Applications of Positive Unlabeled (PU) and Negative Unlabeled (NU) Learning in Cybersecurity

TL;DR

This paper investigates how Positive and Negative Unlabeled learning methods can be applied to cybersecurity tasks like intrusion detection and malware identification, addressing challenges of limited labeled data and evolving threats.

Contribution

It introduces the application of PU/NU learning to cybersecurity, formulates problem settings, and discusses challenges and future research directions.

Findings

Identifies cybersecurity areas where PU/NU learning is beneficial

Highlights challenges in real-time implementation and class imbalance

Proposes future research directions for adaptive threat detection

Abstract

This paper explores the relatively underexplored application of Positive Unlabeled (PU) Learning and Negative Unlabeled (NU) Learning in the cybersecurity domain. While these semi-supervised learning methods have been applied successfully in fields like medicine and marketing, their potential in cybersecurity remains largely untapped. The paper identifies key areas of cybersecurity--such as intrusion detection, vulnerability management, malware detection, and threat intelligence--where PU/NU learning can offer significant improvements, particularly in scenarios with imbalanced or limited labeled data. We provide a detailed problem formulation for each subfield, supported by mathematical reasoning, and highlight the specific challenges and research gaps in scaling these methods to real-time systems, addressing class imbalance, and adapting to evolving threats. Finally, we propose future directions to advance the integration of PU/NU learning in cybersecurity, offering solutions that can better detect, manage, and mitigate emerging cyber threats.