Statistical Machine Learning (ML) has been proved to be an invaluable tool in many areas including privacy and security. On the other hand, recent advances in the field of Symbolic Learning have included novel scalable algorithms that learn highly accurate classifiers encoded as logic programs. In this paper we advocate adding Symbolic Learning to the security and privacy ML toolset. Through an example in anomaly detection, we present a framework for developing systems capable of performing symbolic-based ...
Statistical Machine Learning (ML) has been proved to be an invaluable tool in many areas including privacy and security. On the other hand, recent advances in the field of Symbolic Learning have included novel scalable algorithms that learn highly accurate classifiers encoded as logic programs. In this paper we advocate adding Symbolic Learning to the security and privacy ML toolset. Through an example in anomaly detection, we present a framework for developing systems capable of performing symbolic-based learning of security policies. Our framework, called Online Learning of Anomaly detection Policies from Historical data (OLAPH), uses a symbolic learning system and a domain-specific function for scoring candidate rules to guide the learning process towards the best policies for anomaly detection. The learned policies are fully explainable since the underlying symbolic learning system is inherently explainable: there is a one-to-one mapping between the learned symbolic rules and the anomaly detection policies. The online feature of OLAPH uses a notion of policy confidence to decide when to relearn the policy and what data to relearn the policy from. OLAPH has been evaluated on a dataset of network requests from a commercial security provider, and shown to have a strong anomaly detection performance in addition to the usability and explainability benefits induced by its symbolic learning approach.
+