feature extraction
play

Feature Extraction Tales from the missing manual Who Am I? Ted - PowerPoint PPT Presentation

Feb 20, 2023 •20 likes •640 views

Feature Extraction Tales from the missing manual Who Am I? Ted Dunning Apache Board Member (but not for this talk) Early Drill Contributor, mentor to many projects tdunning@apache.org CTO @ MapR, HPE (how I got to talk to these users)

  1. Feature Extraction Tales from the missing manual

  2. Who Am I? Ted Dunning Apache Board Member (but not for this talk) Early Drill Contributor, mentor to many projects tdunning@apache.org CTO @ MapR, HPE (how I got to talk to these users) tdunning@mapr.com Enthused techie ted.dunning@gmail.com @ted_dunning

  3. Summary (in advance) Accumulate data exhaust if possible Accumulate features from history Convert continuous values into symbols using distributions Combine symbols with other symbols Convert symbols to continuous values via frequency or rank or Luduan bags Find cooccurrence with objective outcomes Bag tainted objects together weighted by total frequency Convert symbolic values back to continuous values by accumulating taints

  5. A True-life Data Story

  7. These data are from one ship on one day What if we had data from thousands of ships on tens of thousands of days? Kept in log books, like this, it would be nearly useless

  8. 19th Century Big Data

  9. 19th Century Big Data

  10. 19th Century Big Data

  11. 19th Century Big Data

  12. 19th Century Big Data These data are from one place over a long period of time This chart lets captains understand weather and currents And that lets them go new places with higher confidence

  13. Same data, different perspective, massive impact

  14. But it isn't just prettier

  16. A Fake Data Story

  17. Perspective Can Be Key Given: 100 real-valued features on colored dots Desired: A model to predict colors for new dots based on the features Evil assumption (for discussion): No privileged frame of reference (commonly done in physics)

  18. These data points appear jumbled But this is largely due to our perspective

  19. Taking just the first two coordinates, we see more order But there is more to be had

  20. Combining multiple coordinates completely separates the colors How can we know to do this just based on the data?

  21. Feature extraction is how we encode domain expertise

  23. A Story of Fake Data (that eventually turned into real data)

  24. Background Let's simulate a data skimming attack Transactions at a particular vendor increase subsequent rate of fraud Background rate of fraud is high Fraud does not occur at increased rate at skimming locations We want to find the skimming locations

  25. More Details Data is generated using a behavioral model for consumers Transactions generated with various vendors at randomized times Transactions are marked as fraud randomly at a baseline rate Transacting with a skimmer increases fraud rate for a consumer to increase for some period of time

  26. Modeling Approach For all transactions If fraud, increment fraud counter for all merchants in 30 day history If non-fraud, increment non-fraud counter for all merchants in 30 day history For all vendors Form contingency table, compute G-score

  27. Example 2 - Common Point of Compromise Card data is stolen That data is used from Merchant 0 in frauds at other merchants

  28. Simulation Setup

  30. What about real data from real bad guys?

  31. Really truly bad guys

  32. We can use cooccurrence to find bad actors Cooccurrence also finds "indicators" to be combined as features

  34. A True Story

  35. Background Credit card company wants to find payment kiting where a bill is paid, credit balance is cleared, and then the payment bounces We have: 3 years of transaction histories + payment history + payment final status We want: A model that can predict whether a payment will bounce

  36. More Details A charge transaction includes: Date, time, account #, charge amount, vendor id, industry code, location code Account data includes: Name, address, account number, account age, account type Payment transaction includes: Date, time, account #, type (payment, update), amount, flags Non-monetary transaction includes: Date, time, account #, type, flags, notes

  37. Modeling Approach Split data into first two years (training), last year (test) For each payment, collect previous 90 days of transactions, ultimate status Standard transaction features: Number of transactions, amount of transactions, average transaction amount, recent bad payment, time since last transaction, overdue balance Special features: Flagged vendor score, flagged vendor amount score

  38. Standard Features For many features, we simply take the history of each account and accumulate features or reference values Thus "current transaction / average transaction" Or "distance to previous transaction location / time since previous transaction" Some of these historical features could be learned if we gave the history to a magical learning algorithm But suggesting these features is better when training data costs time and money

  39. Special Features We can also accumulate characteristics of vendors In fact, our data is commonly composed of actions with a subject, verb and object The subjects are typically consumers and we focus on them But the objects are worth paying attention to as well We can analyze the history of objects to generate associated features Frequency Distributions Cooccurrence taints

  40. Symbol Frequency as a Feature Consider an image that is part of your web page What domains reference these images? (mostly yours, of course) Any time you see a rare (aka new) domain, it is a thing We don't know what kind of thing, but it is a thing

  41. Tainted Symbol History as a Feature We can mark those objects based on their presence in histories with other events AKA cooccurrence with fraud | charge-off | machine failure | ad-click Now we can accumulate a measure of how many such tainted objects are in a user history Which cars are involved in accidents? Which browser versions are used by fraudsters? Which OS versions of software crashes?

  42. Key Winning Feature For this model, the feature that was worth over $5 million to the customer was formed as a combination of distribution and cooccurrence Start with a composite symbol <merchant-id> / <location-code> / <transaction-size-decile> Find symbols associated with kiting behavior using cooccurrence These identified likely money laundering paths Combined with young accounts, payment channel => over 90% catch rate

  43. Combine techniques to find killer features

  44. Combine techniques to find killer features Killer features are the ones your competitors aren't using (yet)

  46. Door Knockers

  47. Background You have a security system that is looking for attackers It finds naive attempts at intrusion But the attackers are using automated techniques to morph their attacks They will evade your detector eventually How can you stop them?

  48. Modeling Approach Failed attacks can be used as a taint on Source IP User identities User agent Browser versions Header signatures If you can do cooccurrence in real-time you can build fast adapting features The fast adaptation of the attacker becomes a weakness rather than a strength

  49. High attack activity provides good surrogate target variables

  51. Data Exhaust

  52. Background Everybody knows that it is important to turn off any logging on secondary images and scripts The resulting data would be "too expensive" to store and analyze

  53. This was true in 2004

  54. Spot the Important Difference? Attacker request Real request

  55. Spot the Important Difference? Attacker request Real request

  56. Why are Experts Necessary You could probably learn a whiz-bang LSTM neural network model for headers That model might be surprised by change in order It would *definitely* detect too few headers or lower case headers But it would take a lot of effort, tuning and expertise to build And your security dweeb will spot 15 things to look for in 10 minutes You pick (I pick both)

  57. Collecting data exhaust turns the tables on attackers

  59. Summary Accumulate data exhaust if possible Accumulate features from history Convert continuous values into symbols using distributions Combine symbols with other symbols Convert symbols to continuous values via frequency or rank or Luduan bags Find cooccurrence with objective outcomes Bag tainted objects together weighted by total frequency Convert symbolic values back to continuous values by accumulating taints

  60. The Story isn't Over Let's work together on examples of this: github.com/tdunning/feature-extraction Several feature extraction techniques are already there, more are coming You can help! For data generation, see also github.com/tdunning/log-synth

  61. Who Am I? Ted Dunning Apache Board Member (but not for this talk) Early Drill Contributor tdunning@apache.org CTO @ MapR, HPE (how I got to talk to these users) tdunning@mapr.com Enthused techie ted.dunning@gmail.com @ted_dunning

  62. Book signing HPE booth at 3:30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

3. Feature Extraction 3.1 Feature Extraction from Speech or other types of audio like music

3. Feature Extraction 3.1 Feature Extraction from Speech or other types of audio like music

3. Feature Extraction 3.1 Feature Extraction from Speech or other types of audio like music See Schukat-Talamazzini Chapter 3 2 Goal of Feature Extraction Capture essential information about speech Be robust against background

741 views • 55 slides
Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2007 - Feature Extraction What are features? Features are inherent properties of data, independent of coordinate frames etc. Dimension of a feature: 0: point feature (often defined by n

840 views • 30 slides
Feature Extraction 7-1 Ronald Peikert SciVis 2008 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2008 - Feature Extraction What are features?

Feature Extraction 7-1 Ronald Peikert SciVis 2008 - Feature Extraction What are features? Features are inherent properties of data, independent of coordinate frames etc. Dimension of a feature: 0: point feature (often defined by n

322 views • 30 slides
Automated Feature Extraction Automated Feature Extraction for Object Recognition for Object

Automated Feature Extraction Automated Feature Extraction for Object Recognition for Object

Automated Feature Extraction Automated Feature Extraction for Object Recognition for Object Recognition I.Levner and V.Bulitko http://ircl.cs.ualberta.ca Outline Outline Motivation System Overview Feature Extraction Problem

601 views • 15 slides
AB Feature Extraction Experiments Discussion Noise Robust LVCSR Feature Extraction Based on

AB Feature Extraction Experiments Discussion Noise Robust LVCSR Feature Extraction Based on

Introduction AB Feature Extraction Experiments Discussion Noise Robust LVCSR Feature Extraction Based on the Stabilized Weighted Linear Prediction HUT-TUT Fall DSP Seminar 2008 Heikki Kallasjoki Adaptive Informatics Research Centre

316 views • 18 slides
Outline Reducing Dimensionality Feature Selection 1 Steven J Zeil Feature Extraction 2

Outline Reducing Dimensionality Feature Selection 1 Steven J Zeil Feature Extraction 2

Feature Selection Feature Extraction Feature Selection Feature Extraction Outline Reducing Dimensionality Feature Selection 1 Steven J Zeil Feature Extraction 2 Principal Components Analysis (PCA) Old Dominion Univ. Factor Analysis (FA)

602 views • 6 slides
Object based feature extraction of Google based feature extraction of Google Object Earth

Object based feature extraction of Google based feature extraction of Google Object Earth

International Electronic Conference on Sensors and Applications 1 16 June 2014 Object based feature extraction of Google based feature extraction of Google Object Earth i imagery for mapping termite mounds in magery for mapping termite

279 views • 9 slides
Reducing Dimensionality Steven J Zeil Old Dominion Univ. Fall 2010 1 Feature Selection

Reducing Dimensionality Steven J Zeil Old Dominion Univ. Fall 2010 1 Feature Selection

Feature Selection Feature Extraction Reducing Dimensionality Steven J Zeil Old Dominion Univ. Fall 2010 1 Feature Selection Feature Extraction Outline Feature Selection 1 Feature Extraction 2 Principal Components Analysis (PCA) Factor

479 views • 36 slides
Feature Extraction Aleix M. Martinez aleix@ece.osu.edu Continuous Feature Space Let us now

Feature Extraction Aleix M. Martinez aleix@ece.osu.edu Continuous Feature Space Let us now

Machine Learning &amp; Pattern Recognition Feature Extraction Aleix M. Martinez aleix@ece.osu.edu Continuous Feature Space Let us now look at the case where we represent the data in a feature space of p dimensions in the real

510 views • 3 slides
Introduction to Mobile Robotics Basics of LSQ Estimation, Geometric Feature Extraction Wolfram

Introduction to Mobile Robotics Basics of LSQ Estimation, Geometric Feature Extraction Wolfram

Introduction to Mobile Robotics Basics of LSQ Estimation, Geometric Feature Extraction Wolfram Burgard, Cyrill Stachniss, Maren Bennewitz, Giorgio Grisetti, Kai Arras Slides by Kai Arras Last update: June 2010 1 Feature Extraction:

439 views • 20 slides
Feature Extraction and Aggregation for Predicting the Euro 2016 Maryam Tavakol Hamid

Feature Extraction and Aggregation for Predicting the Euro 2016 Maryam Tavakol Hamid

Feature Extraction and Aggregation for Predicting the Euro 2016 Maryam Tavakol Hamid Zafartavanaelmi, and Ulf Brefeld Riva del Garda, Sep 19, 2016 Agenda Introduction Feature Extraction Prediction &amp; Learning Performance

239 views • 20 slides
Local Feature Extraction and Learning for Computer Vision Part 3: Binary Feature Learning for

Local Feature Extraction and Learning for Computer Vision Part 3: Binary Feature Learning for

IEEE CVPR 2017 Tutorial on Local Feature Extraction and Learning for Computer Vision Part 3: Binary Feature Learning for Visual Recognition and Search Jiwen Lu Department of Automation, Tsinghua University, China

690 views • 50 slides
Reducing Observation Time f for Reliable Cyclostationarity R li bl C l i i Feature

Reducing Observation Time f for Reliable Cyclostationarity R li bl C l i i Feature

1 Reducing Observation Time f for Reliable Cyclostationarity R li bl C l i i Feature Extraction Feature Extraction Amy C. Malady and A.A. (Louis) Beex DSPRL Wireless@VT ECE Department Blacksburg, VA 24061-0111 SDR11-WInnComm

661 views • 20 slides
Pattern Recognition Part 4: Feature Extraction Gerhard Schmidt Christian-Albrechts-Universitt

Pattern Recognition Part 4: Feature Extraction Gerhard Schmidt Christian-Albrechts-Universitt

Pattern Recognition Part 4: Feature Extraction Gerhard Schmidt Christian-Albrechts-Universitt zu Kiel Faculty of Engineering Institute of Electrical and Information Engineering Digital Signal Processing and System Theory Feature Extraction

589 views • 46 slides
Off-line Signature Verification: A Circular Outline Grid-Based Feature Extraction Approach

Off-line Signature Verification: A Circular Outline Grid-Based Feature Extraction Approach

8vas. Jornadas de Ciencias de la Computaci on (XIII JCC) XIII JCC Off-line Signature Verification: A Circular Outline Grid-Based Feature Extraction Approach Motivation Contributions Feature Marianela Parodi Extraction SVM-based &lt;

652 views • 28 slides
BRNIR at the NTCIR-14 finnum task: Scalable feature extraction technique for numeral

BRNIR at the NTCIR-14 finnum task: Scalable feature extraction technique for numeral

BRNIR at the NTCIR-14 finnum task: Scalable feature extraction technique for numeral classification Alan Spark, Team Lead at AUTO1 GROUP 1 Agenda Motivation Features types Extraction pipeline Experiment design Results 2

422 views • 14 slides
Home Credit Presentation of 3Q 2017 results 27 November 2017 Disclaimer This presentation has

Home Credit Presentation of 3Q 2017 results 27 November 2017 Disclaimer This presentation has

Home Credit Presentation of 3Q 2017 results 27 November 2017 Disclaimer This presentation has been prepared solely for informational purposes and shall not be considered as an offer to sell or the solicitation of an offer to buy, subscribe for

544 views • 29 slides
Expert Knowledge Elicitations in a Procurement Card Context: Towards Continuous Monitoring and

Expert Knowledge Elicitations in a Procurement Card Context: Towards Continuous Monitoring and

Expert Knowledge Elicitations in a Procurement Card Context: Towards Continuous Monitoring and Assurance by: Abdullah Alawadhi (RBS) Deniz Appelbaum (RBS) Mamuka Murjikneli (P&amp;G Global Internal Audit) Terry Hickman (P&amp;G Global

534 views • 16 slides
22 nd CLSA Investor Forum Grand Hyatt, Hong Kong Presentation to Investors and Analysts 15-16

22 nd CLSA Investor Forum Grand Hyatt, Hong Kong Presentation to Investors and Analysts 15-16

22 nd CLSA Investor Forum Grand Hyatt, Hong Kong Presentation to Investors and Analysts 15-16 September 2015 Patrick Upfold Chief Financial Officer Disclaimer This information has been prepared on a strictly confidential basis by Macquarie

832 views • 62 slides
THE OUTL K FOR THE NORTH AMERICAN ECONOMY February 11th, 2020 Dan North Chief Economist,

THE OUTL K FOR THE NORTH AMERICAN ECONOMY February 11th, 2020 Dan North Chief Economist,

NORTH AMERICAN POWER CREDIT ORGANIZATION, CREDIT CONFERENCE PALM SPRINGS, CA THE OUTL K FOR THE NORTH AMERICAN ECONOMY February 11th, 2020 Dan North Chief Economist, Euler Hermes North America Looking Ahead in 2020 EULER HERMES: GLOBAL

666 views • 41 slides
Control of Metabolic Systems Modeled with Timed Continuous Petri Nets Roberto Ross-Len 1 ,

Control of Metabolic Systems Modeled with Timed Continuous Petri Nets Roberto Ross-Len 1 ,

Control of Metabolic Systems Modeled with Timed Continuous Petri Nets Roberto Ross-Len 1 , Antonio Ramirez-Trevio 1 , Jos Alejandro Morales 2 , and Javier Ruiz-Len 1 1 Centro de Investigaciones y Estudios Avanzados del I.P.N. Unidad

166 views • 16 slides
Half Year Results Presentation For the period ended 31 December 2017 22 February 2018 Important

Half Year Results Presentation For the period ended 31 December 2017 22 February 2018 Important

Half Year Results Presentation For the period ended 31 December 2017 22 February 2018 Important notice This presentation has been prepared by Link Administration Holdings Limited ( Company ) together with its related bodies corporate ( Link Group

793 views • 57 slides
September 18, 2019 www.SBCounty.gov Page 2 Office of Homeless Services Staff Dawn Jones

September 18, 2019 www.SBCounty.gov Page 2 Office of Homeless Services Staff Dawn Jones

Community Development and Housing Agency Office of Homeless Services HEAP Workshop September 18, 2019 www.SBCounty.gov Page 2 Office of Homeless Services Staff Dawn Jones Administrative Supervisor I Karol Hamman Staff Analyst II

632 views • 40 slides
2018-19 S TAFF U PDATE ROADSHOW C OVINA -V ALLEY U NIFIED S CHOOL D ISTRICT J ANUARY 2019 A GENDA

2018-19 S TAFF U PDATE ROADSHOW C OVINA -V ALLEY U NIFIED S CHOOL D ISTRICT J ANUARY 2019 A GENDA

2018-19 S TAFF U PDATE ROADSHOW C OVINA -V ALLEY U NIFIED S CHOOL D ISTRICT J ANUARY 2019 A GENDA Our Story Culture Programs Budget Trends C-VUSD Budget 2 D R . S HEEHAN RETURNS TO C-VUSD 2015-16 Re-establishes Positive

975 views • 29 slides

More recommend