Skip to main content
SpringerLink
Log in
Book cover

Innovations in Hybrid Intelligent Systems pp 112–119Cite as

Data Security Analysis Using Unsupervised Learning and Explanations

  • Chapter

Part of the book series: Advances in Soft Computing ((AINSC,volume 44))

Abstract

Vulnerability assessment is an effective security mechanism to identify vulnerabilities in systems or networks before they are exploited. However manual analysis of network test and vulnerability assessment results is time consuming and demands expertise. This paper presents an improvement of Analia, which is a security system to process results obtained after a vulnerability assessment using artificial intelligence techniques. The system applies unsupervised clustering techniques to discover hidden patterns and extract abnormal device behaviour by clustering devices in groups that share similar vulnerabilities. The proposed improvement consists in extracting a symbolic explanation for each cluster in order to help security analysts to understand the clustering solution using network security lexicon.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Peltier TR, Peltier J (2003) Managing a Network Vulnerability Assessment. CRC Press, Inc

    Google Scholar 

  2. Eskin E, Arnold A, Prerau M (2002) A geometric framework for unsupervised anomaly detection: Detecting intrusions in unlabeled data. In: Data Mining for Security Applications

    Google Scholar 

  3. Corral G, Golobardes E, Andreu O, Serra I (2005) Application of clustering techniques in a network security testing system. AI Research and Development, IOS Press, 131:157–164

    Google Scholar 

  4. Fornells A, Golobardes E, Vernet D, Corral G (2006) Unsupervised case memory organization: Analysing computational time and soft computing capabilities. In 8th European Conference on CBR, LNAI Springer-Verlag, 4106:241–255

    Google Scholar 

  5. Hartigan J, Wong M (1979) A k-means clustering algorithm. Applied Statistics, 28:100–108

    Article  MATH  Google Scholar 

  6. Kohonen T (1989) Self-Organization and Associative Memory. In: Springer Series in Information Sciences, Springer, Berlin, vol 8

    Google Scholar 

  7. Corral G, Zaballos A, Cadenas X, Grané A (2005) A distributed security system for an intranet. In 39th IEEE Carnahan Conference on Security Technology, pp 291–294

    Google Scholar 

  8. Armengol E, Plaza E (2000) Bottom-up induction of feature terms. Machine Learning 41(1):259–294

    Article  MATH  Google Scholar 

  9. Julisch K (2003) Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security 6:443–471

    Article  Google Scholar 

  10. Leung K, Leckie C (2005) Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of 28th Australasian CS Conference, vol 38

    Google Scholar 

  11. Marchette D (1999) A statistical method for profiling network traffic. In: 1st USENIX Workshop on Intrusion Detection and Network Monitoring, pp 119–128

    Google Scholar 

  12. Ramadas M, Ostermann S, Tjaden BC (2003) Detecting anomalous network traffic with SOMs. In: 6th Symposium on Recent Advances in Intrusion Detection, 2820: 36–54

    Google Scholar 

  13. Depren M, Topallar M (2004) Network-based anomaly intrusion detection system using SOMs. In: IEEE 12th Signal Processing and Communications Applications, pp 76–79

    Google Scholar 

  14. DeLooze L (2004) Classification of computer attacks using a self-organizing map. In: Proceedings of the 2004 IEEE Workshop on Information Assurance, pp 365–369

    Google Scholar 

  15. Armengol E, Plaza E (2006) Symbolic Explanation of Similarities in CBR. Computing and Informatics 25:1001–1019

    Google Scholar 

  16. Cheeseman P, Stutz J (1996) Bayesian classification (autoclass): Theory and results. Advances in Knowledge Discovery and Data Mining, pp 153–180

    Google Scholar 

  17. Corral G, Fornells A, Golobardes E, Abella J (2006) Cohesion factors: improving the clustering capabilities of Consensus. Intelligent Data Engineering and Automated Learning, LNCS Springer, 4224:488–495

    Article  Google Scholar 

  18. Dunn J (1974) Well separated clusters and optimal fuzzy partitions. Journal of Cybernetics 4:95–104

    Article  MathSciNet  Google Scholar 

  19. Davies DL, Bouldin DW (1979) A cluster separation measure. IEEE Transactions on Pattern Analysis and Machine Learning 4:224–227

    Article  Google Scholar 

  20. Rousseeuw P (1987) Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. Journal of Computational and Applied Mathematics 20:53–65

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Grup de Recerca en Sistemes Intelligents Enginyeria i Arquitectura La Salle, Universitat Ramon Llull, Quatre Camins, 2, 08022, Barcelona, Spain

    G. Corral, A. Fornells & E. Golobardes

  2. IIIA, Artificial Intelligence Research Institute, CSIC, Spanish Council for Scientific Research, Campus UAB, 08193, Bellaterra, Barcelona, Spain

    E. Armengol

Authors
  1. G. Corral
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. E. Armengol
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Fornells
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. E. Golobardes
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Escuela Politécnica Superior Campus Vena, Edifico C, Universidad de Burgos, C/Francisco de Vitoria s/n, 09006, Burgos, Spain

    Emilio Corchado

  2. Departamento de Informática y Automática Facultad de Ciencias, Universidad de Salamanca, Plaza de la Merced S/N, 37008, Salamanca, Spain

    Juan M. Corchado

  3. Centre for Quantifiable Quality of Service in Communication Systems (Q2S) Centre of Excellence, Norwegian University of Science and Technology, O.S. Bragstads plass 2E, 7491, Trondheim, Norway

    Ajith Abraham

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Corral, G., Armengol, E., Fornells, A., Golobardes, E. (2007). Data Security Analysis Using Unsupervised Learning and Explanations. In: Corchado, E., Corchado, J.M., Abraham, A. (eds) Innovations in Hybrid Intelligent Systems. Advances in Soft Computing, vol 44. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74972-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74972-1_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74971-4

  • Online ISBN: 978-3-540-74972-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation