicate how tools originating in natural language processing (NLP) can enhance and support future text-based log file anomaly detection, ultimately showing features of these types of logs can be machine-learnable. - 2 - 2. Introduction In the following section, an overview will be provided of what Intrusion Detection Systems exactly entail and how the field of anomaly detection offers insights in improving these systems. Furthermore, data used in these studies and current problems with regard to data collection and preparation will be discussed. These issues will lead to defining the central research question in this thesis, which is: “To what extent can rule-based anomaly detection in text-based log files be approximated by a statistical model, using self-learned features?” 2.1 Intrusion Detection Systems Because of the large amount and variety of internet traffic, keeping track of possible security issues by hand is not feasible for any system administrator. On top of implementing the appropriate security measures, automatically detecting any possible remaining intrusions is of a high priority for any network. For these kinds of situations, Intrusion Detection Systems (IDSs) are set up. Two main branches of IDSs can be identified: Network IDS (NIDS) and Host-based IDS (HIDS). NIDSs detect intrusion from a centralised location in a defined network. Since the current thesis focuses on web and server site security, centralised intrusion detection is more difficult because of secure Hypertext Transfer Protocol (HTTP) traffic, or HTTPS. HTTPS traffic is encrypted, and is in most applications only decrypted and thus readable for an IDS on the host server. Consequently, intrusion detection for websites and webservers is usually performed at the host server. Within the realm of HIDSs, the two main branches are signature-based and anomaly- based intrusion detection. Signature-based HIDS works by tracking known attack signatures in the analysed traffic. While signature-based IDS can be reliable in detecting known attacks with low false positive rates (Patcha and Park 2007), this signature has to be provided by some expert (Ahmed, Naser Mahmood, and Hu 2016), and can thus be cumbersome and less sufficient in case of new, unique or yet undocumented attacks (Wang and Jones 2017). Considering signature-based HIDS’s limitations, the more robust and suitable solution for the general purpose of defending against constantly evolving online attacks is anomaly-based HIDS. This type of IDS refers to the way this behaviour manifests itself. Once behaviour is sufficiently divergent from what would be expected behaviour from a regular user, it can be classified as anomalous. With this technique, malicious behaviour can be detected without the need for knowledge about this specific behaviour beforehand, like with fingerprinting. However, because of the higher false positive rates (Patcha and Park 2007), behaviour marked as divergent can only be viewed as evidence for this traffic being malicious. Anomalous behaviour cannot be regarded as conclusive proof of an attack (Ahmed, Naser Mahmood, and Hu 2016; Zuech, - 3 - Khoshgoftaar, and Wald 2015). 2.2 Anomaly detection Anomalies can be defined as patterns in data that are not in line with expected or normal behaviour (Chandola, Banerjee, and Kumar 2009). The detection of anomalies has been widely studied, both in general as well as specifically applied to intrusion detection. In the general sense, anomaly detection techniques can be related to anything from engine health monitoring (Hayton et al. 2007) to crowd control (Mahadevan et al. 2010). To understand the focus of previous work on different types of anomalies, it is vital to distinguish these prior to discussing any studies. Chandola et al. (2009) describe point anomalies, contextual anomalies and collective anomalies. Point anomalies can be defined as a single data point that differs with respect to the rest of the data, the most basic type of anomaly. Contextual anomalies are those data points that could be considered normal in a certain context, but anomalous when that context differs. For instance, consider a normal distribution S where µ is its mean at Xµ and a standard deviation σ at Xµ + Xσ. A data point with the value of µ should be considered normal around Xµ, but anomalous at Xµ + Xσ. Finally, collective anomalies refer to those sets of observations that would individually be considered non-anomalous, but are determined to be anomalous because of their order, duration or quantity (Chandola, Banerjee, and Kumar 2009). Some issues arise throughout cybersecurity-oriented anomaly detection studies. Ahmed et al. define some of these issues (Ahmed, Naser Mahmood, and Hu 2016). First of all, defining normal behaviour proves challenging. For example, once a user requests a webpage that does not exist and receives a 404 status code, this could be considered normal use for a human typing error. However, when such a request is made by a malicious bot performing a scan, this could be classified as anomalous because of the source, not because of the content. These requests might be equal content-wise, but only their intentions provide the information on which a classification could be reliably made. However, this information is rarely available or should be learned from context, making these kinds of request a type of collective anomaly, unseparable as point anomalies without external information. Additionally, even when a normal state has been defined to distinguish anomalies from, this might be subject to rapid change at all times. The dynamic nature of server implementations could result in activity originating from a newly installed application to be considered anomalous at first, but prove unharmful or even benificial after further inspection. These anomalies can only be eliminated after further context has been produced. Furthermore, a lack of labelled and reliable datasets results in studies not having as much of an impact as they claim. - 4 - 2.3 Data used in cybersecurity-oriented anomaly detection Defining distinctions between log data types commonly researched in log data-based anomaly detection studies will help zeroing in on methods particularly fit for the current problem. See figure 1 for a flowchart of different log data types and their methods of pre- processing for use in classification problems.
Load more

Recommended publications
  • Automatic Feature Learning Using Recurrent Neural Networks
    Predicting purchasing intent: Automatic Feature Learning using Recurrent Neural Networks Humphrey Sheil Omer Rana Ronan Reilly Cardiff University Cardiff University Maynooth University Cardiff, Wales Cardiff, Wales Maynooth, Ireland [email protected] [email protected] [email protected] ABSTRACT influence three out of four major variables that affect profit. Inaddi- We present a neural network for predicting purchasing intent in an tion, merchants increasingly rely on (and pay advertising to) much Ecommerce setting. Our main contribution is to address the signifi- larger third-party portals (for example eBay, Google, Bing, Taobao, cant investment in feature engineering that is usually associated Amazon) to achieve their distribution, so any direct measures the with state-of-the-art methods such as Gradient Boosted Machines. merchant group can use to increase their profit is sorely needed. We use trainable vector spaces to model varied, semi-structured input data comprising categoricals, quantities and unique instances. McKinsey A.T. Kearney Affected by Multi-layer recurrent neural networks capture both session-local shopping intent and dataset-global event dependencies and relationships for user Price management 11.1% 8.2% Yes sessions of any length. An exploration of model design decisions Variable cost 7.8% 5.1% Yes including parameter sharing and skip connections further increase Sales volume 3.3% 3.0% Yes model accuracy. Results on benchmark datasets deliver classifica- Fixed cost 2.3% 2.0% No tion accuracy within 98% of state-of-the-art on one and exceed state-of-the-art on the second without the need for any domain / Table 1: Effect of improving different variables on operating dataset-specific feature engineering on both short and long event profit, from [22].
    [Show full text]
  • Exploring the Potential of Sparse Coding for Machine Learning
    Portland State University PDXScholar Dissertations and Theses Dissertations and Theses 10-19-2020 Exploring the Potential of Sparse Coding for Machine Learning Sheng Yang Lundquist Portland State University Follow this and additional works at: https://pdxscholar.library.pdx.edu/open_access_etds Part of the Applied Mathematics Commons, and the Computer Sciences Commons Let us know how access to this document benefits ou.y Recommended Citation Lundquist, Sheng Yang, "Exploring the Potential of Sparse Coding for Machine Learning" (2020). Dissertations and Theses. Paper 5612. https://doi.org/10.15760/etd.7484 This Dissertation is brought to you for free and open access. It has been accepted for inclusion in Dissertations and Theses by an authorized administrator of PDXScholar. Please contact us if we can make this document more accessible: [email protected]. Exploring the Potential of Sparse Coding for Machine Learning by Sheng Y. Lundquist A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Dissertation Committee: Melanie Mitchell, Chair Feng Liu Bart Massey Garrett Kenyon Bruno Jedynak Portland State University 2020 © 2020 Sheng Y. Lundquist Abstract While deep learning has proven to be successful for various tasks in the field of computer vision, there are several limitations of deep-learning models when com- pared to human performance. Specifically, human vision is largely robust to noise and distortions, whereas deep learning performance tends to be brittle to modifi- cations of test images, including being susceptible to adversarial examples. Addi- tionally, deep-learning methods typically require very large collections of training examples for good performance on a task, whereas humans can learn to perform the same task with a much smaller number of training examples.
    [Show full text]
  • Text-To-Speech Synthesis
    Generative Model-Based Text-to-Speech Synthesis Heiga Zen (Google London) February rd, @MIT Outline Generative TTS Generative acoustic models for parametric TTS Hidden Markov models (HMMs) Neural networks Beyond parametric TTS Learned features WaveNet End-to-end Conclusion & future topics Outline Generative TTS Generative acoustic models for parametric TTS Hidden Markov models (HMMs) Neural networks Beyond parametric TTS Learned features WaveNet End-to-end Conclusion & future topics Text-to-speech as sequence-to-sequence mapping Automatic speech recognition (ASR) “Hello my name is Heiga Zen” ! Machine translation (MT) “Hello my name is Heiga Zen” “Ich heiße Heiga Zen” ! Text-to-speech synthesis (TTS) “Hello my name is Heiga Zen” ! Heiga Zen Generative Model-Based Text-to-Speech Synthesis February rd, of Speech production process text (concept) fundamental freq voiced/unvoiced char freq transfer frequency speech transfer characteristics magnitude start--end Sound source fundamental voiced: pulse frequency unvoiced: noise modulation of carrier wave by speech information air flow Heiga Zen Generative Model-Based Text-to-Speech Synthesis February rd, of Typical ow of TTS system TEXT Sentence segmentation Word segmentation Text normalization Text analysis Part-of-speech tagging Pronunciation Speech synthesis Prosody prediction discrete discrete Waveform generation ) NLP Frontend discrete continuous SYNTHESIZED ) SEECH Speech Backend Heiga Zen Generative Model-Based Text-to-Speech Synthesis February rd, of Rule-based, formant synthesis []
    [Show full text]
  • Unsupervised Speech Representation Learning Using Wavenet Autoencoders Jan Chorowski, Ron J
    1 Unsupervised speech representation learning using WaveNet autoencoders Jan Chorowski, Ron J. Weiss, Samy Bengio, Aaron¨ van den Oord Abstract—We consider the task of unsupervised extraction speaker gender and identity, from phonetic content, properties of meaningful latent representations of speech by applying which are consistent with internal representations learned autoencoding neural networks to speech waveforms. The goal by speech recognizers [13], [14]. Such representations are is to learn a representation able to capture high level semantic content from the signal, e.g. phoneme identities, while being desired in several tasks, such as low resource automatic speech invariant to confounding low level details in the signal such as recognition (ASR), where only a small amount of labeled the underlying pitch contour or background noise. Since the training data is available. In such scenario, limited amounts learned representation is tuned to contain only phonetic content, of data may be sufficient to learn an acoustic model on the we resort to using a high capacity WaveNet decoder to infer representation discovered without supervision, but insufficient information discarded by the encoder from previous samples. Moreover, the behavior of autoencoder models depends on the to learn the acoustic model and a data representation in a fully kind of constraint that is applied to the latent representation. supervised manner [15], [16]. We compare three variants: a simple dimensionality reduction We focus on representations learned with autoencoders bottleneck, a Gaussian Variational Autoencoder (VAE), and a applied to raw waveforms and spectrogram features and discrete Vector Quantized VAE (VQ-VAE). We analyze the quality investigate the quality of learned representations on LibriSpeech of learned representations in terms of speaker independence, the ability to predict phonetic content, and the ability to accurately re- [17].
    [Show full text]
  • Sparse Feature Learning for Deep Belief Networks
    Sparse Feature Learning for Deep Belief Networks Marc'Aurelio Ranzato1 Y-Lan Boureau2,1 Yann LeCun1 1 Courant Institute of Mathematical Sciences, New York University 2 INRIA Rocquencourt {ranzato,ylan,[email protected]} Abstract Unsupervised learning algorithms aim to discover the structure hidden in the data, and to learn representations that are more suitable as input to a supervised machine than the raw input. Many unsupervised methods are based on reconstructing the input from the representation, while constraining the representation to have cer- tain desirable properties (e.g. low dimension, sparsity, etc). Others are based on approximating density by stochastically reconstructing the input from the repre- sentation. We describe a novel and efficient algorithm to learn sparse represen- tations, and compare it theoretically and experimentally with a similar machine trained probabilistically, namely a Restricted Boltzmann Machine. We propose a simple criterion to compare and select different unsupervised machines based on the trade-off between the reconstruction error and the information content of the representation. We demonstrate this method by extracting features from a dataset of handwritten numerals, and from a dataset of natural image patches. We show that by stacking multiple levels of such machines and by training sequentially, high-order dependencies between the input observed variables can be captured. 1 Introduction One of the main purposes of unsupervised learning is to produce good representations for data, that can be used for detection, recognition, prediction, or visualization. Good representations eliminate irrelevant variabilities of the input data, while preserving the information that is useful for the ul- timate task. One cause for the recent resurgence of interest in unsupervised learning is the ability to produce deep feature hierarchies by stacking unsupervised modules on top of each other, as pro- posed by Hinton et al.
    [Show full text]
  • Comparison of Feature Learning Methods for Human Activity Recognition Using Wearable Sensors
    sensors Article Comparison of Feature Learning Methods for Human Activity Recognition Using Wearable Sensors Frédéric Li 1,*, Kimiaki Shirahama 1 ID , Muhammad Adeel Nisar 1, Lukas Köping 1 and Marcin Grzegorzek 1,2 1 Research Group for Pattern Recognition, University of Siegen, Hölderlinstr 3, 57076 Siegen, Germany; [email protected] (K.S.); [email protected] (M.A.N.); [email protected] (L.K.); [email protected] (M.G.) 2 Department of Knowledge Engineering, University of Economics in Katowice, Bogucicka 3, 40-226 Katowice, Poland * Correspondence: [email protected]; Tel.: +49-271-740-3973 Received: 16 January 2018; Accepted: 22 February 2018; Published: 24 February 2018 Abstract: Getting a good feature representation of data is paramount for Human Activity Recognition (HAR) using wearable sensors. An increasing number of feature learning approaches—in particular deep-learning based—have been proposed to extract an effective feature representation by analyzing large amounts of data. However, getting an objective interpretation of their performances faces two problems: the lack of a baseline evaluation setup, which makes a strict comparison between them impossible, and the insufficiency of implementation details, which can hinder their use. In this paper, we attempt to address both issues: we firstly propose an evaluation framework allowing a rigorous comparison of features extracted by different methods, and use it to carry out extensive experiments with state-of-the-art feature learning approaches. We then provide all the codes and implementation details to make both the reproduction of the results reported in this paper and the re-use of our framework easier for other researchers.
    [Show full text]
  • Convex Multi-Task Feature Learning
    Convex Multi-Task Feature Learning Andreas Argyriou1, Theodoros Evgeniou2, and Massimiliano Pontil1 1 Department of Computer Science University College London Gower Street London WC1E 6BT UK [email protected] [email protected] 2 Technology Management and Decision Sciences INSEAD 77300 Fontainebleau France [email protected] Summary. We present a method for learning sparse representations shared across multiple tasks. This method is a generalization of the well-known single- task 1-norm regularization. It is based on a novel non-convex regularizer which controls the number of learned features common across the tasks. We prove that the method is equivalent to solving a convex optimization problem for which there is an iterative algorithm which converges to an optimal solution. The algorithm has a simple interpretation: it alternately performs a super- vised and an unsupervised step, where in the former step it learns task-speci¯c functions and in the latter step it learns common-across-tasks sparse repre- sentations for these functions. We also provide an extension of the algorithm which learns sparse nonlinear representations using kernels. We report exper- iments on simulated and real data sets which demonstrate that the proposed method can both improve the performance relative to learning each task in- dependently and lead to a few learned features common across related tasks. Our algorithm can also be used, as a special case, to simply select { not learn { a few common variables across the tasks3. Key words: Collaborative Filtering, Inductive Transfer, Kernels, Multi- Task Learning, Regularization, Transfer Learning, Vector-Valued Func- tions.
    [Show full text]
  • Visual Word2vec (Vis-W2v): Learning Visually Grounded Word Embeddings Using Abstract Scenes
    Visual Word2Vec (vis-w2v): Learning Visually Grounded Word Embeddings Using Abstract Scenes Satwik Kottur1∗ Ramakrishna Vedantam2∗ Jose´ M. F. Moura1 Devi Parikh2 1Carnegie Mellon University 2Virginia Tech 1 2 [email protected],[email protected] {vrama91,parikh}@vt.edu Abstract w2v : farther We propose a model to learn visually grounded word em- eats beddings (vis-w2v) to capture visual notions of semantic stares at relatedness. While word embeddings trained using text have vis-w2v : closer been extremely successful, they cannot uncover notions of eats semantic relatedness implicit in our visual world. For in- stance, although “eats” and “stares at” seem unrelated in stares at text, they share semantics visually. When people are eating Word Embedding something, they also tend to stare at the food. Grounding diverse relations like “eats” and “stares at” into vision re- mains challenging, despite recent progress in vision. We girl girl note that the visual grounding of words depends on seman- eats stares at tics, and not the literal pixels. We thus use abstract scenes ice cream ice cream created from clipart to provide the visual grounding. We find that the embeddings we learn capture fine-grained, vi- sually grounded notions of semantic relatedness. We show Figure 1: We ground text-based word2vec (w2v) embed- improvements over text-only word embeddings (word2vec) dings into vision to capture a complimentary notion of vi- on three tasks: common-sense assertion classification, vi- sual relatedness. Our method (vis-w2v) learns to predict sual paraphrasing and text-based image retrieval. Our code the visual grounding as context for a given word.
    [Show full text]
  • Deep Learning with a Recurrent Network Structure in the Sequence Modeling of Imbalanced Data for ECG-Rhythm Classifier
    algorithms Article Deep Learning with a Recurrent Network Structure in the Sequence Modeling of Imbalanced Data for ECG-Rhythm Classifier Annisa Darmawahyuni 1, Siti Nurmaini 1,* , Sukemi 2, Wahyu Caesarendra 3,4 , Vicko Bhayyu 1, M Naufal Rachmatullah 1 and Firdaus 1 1 Intelligent System Research Group, Universitas Sriwijaya, Palembang 30137, Indonesia; [email protected] (A.D.); [email protected] (V.B.); [email protected] (M.N.R.); [email protected] (F.) 2 Faculty of Computer Science, Universitas Sriwijaya, Palembang 30137, Indonesia; [email protected] 3 Faculty of Integrated Technologies, Universiti Brunei Darussalam, Jalan Tungku Link, Gadong, BE 1410, Brunei; [email protected] 4 Mechanical Engineering Department, Faculty of Engineering, Diponegoro University, Jl. Prof. Soedharto SH, Tembalang, Semarang 50275, Indonesia * Correspondence: [email protected]; Tel.: +62-852-6804-8092 Received: 10 May 2019; Accepted: 3 June 2019; Published: 7 June 2019 Abstract: The interpretation of Myocardial Infarction (MI) via electrocardiogram (ECG) signal is a challenging task. ECG signals’ morphological view show significant variation in different patients under different physical conditions. Several learning algorithms have been studied to interpret MI. However, the drawback of machine learning is the use of heuristic features with shallow feature learning architectures. To overcome this problem, a deep learning approach is used for learning features automatically, without conventional handcrafted features. This paper presents sequence modeling based on deep learning with recurrent network for ECG-rhythm signal classification. The recurrent network architecture such as a Recurrent Neural Network (RNN) is proposed to automatically interpret MI via ECG signal. The performance of the proposed method is compared to the other recurrent network classifiers such as Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU).
    [Show full text]
  • Deep Graphical Feature Learning for the Feature Matching Problem
    Deep Graphical Feature Learning for the Feature Matching Problem Zhen Zhang∗ Wee Sun Lee Australian Institute for Machine Learning Department of Computer Science School of Computer Science National University of Singapore The University of Adelaide [email protected] [email protected] Feature Point Coordinate Local Abstract Geometric Feature The feature matching problem is a fundamental problem in various areas of computer vision including image regis- Geometric Feature Net Feature tration, tracking and motion analysis. Rich local represen- Similarity tation is a key part of efficient feature matching methods. However, when the local features are limited to the coor- dinate of key points, it becomes challenging to extract rich Local Feature Point Geometric local representations. Traditional approaches use pairwise Coordinate Feature or higher order handcrafted geometric features to get ro- Figure 1: The graph neural netowrk transforms the coordinates bust matching; this requires solving NP-hard assignment into features of the points, so that a simple inference algorithm problems. In this paper, we address this problem by propos- can successfully do feature matching. ing a graph neural network model to transform coordi- nates of feature points into local features. With our local ference problem in geometric feature matching, previous features, the traditional NP-hard assignment problems are works mainly focus on developing efficient relaxation meth- replaced with a simple assignment problem which can be ods [28, 13, 12, 4, 31, 14, 15, 26, 30, 25, 29]. solved efficiently. Promising results on both synthetic and In this paper, we attack the geometric feature match- real datasets demonstrate the effectiveness of the proposed ing problem from a different direction.
    [Show full text]
  • Unsupervised, Backpropagation-Free Convolutional Neural Networks for Representation Learning
    CSNNs: Unsupervised, Backpropagation-free Convolutional Neural Networks for Representation Learning Bonifaz Stuhr Jurgen¨ Brauer University of Applied Sciences Kempten University of Applied Sciences Kempten [email protected] [email protected] Abstract—This work combines Convolutional Neural Networks (CNNs), clustering via Self-Organizing Maps (SOMs) and Heb- Learner Problem bian Learning to propose the building blocks of Convolutional Feedback Value Self-Organizing Neural Networks (CSNNs), which learn repre- sentations in an unsupervised and Backpropagation-free manner. Fig. 1. The Scalar Bow Tie Problem: With this term we describe the current Our approach replaces the learning of traditional convolutional problematic situation in Deep Learning in which most training approaches for layers from CNNs with the competitive learning procedure of neural networks and agents depend only on a single scalar loss or feedback SOMs and simultaneously learns local masks between those value. This single value is used to subsume the performance of an entire layers with separate Hebbian-like learning rules to overcome the neural network or agent even for very complex problems. problem of disentangling factors of variation when filters are learned through clustering. We investigate the learned represen- tation by designing two simple models with our building blocks, parameters. In contrast, humans use multiple feedback types to achieving comparable performance to many methods which use Backpropagation, while we reach comparable performance learn, e.g., when they learn representations of objects, different on Cifar10 and give baseline performances on Cifar100, Tiny sensor modalities are used. With the Scalar Bow Tie Problem ImageNet and a small subset of ImageNet for Backpropagation- we refer to the current situation for training neural networks free methods.
    [Show full text]
  • Sparse Estimation and Dictionary Learning (For Biostatistics?)
    Sparse Estimation and Dictionary Learning (for Biostatistics?) Julien Mairal Biostatistics Seminar, UC Berkeley Julien Mairal Sparse Estimation and Dictionary Learning Methods 1/69 What this talk is about? Why sparsity, what for and how? Feature learning / clustering / sparse PCA; Machine learning: selecting relevant features; Signal and image processing: restoration, reconstruction; Biostatistics: you tell me. Julien Mairal Sparse Estimation and Dictionary Learning Methods 2/69 Part I: Sparse Estimation Julien Mairal Sparse Estimation and Dictionary Learning Methods 3/69 Sparse Linear Model: Machine Learning Point of View i i n i Rp Let (y , x )i=1 be a training set, where the vectors x are in and are called features. The scalars y i are in 1, +1 for binary classification problems. {− } R for regression problems. We assume there is a relation y w⊤x, and solve ≈ n 1 min ℓ(y i , w⊤xi ) + λψ(w) . w∈Rp n Xi=1 regularization empirical risk | {z } | {z } Julien Mairal Sparse Estimation and Dictionary Learning Methods 4/69 Sparse Linear Models: Machine Learning Point of View A few examples: n 1 1 i ⊤ i 2 2 Ridge regression: min (y w x ) + λ w 2. w∈Rp n 2 − k k Xi=1 n 1 i ⊤ i 2 Linear SVM: min max(0, 1 y w x ) + λ w 2. w∈Rp n − k k Xi=1 n 1 i i −y w⊤x 2 Logistic regression: min log 1+ e + λ w 2. w∈Rp n k k Xi=1 Julien Mairal Sparse Estimation and Dictionary Learning Methods 5/69 Sparse Linear Models: Machine Learning Point of View A few examples: n 1 1 i ⊤ i 2 2 Ridge regression: min (y w x ) + λ w 2.
    [Show full text]