This
week we ended our ISB's Machine Learning course with the last two
lectures which were on Text Analysis and Mining graphs. The topics
covered were as follows:
Word2vec
Word2vec
is a two-layer neural net that processes text. Its input is a text
corpus and its output is a set of vectors: feature vectors for words in
that corpus. While Word2vec is not a deep neural network, it turns text into a numerical form that deep nets can understand.
The
purpose and usefulness of Word2vec are to group the vectors of similar
words together in vector space. That is, it detects similarities
mathematically. Word2vec creates vectors that are distributed numerical
representations of word features, features such as the context of
individual words. It does so without human intervention.
There
are two types of Word2Vec, Skip-gram and Continuous Bag of Words
(CBOW). I will briefly describe how these two methods work in the
following paragraphs.
Skip-gram
Words are read into the vector one at a time and scanned back and forth within a certain range. Those ranges are n-grams, and an n-gram is a contiguous sequence of n items
from a given linguistic sequence; it is the nth version of unigram,
bigram, trigram, four-gram or five-gram. A skip-gram simply drops items
from the n-gram.
The graph below visualizes the network structure.
CBOW
Continuous
Bag of Words (CBOW) is very similar to skip-gram, except that it swaps
the input and output. The idea is that given a context, we want to know
which word is most likely to appear in it.
The biggest difference between Skip-gram and CBOW is that the way the word vectors are generated.
For CBOW, all the examples with the target word as a target are fed
into the networks and taking the average of the extracted hidden layer.
For example, assume we only have two sentences, “He is a nice guy” and
“She is a wise queen”. To compute the word representation for the word
“a”, we need to feed in these two examples, “He is a nice guy”, and “She
is wise queen” into the Neural Network and take the average of the
value in the hidden layer. Skip-gram only feeds in the one and only one
target word one-hot vector as input.
It
is claimed that Skip-gram tends to do better in rare words.
Nevertheless, the performance of Skip-gram and CBOW are generally
similar.
Mining Graphs
The Web as a Directed Graph
Viewing
social and economic networks in terms of their graph structures provides
significant insights, and the same is true for information networks
such as the Web. When we view the Web as a graph, it allows us to better
understand the logical relationships expressed by its links; to break
its structure into smaller, cohesive units; and to identify important
pages as a step in organizing the results of Web searches.
Early Search Engines and Term Spam
Techniques
for fooling search engines into believing your page is about something
it is not are called term spam. The ability of term spammers to operate
so easily rendered early search engines almost useless. To combat term
spam, Google introduced two innovations:
1.
PageRank was used to simulate where Web surfers, starting at a random
page, would tend to congregate if they followed randomly chosen outlinks
from the page at which they were currently located, and this process
was allowed to iterate many times. Pages that would have a large number
of surfers were considered more “important” than pages that would rarely
be visited. Google prefers important pages to unimportant pages when
deciding which pages to show first in response to a search query.
2.
The content of a page was judged not only by the terms appearing on
that page but by the terms used in or near the links to that page. Note
that while it is easy for a spammer to add false terms to a page they
control, they cannot as easily get false terms added to the pages that
link to their own page, if they do not control those pages.
Spectral Clustering
In multivariate statistics and the clustering of data, spectral clustering techniques
make use of the spectrum (eigenvalues) of the similarity matrix of the
data to perform dimensionality reduction before clustering in fewer
dimensions. The similarity matrix is provided as an input and consists
of a quantitative assessment of the relative similarity of each pair of
points in the dataset.
In application to image segmentation, spectral clustering is known as segmentation-based object categorization.
Satnam Sir's session on Cyber Security
Sir discussed the following topics in the session:
Data Exfiltration Detection
Exfiltration is a rather new word in the English language. In fact, it wasn’t used prevalently until recently.
By
definition, data exfiltration is the unauthorized copying, transfer, or
retrieval of data from a computer or server. It is a malicious activity
performed through various different techniques, typically by
cybercriminals over the internet or other networks.
More
specifically, data exfiltration is a security breach that occurs when
one’s data is illegally copied. Normally, it’s the result of a targeted
attack where the malicious actor’s primary intent is to find and copy
specific data from a specific machine. The hacker gains access to the
target machine through a remote application or by directly installing a
portable media device. These breaches often occur on systems that still
use the hardware/software vendor’s default password or an easy-to-guess
password.
Splunk for Detecting and Stopping Data Exfiltration
Then he showed us how he used Splunk to detect unusual activity in the Weblogs.
The User Activity dashboard would display panels representing user activities such as potential data exfiltration. A spike in the volume or a high volume of key indicators such as Non-corporate Web Uploads and Non-corporate Email Activity can
indicate suspicious data transfer. The dashboard indicates a high
volume of suspicious activity involving data being uploaded to
non-corporate domains, as well as suspiciously large email messages sent
to addresses outside the organization.
The User Activity dashboard was used as the starting point to detect suspicious data exfiltration behavior. The Email Activity dashboard
exposed large data transfers to known and unknown domains. Using the
dashboards and searches provided with Splunk Enterprise Security, the
security analyst can check for common data exfiltration behaviors and
set up monitoring of potentially compromised machines and take necessary
remedial action.
Anamoly Detection algorithms
Anomaly detection is a technique used to identify unusual patterns that do not conform to expected behavior, called outliers.
Density-Based Anomaly Detection
Density-based anomaly detection is based on the k-nearest neighbor's algorithm.
Assumption: Normal data points occur around a dense neighborhood and abnormalities are far away.
The
nearest set of data points are evaluated using a score, which could be
Euclidean distance or a similar measure dependent on the type of the
data (categorical or numerical). They could be broadly classified into
two algorithms:
K-nearest neighbor:
k-NN is a simple, non-parametric lazy learning technique used to
classify data based on similarities in distance metrics such as
Euclidean, Manhattan, Minkowski, or Hamming distance.
Relative density of data: This is better known as local outlier factor (LOF). This concept is based on a distance metric called reachability distance.
Clustering-Based Anomaly Detection
Clustering is one of the most popular concepts in the domain of unsupervised learning.
Assumption: Data
points that are similar tend to belong to similar groups or clusters,
as determined by their distance from local centroids.
K-means is
a widely used clustering algorithm. It creates 'k' similar clusters of
data points. Data instances that fall outside of these groups could
potentially be marked as anomalies.
Support Vector Machine-Based Anomaly Detection
A support
vector machine is another effective technique for detecting anomalies.
An SVM is typically associated with supervised learning, but there are
extensions (OneClassCVM, for instance) that can be used to identify
anomalies as an unsupervised problem (in which training data are not
labeled). The algorithm learns a soft boundary in order to cluster the
normal data instances using the training set, and then, using the
testing instance, it tunes itself to identify the abnormalities that
fall outside the learned region.
Depending
on the use case, the output of an anomaly detector could be numeric
scalar values for filtering on domain-specific thresholds or textual
labels (such as binary/multi labels).
He
then asked us to work on a Kaggle dataset of Credit Card Fraud
Detection problem. He asked us to solve it as an anomaly detection
problem rather than a classification problem.
In this week , we continued with deep learning course lecture no.2 "The neural net as a universal approximator" which includes recap of previous lecture related to perceptron and its firing condition.After that we first learned about deep layer structures,then we move on to multilayer perceptrons and how it is used to evaluate boolean expression , learning geometrical shapes and also learnt about required optimal depth for a neural network. Another task was given to us by Sehra sir i.e. hypothesis testing and z-statistics assignment using R.There were 3-4 assignments which was supposed to be completed in 3 days. We also watched Danko sir's lecture no.2 .The lecture was about first understandig human level intelligence and how can we achieve that in computers.He taught us about electic models and specialized models also.
Lecture - Design Thinking This week we had a session with Mandeep Singh Kwatria on Design Thinking to help thinking about good innovative ideas. Design Thinking is a design methodology that provides a solution-based approach to solving problems. It’s extremely useful in tackling complex problems that are ill-defined or unknown, by understanding the human needs involved, by re-framing the problem in human-centric ways, by creating many ideas in brainstorming sessions, and by adopting a hands-on approach in prototyping and testing. The three Design Thinking Phases are: Inspire Ideate Implement A ground-breaking innovation will be desirable, feasible and viable. Paddy Crop Project Along with other work, we also had a project from one of our professors related to paddy (confidential) which we worked on using the knowledge we got in this internship.
Statistics By Sehra Sir We had been having sessions with Sukhjit Sehra Sir on statistics since the past week. This week we learned about the following topics: Probability and Probability Distributions Probability theory developed from the study of games of chance like dice and cards. A process like flipping a coin, rolling a die or drawing a card from a deck is called probability experiments. An outcome is a specific result of a single trial of a probability experiment. Probability Distributions Probability theory is the foundation for statistical inference. A probability distribution is a device for indicating the values that a random variable may have. There are two categories of random variables. These are discrete random variables and continuous random variables. Discrete random variable The probability distribution of a discrete random variable specifies all possible values of a discrete random variable along with their respective probabilities. Example
Comments
Post a Comment