Explanations of unsupervised learning clustering applied to data security analysis

Authors:
G. Corral;E. Armengol;A. Fornells;E. Golobardes
Affiliations:
Grup de Recerca en Sistemes Intelligents, Enginyeria i Arquitectura La Salle, Universitat Ramon Llull, Quatre Camins, 2, 08022 Barcelona, Spain;IIIA, Artificial Intelligence Research Institute, CSIC, Spanish Council for Scientific Research, Campus UAB, 08193 Bellaterra, Barcelona, Spain;Grup de Recerca en Sistemes Intelligents, Enginyeria i Arquitectura La Salle, Universitat Ramon Llull, Quatre Camins, 2, 08022 Barcelona, Spain;Grup de Recerca en Sistemes Intelligents, Enginyeria i Arquitectura La Salle, Universitat Ramon Llull, Quatre Camins, 2, 08022 Barcelona, Spain
Venue:
Neurocomputing
Year:
2009

Citing 20
Cited 1

A massively parallel architecture for a self-organizing neural pattern recognition machine

Computer Vision, Graphics, and Image Processing
Silhouettes: a graphical aid to the interpretation and validation of cluster analysis

Journal of Computational and Applied Mathematics
Case-based reasoning: foundational issues, methodological variations, and system approaches

AI Communications
Bayesian classification (AutoClass): theory and results

Advances in knowledge discovery and data mining
Self-organizing maps

Self-organizing maps
Bottom-Up Induction of Feature Terms

Machine Learning
Neural Networks: A Comprehensive Foundation

Neural Networks: A Comprehensive Foundation
Neural Networks for Pattern Recognition

Neural Networks for Pattern Recognition
Managing a Network Vulnerability Assessment

Managing a Network Vulnerability Assessment
X-means: Extending K-means with Efficient Estimation of the Number of Clusters

ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Unsupervised learning techniques for an intrusion detection system

Proceedings of the 2004 ACM symposium on Applied computing
Unsupervised anomaly detection in network intrusion detection using clusters

ACSC '05 Proceedings of the Twenty-eighth Australasian conference on Computer Science - Volume 38
A Case-Based Explanation System for Black-Box Systems

Artificial Intelligence Review
Explanation in Recommender Systems

Artificial Intelligence Review
Soft case-based reasoning

The Knowledge Engineering Review
Component retrieval using conversational case-based reasoning

Intelligent information processing II
On the role of diversity in conversational recommender systems

ICCBR'03 Proceedings of the 5th international conference on Case-based reasoning: Research and Development
A Cluster Separation Measure

IEEE Transactions on Pattern Analysis and Machine Intelligence
Unsupervised case memory organization: analysing computational time and soft computing capabilities

ECCBR'06 Proceedings of the 8th European conference on Advances in Case-Based Reasoning
Cohesion factors: improving the clustering capabilities of consensus

IDEAL'06 Proceedings of the 7th international conference on Intelligent Data Engineering and Automated Learning

Detecting unknown attacks in wireless sensor networks using clustering techniques

HAIS'11 Proceedings of the 6th international conference on Hybrid artificial intelligent systems - Volume Part I

Quantified Score

Hi-index	0.01

Visualization

Abstract

Network security tests should be periodically conducted to detect vulnerabilities before they are exploited. However, analysis of testing results is resource intensive with many data and requires expertise because it is an unsupervised domain. This paper presents how to automate and improve this analysis through the identification and explanation of device groups with similar vulnerabilities. Clustering is used for discovering hidden patterns and abnormal behaviors. Self-organizing maps are preferred due to their soft computing capabilities. Explanations based on anti-unification give comprehensive descriptions of clustering results to analysts. This approach is integrated in Consensus, a computer-aided system to detect network vulnerabilities.