An Effective Distributed GHSOM Algorithm for Unsupervised Clustering on Big Data

Chiu, Chui-Hui; Chen, Jinjie; Yu, F. Richard

doi:10.1109/bigdatacongress.2017.45

Cited by 7 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deep learning methods have shown significant potential to detect this type of anomalies [5,[11][12][13][14][15][16][17][18][19][20][21][22]. Albeit studied methods vary from image processing to signal processing and so forth, basic functionalities can be converted to another type of detection process.…”

Section: Previously Unknown Attacksmentioning

confidence: 99%

“…To support the usage of GHSOM in our method, Chiu et al stated that 2D Self-Organising Map (SOM) has two disadvantages: (i) map size has to be defined before training process; and (ii) there are no hierarchical relations between clusters. Their test results also show low false positive and negative rates [12]. Therefore, we do not limit the cluster expansions or the GHSOM size, as there does not exist any information on how many clusters should be chosen or how high or wide the GHSOM should grow.…”

Section: Outlier Classificationmentioning

confidence: 99%

See 1 more Smart Citation

A Novel Deep Learning Stack for APT Detection

Bodström

Hämäläinen

2019

Applied Sciences

View full text Add to dashboard Cite

We present a novel Deep Learning (DL) stack for detecting Advanced Persistent threat (APT) attacks. This model is based on a theoretical approach where an APT is observed as a multi-vector multi-stage attack with a continuous strategic campaign. To capture these attacks, the entire network flow and particularly raw data must be used as an input for the detection process. By combining different types of tailored DL-methods, it is possible to capture certain types of anomalies and behaviour. Our method essentially breaks down a bigger problem into smaller tasks, tries to solve these sequentially and finally returns a conclusive result. This concept paper outlines, for example, the problems and possible solutions for the tasks. Additionally, we describe how we will be developing, implementing and testing the method in the near future.

show abstract

Section: Previously Unknown Attacksmentioning

confidence: 99%

Section: Outlier Classificationmentioning

confidence: 99%

A Novel Deep Learning Stack for APT Detection

Bodström

Hämäläinen

2019

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Meanwhile, Distributed GHSOM which is Growing Hierarchical Self Organizing Maps is an unsupervised clustering algorithm for Big Data has been proposed by [9]. To fulfill the requirement on tolerance of variation between samples, the proposed method clusters the data samples dynamically.…”

Section: ) Identifying the Number Of Clusters (K)mentioning

confidence: 99%

“…First, clustering is one of the best method in recognizing similar binaries and put them in one group as used by [1]- [4]. Other researchers [4]- [9] shows that recognizing the malware in malware analysis by using K-Means clustering method is the best way. However, none of them use this method using registry information to analyze the malware.…”

Section: Introductionmentioning

confidence: 99%

Clustering Analysis for Malware Behavior Detection using Registry Data

Rosli¹,

Yassin²,

M.A³

et al. 2019

IJACSA

View full text Add to dashboard Cite

The increase of malware attacks may increase risk in information technology industry such as Industrial Revolution 4.0 that consists of multiple sectors especially in cyber security. Because of that malware detection technique plays vital role in detecting malware attack that can give high impact towards the cyber world. In accordance with the technique, one of unsupervised machine learning able to detect malware attack by identifying the behavior of the malware; which called clustering technique. Owing to this matter, current research shows a paucity of analysis in detecting malware behavior and limited source that can be used in identifying malware attacks. Thus, this paper introduce clustering detection model by using K-Means clustering approach to detect malware behavior of data registry based on the features of the malware. Clustering techniques that use unsupervised algorithm in machine learning plays an important role in grouping similar malware characteristics by studying the behavior of the malware. Throughout the experiment, malware features were selected and extracted from computer registry data and eventually used in the proposed clustering detection model to be clustered as normal or suspicious behavior. The results of the experiment indicates that this proposed model is capable to cluster normal and suspicious data into two separate groups with high detection rate which is more than 90 percent accuracy. Ultimately, the main contribution based on the findings is the proposed framework can be used to cluster the data with the use of data registry to detect malware.

show abstract

Neural Networks as Tool to Improve the Intrusion Detection System

Ernesto

Johan

Salcedo

et al. 2021

Computer Information Systems and Industrial Management

View full text Add to dashboard Cite

Nowadays, computer programs affecting computers both locally and network-wide have led to the design and development of different preventive and corrective strategies to remedy computer security problems. This dynamic has been important for the understanding of the structure of attacks and how best to counteract them, making sure that their impact is less than expected by the attacker.For this research, a simulation was carried out using the DATASET-KDD NSL at 100%, generating an experimental environment, where processes of pre-processing, training, classification, and evaluation of model quality metrics were carried out. Likewise, a comparative analysis of the results obtained after implementing different feature selection techniques (INFO.GAIN, GAIN RATIO, and ONE R), and classification techniques based on neural networks that use an unsupervised learning algorithm based on selforganizing maps (SOM and GHSOM), with the purpose of classifying bi-class network traffic automatically. From the above, a 97.09% hit rate was obtained with 21 features by implementing the GHSOM classifier with 10-fold cross-validation with the ONE R feature selection technique, which would improve the efficiency and performance of Intrusion Detection Systems (IDS).

show abstract

An Effective Distributed GHSOM Algorithm for Unsupervised Clustering on Big Data

Cited by 7 publications

References 16 publications

A Novel Deep Learning Stack for APT Detection

A Novel Deep Learning Stack for APT Detection

Clustering Analysis for Malware Behavior Detection using Registry Data

Neural Networks as Tool to Improve the Intrusion Detection System

Contact Info

Product

Resources

About