Explanations of unsupervised learning clustering applied to data security analysis

Research output: Indexed journal article Articlepeer-review

20 Citations (Scopus)


Network security tests should be periodically conducted to detect vulnerabilities before they are exploited. However, analysis of testing results is resource intensive with many data and requires expertise because it is an unsupervised domain. This paper presents how to automate and improve this analysis through the identification and explanation of device groups with similar vulnerabilities. Clustering is used for discovering hidden patterns and abnormal behaviors. Self-organizing maps are preferred due to their soft computing capabilities. Explanations based on anti-unification give comprehensive descriptions of clustering results to analysts. This approach is integrated in Consensus, a computer-aided system to detect network vulnerabilities.

Original languageEnglish
Pages (from-to)2754-2762
Number of pages9
Issue number13-15
Publication statusPublished - Aug 2009


  • Artificial intelligence applications
  • Explanations
  • Network security
  • Self-organizing maps
  • Unsupervised learning clustering


Dive into the research topics of 'Explanations of unsupervised learning clustering applied to data security analysis'. Together they form a unique fingerprint.

Cite this