Identifying suspicious activities in company networks through data mining and visualization

3Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Company data are a precious asset which need to be truly authentic and must not be disclosed to unauthorized parties. In this contribution, we report on ongoing work that aims at supporting human IT security experts by pinpointing significant alerts that really need closer inspection. We developed an experimental tool environment to support the analysis of IT infrastructure data with data mining methods. In particular, various clustering algorithms are used to differentiate normal behavior from activities that call for intervention through IT security experts. Before being subjected to clustering, data can be pre-processed in various ways. In particular, categorical values can be cleverly mapped to numerical values while preserving the semantics of the data as far as possible. Resulting clusters can be subjected to visual inspection using techniques such as parallel coordinates or pixel-based techniques, e.g. circle segments or recursive patterns. Preliminary results indicate that clustering is well suited to structure monitoring data appropriately. Also, fairly large data volumes can be clustered effectively and efficiently. Currently, the main focus is on more elaborate visualization and classification techniques.

Cite

CITATION STYLE

APA

Landes, D., Otto, F., Schumann, S., & Schlottke, F. (2013). Identifying suspicious activities in company networks through data mining and visualization. In Advanced Information and Knowledge Processing (pp. 75–90). Springer London. https://doi.org/10.1007/978-1-4471-4866-1_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free