{"title":"基于子群发现和复杂网络分析的探索性和解释性网络入侵分析","authors":"Martin Atzmueller, Sophia Sylvester, R. Kanawati","doi":"10.1145/3590777.3590803","DOIUrl":null,"url":null,"abstract":"In this paper, we target the problem of mining descriptive profiles of computer network intrusion attacks. We present an exploratory and explanation-aware approach using subgroup discovery – facilitating human-in-the-loop interaction for guiding the exploration process – since the results of subgroup discovery are inherently interpretable patterns. Furthermore, we explore enriching the feature set describing the network traffic (i. e., exchanged packets) with a new type of features computed on complex networks depicting the interactions among the different involved sites. Complex networks based metrics provide explainable features on the global network level, compared to local features targeted at the local network traffic/packet level. We exemplify the proposed approach using the standard UNSW-NB15 dataset for network intrusion detection.","PeriodicalId":231403,"journal":{"name":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","volume":"99 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Exploratory and Explanation-Aware Network Intrusion Profiling using Subgroup Discovery and Complex Network Analysis\",\"authors\":\"Martin Atzmueller, Sophia Sylvester, R. Kanawati\",\"doi\":\"10.1145/3590777.3590803\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we target the problem of mining descriptive profiles of computer network intrusion attacks. We present an exploratory and explanation-aware approach using subgroup discovery – facilitating human-in-the-loop interaction for guiding the exploration process – since the results of subgroup discovery are inherently interpretable patterns. Furthermore, we explore enriching the feature set describing the network traffic (i. e., exchanged packets) with a new type of features computed on complex networks depicting the interactions among the different involved sites. Complex networks based metrics provide explainable features on the global network level, compared to local features targeted at the local network traffic/packet level. We exemplify the proposed approach using the standard UNSW-NB15 dataset for network intrusion detection.\",\"PeriodicalId\":231403,\"journal\":{\"name\":\"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference\",\"volume\":\"99 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3590777.3590803\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3590777.3590803","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Exploratory and Explanation-Aware Network Intrusion Profiling using Subgroup Discovery and Complex Network Analysis
In this paper, we target the problem of mining descriptive profiles of computer network intrusion attacks. We present an exploratory and explanation-aware approach using subgroup discovery – facilitating human-in-the-loop interaction for guiding the exploration process – since the results of subgroup discovery are inherently interpretable patterns. Furthermore, we explore enriching the feature set describing the network traffic (i. e., exchanged packets) with a new type of features computed on complex networks depicting the interactions among the different involved sites. Complex networks based metrics provide explainable features on the global network level, compared to local features targeted at the local network traffic/packet level. We exemplify the proposed approach using the standard UNSW-NB15 dataset for network intrusion detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
