Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

End-to-End triplet loss based fine-tuning for network embedding in effective PII detection

Rishika Kohli, Shaifu Gupta, Manoj Singh Gaur

TL;DR

This work targets the problem of detecting personally identifiable information (PII) exfiltration in mobile network traffic. It presents an end-to-end deep learning framework that combines pre-trained language-model embeddings (via SBERT) and an autoencoder with triplet-loss fine-tuning to produce compact, discriminative network embeddings for PII detection. Evaluations on two real-world datasets (ReCon and AntShield) show the proposed approach achieving higher accuracy than state-of-the-art baselines, with strong performance under k-fold cross-validation when employing KL-divergence and hard-mining in the triplet framework. The study demonstrates the viability of end-to-end network embeddings for PII leakage detection and highlights paths for on-device deployment, federated learning, and incremental learning for evolving PII types.

Abstract

There are many approaches in mobile data ecosystem that inspect network traffic generated by applications running on user's device to detect personal data exfiltration from the user's device. State-of-the-art methods rely on features extracted from HTTP requests and in this context, machine learning involves training classifiers on these features and making predictions using labelled packet traces. However, most of these methods include external feature selection before model training. Deep learning, on the other hand, typically does not require such techniques, as it can autonomously learn and identify patterns in the data without external feature extraction or selection algorithms. In this article, we propose a novel deep learning based end-to-end learning framework for prediction of exposure of personally identifiable information (PII) in mobile packets. The framework employs a pre-trained large language model (LLM) and an autoencoder to generate embedding of network packets and then uses a triplet-loss based fine-tuning method to train the model, increasing detection effectiveness using two real-world datasets. We compare our proposed detection framework with other state-of-the-art works in detecting PII leaks from user's device.

End-to-End triplet loss based fine-tuning for network embedding in effective PII detection

TL;DR

This work targets the problem of detecting personally identifiable information (PII) exfiltration in mobile network traffic. It presents an end-to-end deep learning framework that combines pre-trained language-model embeddings (via SBERT) and an autoencoder with triplet-loss fine-tuning to produce compact, discriminative network embeddings for PII detection. Evaluations on two real-world datasets (ReCon and AntShield) show the proposed approach achieving higher accuracy than state-of-the-art baselines, with strong performance under k-fold cross-validation when employing KL-divergence and hard-mining in the triplet framework. The study demonstrates the viability of end-to-end network embeddings for PII leakage detection and highlights paths for on-device deployment, federated learning, and incremental learning for evolving PII types.

Abstract

There are many approaches in mobile data ecosystem that inspect network traffic generated by applications running on user's device to detect personal data exfiltration from the user's device. State-of-the-art methods rely on features extracted from HTTP requests and in this context, machine learning involves training classifiers on these features and making predictions using labelled packet traces. However, most of these methods include external feature selection before model training. Deep learning, on the other hand, typically does not require such techniques, as it can autonomously learn and identify patterns in the data without external feature extraction or selection algorithms. In this article, we propose a novel deep learning based end-to-end learning framework for prediction of exposure of personally identifiable information (PII) in mobile packets. The framework employs a pre-trained large language model (LLM) and an autoencoder to generate embedding of network packets and then uses a triplet-loss based fine-tuning method to train the model, increasing detection effectiveness using two real-world datasets. We compare our proposed detection framework with other state-of-the-art works in detecting PII leaks from user's device.

Paper Structure

This paper contains 31 sections, 11 equations, 12 figures, 10 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related work
  3. Static analysis
  4. Dynamic analysis
  5. Taint analysis
  6. Network-based analysis
  7. Preliminaries
  8. FT-Transformer
  9. LLM model: SBert
  10. BERT
  11. SBERT
  12. Autoencoder
  13. Problem Formulation
  14. Problem Definition
  15. Design of proposed framework
  16. ...and 16 more sections

Figures (12)

  • Figure 1: FT-transformer architecture
  • Figure 2: The pre-processed tabular dataset.
  • Figure 3: End-to-end learning framework
  • Figure 4: 10-fold cross validation plots for ReCon dataset
  • Figure 5: For ReCon dataset: t-SNE plots for 4 features: 'referer', 'referrer' and 'google_aid', 'user_id'. Abbreviations used are: HM: Hard-mining, SM: Soft-mining, 1: Replaced embedding of features selected for triplets, 2: Replaced all features with predicted embeddings.
  • ...and 7 more figures