Explanations of unsupervised learning clustering applied to data security analysis

G. Corral; E. Armengol; A. Fornells; E. Golobardes

doi:10.1016/j.neucom.2008.09.021

Explanations of unsupervised learning clustering applied to data security analysis

G. Corral^*
, E. Armengol
, A. Fornells
, E. Golobardes

^*Corresponding author for this work

Research output: Indexed journal article › Article › peer-review

21 Citations (Scopus)

Abstract

Network security tests should be periodically conducted to detect vulnerabilities before they are exploited. However, analysis of testing results is resource intensive with many data and requires expertise because it is an unsupervised domain. This paper presents how to automate and improve this analysis through the identification and explanation of device groups with similar vulnerabilities. Clustering is used for discovering hidden patterns and abnormal behaviors. Self-organizing maps are preferred due to their soft computing capabilities. Explanations based on anti-unification give comprehensive descriptions of clustering results to analysts. This approach is integrated in Consensus, a computer-aided system to detect network vulnerabilities.

Original language	English
Pages (from-to)	2754-2762
Number of pages	9
Journal	Neurocomputing
Volume	72
Issue number	13-15
DOIs	https://doi.org/10.1016/j.neucom.2008.09.021
Publication status	Published - Aug 2009

Keywords

Artificial intelligence applications
Explanations
Network security
Self-organizing maps
Unsupervised learning clustering

Access to Document

10.1016/j.neucom.2008.09.021

Cite this

@article{5e701477fb6a4ecc8bda65228eee2743,

title = "Explanations of unsupervised learning clustering applied to data security analysis",

abstract = "Network security tests should be periodically conducted to detect vulnerabilities before they are exploited. However, analysis of testing results is resource intensive with many data and requires expertise because it is an unsupervised domain. This paper presents how to automate and improve this analysis through the identification and explanation of device groups with similar vulnerabilities. Clustering is used for discovering hidden patterns and abnormal behaviors. Self-organizing maps are preferred due to their soft computing capabilities. Explanations based on anti-unification give comprehensive descriptions of clustering results to analysts. This approach is integrated in Consensus, a computer-aided system to detect network vulnerabilities.",

keywords = "Artificial intelligence applications, Explanations, Network security, Self-organizing maps, Unsupervised learning clustering",

author = "G. Corral and E. Armengol and A. Fornells and E. Golobardes",

note = "Funding Information: This work has been partially supported by the MCYT-FEDER project called MID-CBR (TIN2006-15140-C03-01 and TIN2006-15140-C03-03) and by the Generalitat de Catalunya under Grants 2005SGR-302 and 2005-SGR-00093. We would also like to thank La Salle-Universitat Ramon Llull for the support to our research group. ",

year = "2009",

month = aug,

doi = "10.1016/j.neucom.2008.09.021",

language = "English",

volume = "72",

pages = "2754--2762",

journal = "Neurocomputing",

issn = "0925-2312",

publisher = "Elsevier B.V.",

number = "13-15",

}

TY - JOUR

T1 - Explanations of unsupervised learning clustering applied to data security analysis

AU - Corral, G.

AU - Armengol, E.

AU - Fornells, A.

AU - Golobardes, E.

N1 - Funding Information: This work has been partially supported by the MCYT-FEDER project called MID-CBR (TIN2006-15140-C03-01 and TIN2006-15140-C03-03) and by the Generalitat de Catalunya under Grants 2005SGR-302 and 2005-SGR-00093. We would also like to thank La Salle-Universitat Ramon Llull for the support to our research group.

PY - 2009/8

Y1 - 2009/8

N2 - Network security tests should be periodically conducted to detect vulnerabilities before they are exploited. However, analysis of testing results is resource intensive with many data and requires expertise because it is an unsupervised domain. This paper presents how to automate and improve this analysis through the identification and explanation of device groups with similar vulnerabilities. Clustering is used for discovering hidden patterns and abnormal behaviors. Self-organizing maps are preferred due to their soft computing capabilities. Explanations based on anti-unification give comprehensive descriptions of clustering results to analysts. This approach is integrated in Consensus, a computer-aided system to detect network vulnerabilities.

AB - Network security tests should be periodically conducted to detect vulnerabilities before they are exploited. However, analysis of testing results is resource intensive with many data and requires expertise because it is an unsupervised domain. This paper presents how to automate and improve this analysis through the identification and explanation of device groups with similar vulnerabilities. Clustering is used for discovering hidden patterns and abnormal behaviors. Self-organizing maps are preferred due to their soft computing capabilities. Explanations based on anti-unification give comprehensive descriptions of clustering results to analysts. This approach is integrated in Consensus, a computer-aided system to detect network vulnerabilities.

KW - Artificial intelligence applications

KW - Explanations

KW - Network security

KW - Self-organizing maps

KW - Unsupervised learning clustering

UR - https://www.scopus.com/pages/publications/79951747896

U2 - 10.1016/j.neucom.2008.09.021

DO - 10.1016/j.neucom.2008.09.021

M3 - Article

AN - SCOPUS:79951747896

SN - 0925-2312

VL - 72

SP - 2754

EP - 2762

JO - Neurocomputing

JF - Neurocomputing

IS - 13-15

ER -

Explanations of unsupervised learning clustering applied to data security analysis

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this