-
Mining Temporal Attack Patterns from Cyberthreat Intelligence Reports
Authors:
Md Rayhanur Rahman,
Brandon Wroblewski,
Quinn Matthews,
Brantley Morgan,
Tim Menzies,
Laurie Williams
Abstract:
Defending from cyberattacks requires practitioners to operate on high-level adversary behavior. Cyberthreat intelligence (CTI) reports on past cyberattack incidents describe the chain of malicious actions with respect to time. To avoid repeating cyberattack incidents, practitioners must proactively identify and defend against recurring chain of actions - which we refer to as temporal attack patter…
▽ More
Defending from cyberattacks requires practitioners to operate on high-level adversary behavior. Cyberthreat intelligence (CTI) reports on past cyberattack incidents describe the chain of malicious actions with respect to time. To avoid repeating cyberattack incidents, practitioners must proactively identify and defend against recurring chain of actions - which we refer to as temporal attack patterns. Automatically mining the patterns among actions provides structured and actionable information on the adversary behavior of past cyberattacks. The goal of this paper is to aid security practitioners in prioritizing and proactive defense against cyberattacks by mining temporal attack patterns from cyberthreat intelligence reports. To this end, we propose ChronoCTI, an automated pipeline for mining temporal attack patterns from cyberthreat intelligence (CTI) reports of past cyberattacks. To construct ChronoCTI, we build the ground truth dataset of temporal attack patterns and apply state-of-the-art large language models, natural language processing, and machine learning techniques. We apply ChronoCTI on a set of 713 CTI reports, where we identify 124 temporal attack patterns - which we categorize into nine pattern categories. We identify that the most prevalent pattern category is to trick victim users into executing malicious code to initiate the attack, followed by bypassing the anti-malware system in the victim network. Based on the observed patterns, we advocate organizations to train users about cybersecurity best practices, introduce immutable operating systems with limited functionalities, and enforce multi-user authentications. Moreover, we advocate practitioners to leverage the automated mining capability of ChronoCTI and design countermeasures against the recurring attack patterns.
△ Less
Submitted 3 January, 2024;
originally announced January 2024.
-
Edge coloring of products of signed graphs
Authors:
Robert Janczewski,
Krzysztof Turowski,
Bartłomiej Wróblewski
Abstract:
In 2020, Behr defined the problem of edge coloring of signed graphs and showed that every signed graph $(G, σ)$ can be colored using exactly $Δ(G)$ or $Δ(G) + 1$ colors, where $Δ(G)$ is the maximum degree in graph $G$.
In this paper, we focus on products of signed graphs. We recall the definitions of the Cartesian, tensor, strong, and corona products of signed graphs and prove results for them.…
▽ More
In 2020, Behr defined the problem of edge coloring of signed graphs and showed that every signed graph $(G, σ)$ can be colored using exactly $Δ(G)$ or $Δ(G) + 1$ colors, where $Δ(G)$ is the maximum degree in graph $G$.
In this paper, we focus on products of signed graphs. We recall the definitions of the Cartesian, tensor, strong, and corona products of signed graphs and prove results for them. In particular, we show that $(1)$ the Cartesian product of $Δ$-edge-colorable signed graphs is $Δ$-edge-colorable, $(2)$ the tensor product of a $Δ$-edge-colorable signed graph and a signed tree requires only $Δ$ colors and $(3)$ the corona product of almost any two signed graphs is $Δ$-edge-colorable. We also prove some results related to the coloring of products of signed paths and cycles.
△ Less
Submitted 14 June, 2024; v1 submitted 5 December, 2023;
originally announced December 2023.
-
Tune As You Scale: Hyperparameter Optimization For Compute Efficient Training
Authors:
Abraham J. Fetterman,
Ellie Kitanidis,
Joshua Albrecht,
Zachary Polizzi,
Bryden Fogelman,
Maksis Knutins,
Bartosz Wróblewski,
James B. Simon,
Kanjun Qiu
Abstract:
Hyperparameter tuning of deep learning models can lead to order-of-magnitude performance gains for the same amount of compute. Despite this, systematic tuning is uncommon, particularly for large models, which are expensive to evaluate and tend to have many hyperparameters, necessitating difficult judgment calls about tradeoffs, budgets, and search bounds. To address these issues and propose a prac…
▽ More
Hyperparameter tuning of deep learning models can lead to order-of-magnitude performance gains for the same amount of compute. Despite this, systematic tuning is uncommon, particularly for large models, which are expensive to evaluate and tend to have many hyperparameters, necessitating difficult judgment calls about tradeoffs, budgets, and search bounds. To address these issues and propose a practical method for robustly tuning large models, we present Cost-Aware Pareto Region Bayesian Search (CARBS), a Bayesian optimization algorithm that performs local search around the performance-cost Pareto frontier. CARBS does well even in unbounded search spaces with many hyperparameters, learns scaling relationships so that it can tune models even as they are scaled up, and automates much of the "black magic" of tuning. Among our results, we effectively solve the entire ProcGen benchmark just by tuning a simple baseline (PPO, as provided in the original ProcGen paper). We also reproduce the model size vs. training tokens scaling result from the Chinchilla project (Hoffmann et al. 2022), while simultaneously discovering scaling laws for every other hyperparameter, via an easy automated process that uses significantly less compute and is applicable to any deep learning problem (not just language models).
△ Less
Submitted 13 June, 2023;
originally announced June 2023.
-
Avalon: A Benchmark for RL Generalization Using Procedurally Generated Worlds
Authors:
Joshua Albrecht,
Abraham J. Fetterman,
Bryden Fogelman,
Ellie Kitanidis,
Bartosz Wróblewski,
Nicole Seo,
Michael Rosenthal,
Maksis Knutins,
Zachary Polizzi,
James B. Simon,
Kanjun Qiu
Abstract:
Despite impressive successes, deep reinforcement learning (RL) systems still fall short of human performance on generalization to new tasks and environments that differ from their training. As a benchmark tailored for studying RL generalization, we introduce Avalon, a set of tasks in which embodied agents in highly diverse procedural 3D worlds must survive by navigating terrain, hunting or gatheri…
▽ More
Despite impressive successes, deep reinforcement learning (RL) systems still fall short of human performance on generalization to new tasks and environments that differ from their training. As a benchmark tailored for studying RL generalization, we introduce Avalon, a set of tasks in which embodied agents in highly diverse procedural 3D worlds must survive by navigating terrain, hunting or gathering food, and avoiding hazards. Avalon is unique among existing RL benchmarks in that the reward function, world dynamics, and action space are the same for every task, with tasks differentiated solely by altering the environment; its 20 tasks, ranging in complexity from eat and throw to hunt and navigate, each create worlds in which the agent must perform specific skills in order to survive. This setup enables investigations of generalization within tasks, between tasks, and to compositional tasks that require combining skills learned from previous tasks. Avalon includes a highly efficient simulator, a library of baselines, and a benchmark with scoring metrics evaluated against hundreds of hours of human performance, all of which are open-source and publicly available. We find that standard RL baselines make progress on most tasks but are still far from human performance, suggesting Avalon is challenging enough to advance the quest for generalizable RL.
△ Less
Submitted 24 October, 2022;
originally announced October 2022.
-
Edge coloring of graphs of signed class 1 and 2
Authors:
Robert Janczewski,
Krzysztof Turowski,
Bartłomiej Wróblewski
Abstract:
Recently, Behr introduced a notion of the chromatic index of signed graphs and proved that for every signed graph $(G$, $σ)$ it holds that \[
Δ(G)\leqχ'(G\text{, }σ)\leqΔ(G)+1\text{,} \] where $Δ(G)$ is the maximum degree of $G$ and $χ'$ denotes its chromatic index.
In general, the chromatic index of $(G$, $σ)$ depends on both the underlying graph $G$ and the signature $σ$. In the paper we stu…
▽ More
Recently, Behr introduced a notion of the chromatic index of signed graphs and proved that for every signed graph $(G$, $σ)$ it holds that \[
Δ(G)\leqχ'(G\text{, }σ)\leqΔ(G)+1\text{,} \] where $Δ(G)$ is the maximum degree of $G$ and $χ'$ denotes its chromatic index.
In general, the chromatic index of $(G$, $σ)$ depends on both the underlying graph $G$ and the signature $σ$. In the paper we study graphs $G$ for which $χ'(G$, $σ)$ does not depend on $σ$. To this aim we introduce two new classes of graphs, namely $1^\pm$ and $2^\pm$, such that graph $G$ is of class $1^\pm$ (respectively, $2^\pm$) if and only if $χ'(G$, $σ)=Δ(G)$ (respectively, $χ'(G$, $σ)=Δ(G)+1$) for all possible signatures $σ$. We prove that all wheels, necklaces, complete bipartite graphs $K_{r,t}$ with $r\neq t$ and almost all cacti graphs are of class $1^\pm$. Moreover, we give sufficient and necessary conditions for a graph to be of class $2^\pm$, i.e. we show that these graphs must have odd maximum degree and give examples of such graphs with arbitrary odd maximum degree bigger that $1$.
△ Less
Submitted 23 July, 2023; v1 submitted 30 May, 2022;
originally announced May 2022.
-
Closer Look at the Uncertainty Estimation in Semantic Segmentation under Distributional Shift
Authors:
Sebastian Cygert,
Bartłomiej Wróblewski,
Karol Woźniak,
Radosław Słowiński,
Andrzej Czyżewski
Abstract:
While recent computer vision algorithms achieve impressive performance on many benchmarks, they lack robustness - presented with an image from a different distribution, (e.g. weather or lighting conditions not considered during training), they may produce an erroneous prediction. Therefore, it is desired that such a model will be able to reliably predict its confidence measure. In this work, uncer…
▽ More
While recent computer vision algorithms achieve impressive performance on many benchmarks, they lack robustness - presented with an image from a different distribution, (e.g. weather or lighting conditions not considered during training), they may produce an erroneous prediction. Therefore, it is desired that such a model will be able to reliably predict its confidence measure. In this work, uncertainty estimation for the task of semantic segmentation is evaluated under a varying level of domain shift: in a cross-dataset setting and when adapting a model trained on data from the simulation. It was shown that simple color transformations already provide a strong baseline, comparable to using more sophisticated style-transfer data augmentation. Further, by constructing an ensemble consisting of models using different backbones and/or augmentation methods, it was possible to improve significantly model performance in terms of overall accuracy and uncertainty estimation under the domain shift setting. The Expected Calibration Error (ECE) on challenging GTA to Cityscapes adaptation was reduced from 4.05 to the competitive value of 1.1. Further, an ensemble of models was utilized in the self-training setting to improve the pseudo-labels generation, which resulted in a significant gain in the final model accuracy, compared to the standard fine-tuning (without ensemble).
△ Less
Submitted 27 September, 2021; v1 submitted 31 May, 2021;
originally announced June 2021.
-
Efficient fully dynamic elimination forests with applications to detecting long paths and cycles
Authors:
Jiehua Chen,
Wojciech Czerwiński,
Yann Disser,
Andreas Emil Feldmann,
Danny Hermelin,
Wojciech Nadara,
Michał Pilipczuk,
Marcin Pilipczuk,
Manuel Sorge,
Bartłomiej Wróblewski,
Anna Zych-Pawlewicz
Abstract:
We present a data structure that in a dynamic graph of treedepth at most $d$, which is modified over time by edge insertions and deletions, maintains an optimum-height elimination forest. The data structure achieves worst-case update time $2^{{\cal O}(d^2)}$, which matches the best known parameter dependency in the running time of a static fpt algorithm for computing the treedepth of a graph. This…
▽ More
We present a data structure that in a dynamic graph of treedepth at most $d$, which is modified over time by edge insertions and deletions, maintains an optimum-height elimination forest. The data structure achieves worst-case update time $2^{{\cal O}(d^2)}$, which matches the best known parameter dependency in the running time of a static fpt algorithm for computing the treedepth of a graph. This improves a result of Dvořák et al. [ESA 2014], who for the same problem achieved update time $f(d)$ for some non-elementary (i.e. tower-exponential) function $f$. As a by-product, we improve known upper bounds on the sizes of minimal obstructions for having treedepth $d$ from doubly-exponential in $d$ to $d^{{\cal O}(d)}$.
As applications, we design new fully dynamic parameterized data structures for detecting long paths and cycles in general graphs. More precisely, for a fixed parameter $k$ and a dynamic graph $G$, modified over time by edge insertions and deletions, our data structures maintain answers to the following queries:
- Does $G$ contain a simple path on $k$ vertices?
- Does $G$ contain a simple cycle on at least $k$ vertices?
In the first case, the data structure achieves amortized update time $2^{{\cal O}(k^2)}$. In the second case, the amortized update time is $2^{{\cal O}(k^4)} + {\cal O}(k \log n)$. In both cases we assume access to a dictionary on the edges of $G$.
△ Less
Submitted 19 July, 2020; v1 submitted 31 May, 2020;
originally announced June 2020.
