pith. sign in

arxiv: 1907.11129 · v1 · pith:JE5XGQUNnew · submitted 2019-07-25 · 💻 cs.LG · cs.CR· cs.NE· stat.AP· stat.ML

Semisupervised Adversarial Neural Networks for Cyber Security Transfer Learning

Casey Kneale , Kolia Sadeghi This is my paper

Pith reviewed 2026-05-24 16:06 UTC · model grok-4.3

classification 💻 cs.LG cs.CRcs.NEstat.APstat.ML
keywords transfer learningadversarial networkscybersecuritySiamese networkssemisupervised learningdomain adaptationmalicious event detection
0
0 comments X

The pith

An adversarial Siamese neural network learns network-invariant representations of cyber attacks, enabling transfer of detection models between enterprises with different traffic patterns.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper addresses the challenge of sharing machine learning models for detecting cyber attacks across networks that have very different distributions of normal and malicious traffic. It compares simple model transfer and correlation alignment against a new adversarial Siamese network that uses an adversarial objective to make attack representations invariant to specific network characteristics. The model employs a ranking loss to prioritize correct identification of the most serious malicious events, which suits alert triage where analysts review only the top-ranked alerts. On two public networking datasets, the proposed approach detects sizable numbers of malicious events in transfer settings where the other methods detect none in the first 100 events, though it shows some training instability.

Core claim

The adversarial Siamese neural network learns attack representations that are more invariant to each network's particularities via an adversarial approach, using a simple ranking loss that prioritizes the labeling of the most egregious malicious events correctly over average accuracy, allowing it to retrieve sizable proportions of malicious events when models trained on one dataset are evaluated on another.

What carries the argument

Adversarial Siamese neural network that aligns representations across domains through an adversarial training objective combined with a ranking loss.

If this is right

  • Models trained on one enterprise's data can detect attacks on another's without retraining from scratch.
  • Enterprises can share attack representations more effectively toward a global cybersecurity framework.
  • The ranking loss focuses detection on the most critical events suitable for limited analyst time.
  • Adversarial training improves invariance compared to naive transfer or correlation alignment.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Similar adversarial alignment techniques could apply to other transfer learning problems with domain shifts, such as medical imaging across hospitals.
  • If instabilities can be mitigated, this could scale to real-time monitoring across many networks.
  • Testing on more than two datasets would strengthen evidence for broad applicability.
  • Combining this with other semi-supervised methods might further reduce the need for labeled data.

Load-bearing premise

That an adversarial training objective on a Siamese architecture will produce representations sufficiently invariant to network-specific traffic distributions to enable useful transfer.

What would settle it

Evaluating the model on additional pairs of networking datasets and finding that it detects no more malicious events in the top 100 ranked alerts than the naive or CORAL baselines.

Figures

Figures reproduced from arXiv: 1907.11129 by Casey Kneale, Kolia Sadeghi.

Figure 1
Figure 1. Figure 1: Adversarial Neural Network topology. 3.3 ListMLE ListMLE neural networks are neural networks that do not expressly perform a classification or regression task. Instead ListMLE learns rankings of observa￾tions based on their features in a supervised manner. This goal coincides well with the idea of threat triage, in that certain malicious behaviors should take precedence over others for human diagnosis / in… view at source ↗
Figure 2
Figure 2. Figure 2: A truncated violin plot of the kernel density estimated feature dis [PITH_FULL_IMAGE:figures/full_fig_p008_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: 10 replicates for the Rolling TopN and Top100 Accuracy of the adver [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: 10 replicates for the Rolling TopN and Top100 Accuracy of the trans [PITH_FULL_IMAGE:figures/full_fig_p011_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: 10 replicates for the Rolling TopN and Top100 accuracies of the trans [PITH_FULL_IMAGE:figures/full_fig_p012_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Plots of the congruence measure during training for a model that [PITH_FULL_IMAGE:figures/full_fig_p013_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Plots of the ListMLE loss during training for the same models shown [PITH_FULL_IMAGE:figures/full_fig_p014_7.png] view at source ↗
read the original abstract

On the path to establishing a global cybersecurity framework where each enterprise shares information about malicious behavior, an important question arises. How can a machine learning representation characterizing a cyber attack on one network be used to detect similar attacks on other enterprise networks if each networks has wildly different distributions of benign and malicious traffic? We address this issue by comparing the results of naively transferring a model across network domains and using CORrelation ALignment, to our novel adversarial Siamese neural network. Our proposed model learns attack representations that are more invariant to each network's particularities via an adversarial approach. It uses a simple ranking loss that prioritizes the labeling of the most egregious malicious events correctly over average accuracy. This is appropriate for driving an alert triage workflow wherein an analyst only has time to inspect the top few events ranked highest by the model. In terms of accuracy, the other approaches fail completely to detect any malicious events when models were trained on one dataset are evaluated on another for the first 100 events. While, the method presented here retrieves sizable proportions of malicious events, at the expense of some training instabilities due in adversarial modeling. We evaluate these approaches using 2 publicly available networking datasets, and suggest areas for future research.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 1 minor

Summary. The paper proposes a semisupervised adversarial Siamese neural network for cross-network transfer learning in cybersecurity. It claims that an adversarial objective combined with a ranking loss produces attack representations more invariant to network-specific traffic distributions than naive transfer or CORAL, enabling detection of malicious events when models trained on one public dataset are evaluated on another; the other methods detect zero malicious events in the top 100 ranked events while the proposed method retrieves sizable proportions, albeit with noted training instabilities.

Significance. If the transfer gains are robust and attributable to the adversarial invariance mechanism rather than other factors, the work would address a practically important problem in sharing threat intelligence across heterogeneous enterprise networks. The ranking loss is well-motivated for alert triage workflows. However, the absence of quantitative metrics, statistical tests, training details, or direct verification of reduced domain discrepancy limits the strength of the contribution even if the empirical pattern holds on the two datasets.

major comments (3)
  1. [Abstract] Abstract: the central comparative claim states that baselines 'fail completely to detect any malicious events' for the first 100 events while the proposed method 'retrieves sizable proportions,' yet no numerical values, precision-recall figures, or error bars are supplied; this absence is load-bearing because the entire transfer-learning advantage rests on these unreported quantities.
  2. [Abstract] Abstract and § (method description): the distinguishing claim is that adversarial training on the Siamese architecture 'learns attack representations that are more invariant'; however, no quantitative check (MMD, CORAL distance, or domain-wise feature visualization) is reported to confirm lower domain discrepancy relative to the CORAL baseline, leaving open the possibility that gains arise from the ranking loss alone.
  3. [Abstract] Abstract: training instabilities 'due in adversarial modeling' are acknowledged but receive no further analysis, ablation, or stabilization procedure; because the method's reliability is central to any practical deployment claim, this omission weakens attribution of the observed transfer performance.
minor comments (1)
  1. [Abstract] Typo: 'due in adversarial modeling' should read 'due to adversarial modeling'.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive feedback. The comments highlight opportunities to strengthen the quantitative support for our claims. We address each point below and will incorporate revisions where appropriate.

read point-by-point responses

  1. Referee: [Abstract] Abstract: the central comparative claim states that baselines 'fail completely to detect any malicious events' for the first 100 events while the proposed method 'retrieves sizable proportions,' yet no numerical values, precision-recall figures, or error bars are supplied; this absence is load-bearing because the entire transfer-learning advantage rests on these unreported quantities.

    Authors: We agree that the abstract would benefit from explicit numerical results. The full manuscript reports the proportions of malicious events retrieved in the top 100 for each method and dataset; we will move these specific figures (including any multi-run statistics) into the abstract in the revision. revision: yes

  2. Referee: [Abstract] Abstract and § (method description): the distinguishing claim is that adversarial training on the Siamese architecture 'learns attack representations that are more invariant'; however, no quantitative check (MMD, CORAL distance, or domain-wise feature visualization) is reported to confirm lower domain discrepancy relative to the CORAL baseline, leaving open the possibility that gains arise from the ranking loss alone.

    Authors: The manuscript currently relies on the downstream transfer performance to support the invariance claim. We accept that a direct metric comparison would strengthen attribution and will add MMD or feature-space distance measurements between source and target domains for the adversarial model versus the CORAL baseline, along with t-SNE visualizations if space permits. revision: yes

  3. Referee: [Abstract] Abstract: training instabilities 'due in adversarial modeling' are acknowledged but receive no further analysis, ablation, or stabilization procedure; because the method's reliability is central to any practical deployment claim, this omission weakens attribution of the observed transfer performance.

    Authors: The instabilities are noted only briefly. We will expand the experimental section with an ablation on training variance across random seeds and describe any stabilization steps (e.g., gradient clipping or learning-rate schedules) that were applied, or note their absence if none were used. revision: yes

Circularity Check

0 steps flagged

Empirical comparison with no derivation chain or self-referential reductions

full rationale

The paper proposes an adversarial Siamese network for domain transfer in cybersecurity and reports empirical results on two public datasets against naive transfer and CORAL baselines. No equations, derivations, fitted parameters renamed as predictions, or load-bearing self-citations appear in the provided abstract or summary. The central claim rests on observed performance differences rather than any mathematical reduction to the model's own inputs or ansatzes. This matches the default case of a self-contained empirical ML study with no circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the domain assumption that adversarial training produces useful invariance; no free parameters or invented entities are identifiable from the abstract alone.

axioms (1)
  • domain assumption Adversarial training on a Siamese network produces representations invariant to network-specific traffic distributions
    This is the load-bearing premise stated in the abstract as the reason the proposed model succeeds where baselines fail.

pith-pipeline@v0.9.0 · 5750 in / 1100 out tokens · 20894 ms · 2026-05-24T16:06:13.192461+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

23 extracted references · 23 canonical work pages

  1. [1]

    Machine learning in cyber-security - problems, challenges and data sets

    Idan Amit, Matherly John, Hewlett William, Xu Zhi, Meshi Yinnon, and Weinberger Yigal. Machine learning in cyber-security - problems, challenges and data sets. 12 2018. 15

    work page 2018

  2. [2]

    Robust representation for domain adapta- tion in network security

    Karel Bartos and Michal Sofka. Robust representation for domain adapta- tion in network security. ECML PKDD 2015 , 9286, 2015

    work page 2015

  3. [3]

    Chopra, R

    S. Chopra, R. Hadsell, and Y. LeCun. Learning a similarity metric discrim- inatively, with application to face verification. In 2005 IEEE Computer So- ciety Conference on Computer Vision and Pattern Recognition (CVPR’05), volume 1, pages 539–546 vol. 1, 6 2005

    work page 2005

  4. [4]

    Y. Ganin. Domain-adversarial training of neural networks. Journal of Machine Learning Research, 17:1–35, 2016

    work page 2016

  5. [5]

    Ganin and V

    Y. Ganin and V. Lempitsky. Unsupervised domain adaptation by back- propagation. In Proceedings of the 32Nd International Conference on In- ternational Conference on Machine Learning - Volume 37 , ICML’15, pages 1180–1189. JMLR.org, 2015

    work page 2015

  6. [6]

    Generative adversarial nets

    Ian Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde- Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. Generative adversarial nets. In Z. Ghahramani, M. Welling, C. Cortes, N. D. Lawrence, and K. Q. Weinberger, editors, Advances in Neural Information Processing Systems 27, pages 2672–2680. Curran Associates, Inc., 2014

    work page 2014

  7. [7]

    Transfer learning for detecting unknown network attacks.EURASIP Journal on Information Security , 2019(1):1, 2 2019

    Zhao Juan, Shetty Sachin, Pan Jan Wei, Kamhoua Charles, and Kwiat Kevin. Transfer learning for detecting unknown network attacks.EURASIP Journal on Information Security , 2019(1):1, 2 2019

    work page 2019

  8. [8]

    Gregory R. Koch. Siamese neural networks for one-shot image recognition. 2015

    work page 2015

  9. [9]

    Tests concerning random points on a circle

    Nicholaas Kuiper. Tests concerning random points on a circle. Proceedings of the Koninklijke Nederlandse Akademie van Wetenschappen, pages 38–47, 1962

    work page 1962

  10. [10]

    Moore, and Alexander Gray

    Ting Liu, Andrew W. Moore, and Alexander Gray. New algorithms for efficient high-dimensional nonparametric classification. J. Mach. Learn. Res., 7:1135–1158, 2006

    work page 2006

  11. [11]

    Mescheder, Andreas Geiger, and Sebastian Nowozin

    Lars M. Mescheder, Andreas Geiger, and Sebastian Nowozin. Which train- ing methods for gans do actually converge? In ICML, pages 3478–3487, 2018

    work page 2018

  12. [12]

    A taxonomy of ddos attack and ddos defense mechanisms

    Jelena Mirkovic and Peter Reiher. A taxonomy of ddos attack and ddos defense mechanisms. SIGCOMM Comput. Commun. Rev. , 34(2):39–53, 2004

    work page 2004

  13. [13]

    R. D. Mooi and R. A. Botha. A management model for building a com- puter security incident response capability. SAIEE Africa Research Jour- nal, 107(2):78–91, 6 2016. 16

    work page 2016

  14. [14]

    G. E. Moore. Cramming more components onto integrated circuits, reprinted from electronics, volume 38, number 8, april 19, 1965, pp.114 ff. IEEE Solid-State Circuits Society Newsletter , 11(3):33–35, 9 2006

    work page 1965

  15. [15]

    Unsw-nb15: a comprehensive data set for network intrusion detection systems

    Moustafa Nour and Jill Slay. Unsw-nb15: a comprehensive data set for network intrusion detection systems. Military Communications and Infor- mation Systems Conference, IEEE, 2015

    work page 2015

  16. [16]

    S. J. Pan and Q. Yang. A survey on transfer learning. IEEE Transactions on Knowledge and Data Engineering , 22(10):1345–1359, 10 2010

    work page 2010

  17. [17]

    Toward generating a new intrusion detection dataset and intrusion traffic characterization

    Iman Sharafaldin, Arash Lashkari, and Ali Ghorbani. Toward generating a new intrusion detection dataset and intrusion traffic characterization. 4th International Conference on Information Systems Security and Privacy , 2018

    work page 2018

  18. [18]

    D. F. Specht. Generation of polynomial discriminant functions for pattern recognition. IEEE Transactions on Electronic Computers , EC-16(3):308– 319, 6 1967

    work page 1967

  19. [19]

    Return of frustratingly easy domain adaptation

    Baochen Sun, Jiashi Feng, and Kate Saenko. Return of frustratingly easy domain adaptation. Proceeding AAAI’16 Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence , pages 2058–2065, 2018

    work page 2058

  20. [20]

    Improving gener- alization and stability of generative adversarial networks

    Hoang Thanh-Tung, Truyen Tran, and Svetha Venkatesh. Improving gener- alization and stability of generative adversarial networks. In International Conference on Learning Representations, 2019

    work page 2019

  21. [21]

    Listwise approach to learning to rank: Theory and algorithm

    Fen Xia, Tie-Yan Liu, Jue Wang, Wensheng Zhang, and Hang Li. Listwise approach to learning to rank: Theory and algorithm. In Proceedings of the 25th International Conference on Machine Learning , ICML ’08, pages 1192–1199. ACM, 2008

    work page 2008

  22. [22]

    Statistical consistency of top-k rank- ing

    Fen Xia, Tie yan Liu, and Hang Li. Statistical consistency of top-k rank- ing. In Y. Bengio, D. Schuurmans, J. D. Lafferty, C. K. I. Williams, and A. Culotta, editors, Advances in Neural Information Processing Systems 22, pages 2098–2106. Curran Associates, Inc., 2009

    work page 2098

  23. [23]

    Zhong, J

    C. Zhong, J. Yen, P. Liu, and R. F. Erbacher. Learning from experts‘ experience: Toward automated cyber security data triage. IEEE Systems Journal, 13(1):603–614, 3 2019. 17

    work page 2019