Multi-type relational clustering for enterprise cyber-security networks
•Propose fast novel hard clustering algorithm for multi-type relational data.•Extend the popular NNDSVD method initialisation of our algorithm.•Propose internal performance clustering measure for assessing cluster similarity. Several cyber-security data sources are collected in enterprise networks p...
Gespeichert in:
| Veröffentlicht in: | Pattern recognition letters 2021-09, Vol.149, p.172-178 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 178 |
|---|---|
| container_issue | |
| container_start_page | 172 |
| container_title | Pattern recognition letters |
| container_volume | 149 |
| creator | Riddle-Workman, Elizabeth Evangelou, Marina Adams, Niall M. |
| description | •Propose fast novel hard clustering algorithm for multi-type relational data.•Extend the popular NNDSVD method initialisation of our algorithm.•Propose internal performance clustering measure for assessing cluster similarity.
Several cyber-security data sources are collected in enterprise networks providing relational information between different types of nodes in the network, namely computers, users and ports. This relational data can be expressed as adjacency matrices detailing inter-type relationships corresponding to relations between nodes of different types and intra-type relationships showing relationships between nodes of the same type. In this paper, we propose an extension of Non-Negative Matrix Tri-Factorisation (NMTF) to simultaneously cluster nodes based on their intra and inter-type relationships. Existing NMTF based clustering methods suffer from long computational times due to large matrix multiplications. In our approach, we enforce stricter cluster indicator constraints on the factor matrices to circumvent these issues. Additionally, to make our proposed approach less susceptible to variation in results due to random initialisation, we propose a novel initialisation procedure based on Non-Negative Double Singular Value Decomposition for multi-type relational clustering. Finally, a new performance measure suitable for assessing clustering performance on unlabelled multi-type relational data sets is presented. Our algorithm is assessed on both a simulated and real computer network against standard approaches showing its strong performance. |
| doi_str_mv | 10.1016/j.patrec.2021.05.021 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2568311284</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167865521002051</els_id><sourcerecordid>2568311284</sourcerecordid><originalsourceid>FETCH-LOGICAL-c380t-8a4dc5217cf0bc9106edbacc6e4739077f8cc80807c090b2f93830c008da39283</originalsourceid><addsrcrecordid>eNp9kEtLxTAQhYMoeL36D1wUXLdOkj7SjSAXX3DFja5DO51Kam1rkir99-ZS164OA985nDmMXXJIOPD8ukumylvCRIDgCWRJkCO24aoQcSHT9JhtAlbEKs-yU3bmXAcAuSzVhj08z703sV8miiz1lTfjUPUR9rPzZM3wHrWjjWgIx2SNowiXmmzsCGdr_BIN5H9G--HO2Ulb9Y4u_nTL3u7vXneP8f7l4Wl3u49RKvCxqtIGM8ELbKHGkkNOTV0h5pQWsoSiaBWiAgUFQgm1aEupJCCAaipZCiW37GrNnez4NZPzuhtnGyo7LbJcSc6FSgOVrhTa0TlLrQ7lPyu7aA76MJnu9DqZPkymIdNBgu1mtVH44NuQ1Q4NDUiNCajXzWj-D_gFh-t3Sw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2568311284</pqid></control><display><type>article</type><title>Multi-type relational clustering for enterprise cyber-security networks</title><source>ScienceDirect Journals (5 years ago - present)</source><creator>Riddle-Workman, Elizabeth ; Evangelou, Marina ; Adams, Niall M.</creator><creatorcontrib>Riddle-Workman, Elizabeth ; Evangelou, Marina ; Adams, Niall M.</creatorcontrib><description>•Propose fast novel hard clustering algorithm for multi-type relational data.•Extend the popular NNDSVD method initialisation of our algorithm.•Propose internal performance clustering measure for assessing cluster similarity.
Several cyber-security data sources are collected in enterprise networks providing relational information between different types of nodes in the network, namely computers, users and ports. This relational data can be expressed as adjacency matrices detailing inter-type relationships corresponding to relations between nodes of different types and intra-type relationships showing relationships between nodes of the same type. In this paper, we propose an extension of Non-Negative Matrix Tri-Factorisation (NMTF) to simultaneously cluster nodes based on their intra and inter-type relationships. Existing NMTF based clustering methods suffer from long computational times due to large matrix multiplications. In our approach, we enforce stricter cluster indicator constraints on the factor matrices to circumvent these issues. Additionally, to make our proposed approach less susceptible to variation in results due to random initialisation, we propose a novel initialisation procedure based on Non-Negative Double Singular Value Decomposition for multi-type relational clustering. Finally, a new performance measure suitable for assessing clustering performance on unlabelled multi-type relational data sets is presented. Our algorithm is assessed on both a simulated and real computer network against standard approaches showing its strong performance.</description><identifier>ISSN: 0167-8655</identifier><identifier>EISSN: 1872-7344</identifier><identifier>DOI: 10.1016/j.patrec.2021.05.021</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Algorithms ; Clustering ; Computer applications ; Computer networks ; Computers ; Cyber-security ; Cybersecurity ; Multi-type relational clustering ; Network clustering ; Nodes ; Non-negative matrix factorization ; Singular value decomposition</subject><ispartof>Pattern recognition letters, 2021-09, Vol.149, p.172-178</ispartof><rights>2021 Elsevier B.V.</rights><rights>Copyright Elsevier Science Ltd. Sep 2021</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c380t-8a4dc5217cf0bc9106edbacc6e4739077f8cc80807c090b2f93830c008da39283</citedby><cites>FETCH-LOGICAL-c380t-8a4dc5217cf0bc9106edbacc6e4739077f8cc80807c090b2f93830c008da39283</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.patrec.2021.05.021$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3549,27923,27924,45994</link.rule.ids></links><search><creatorcontrib>Riddle-Workman, Elizabeth</creatorcontrib><creatorcontrib>Evangelou, Marina</creatorcontrib><creatorcontrib>Adams, Niall M.</creatorcontrib><title>Multi-type relational clustering for enterprise cyber-security networks</title><title>Pattern recognition letters</title><description>•Propose fast novel hard clustering algorithm for multi-type relational data.•Extend the popular NNDSVD method initialisation of our algorithm.•Propose internal performance clustering measure for assessing cluster similarity.
Several cyber-security data sources are collected in enterprise networks providing relational information between different types of nodes in the network, namely computers, users and ports. This relational data can be expressed as adjacency matrices detailing inter-type relationships corresponding to relations between nodes of different types and intra-type relationships showing relationships between nodes of the same type. In this paper, we propose an extension of Non-Negative Matrix Tri-Factorisation (NMTF) to simultaneously cluster nodes based on their intra and inter-type relationships. Existing NMTF based clustering methods suffer from long computational times due to large matrix multiplications. In our approach, we enforce stricter cluster indicator constraints on the factor matrices to circumvent these issues. Additionally, to make our proposed approach less susceptible to variation in results due to random initialisation, we propose a novel initialisation procedure based on Non-Negative Double Singular Value Decomposition for multi-type relational clustering. Finally, a new performance measure suitable for assessing clustering performance on unlabelled multi-type relational data sets is presented. Our algorithm is assessed on both a simulated and real computer network against standard approaches showing its strong performance.</description><subject>Algorithms</subject><subject>Clustering</subject><subject>Computer applications</subject><subject>Computer networks</subject><subject>Computers</subject><subject>Cyber-security</subject><subject>Cybersecurity</subject><subject>Multi-type relational clustering</subject><subject>Network clustering</subject><subject>Nodes</subject><subject>Non-negative matrix factorization</subject><subject>Singular value decomposition</subject><issn>0167-8655</issn><issn>1872-7344</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><recordid>eNp9kEtLxTAQhYMoeL36D1wUXLdOkj7SjSAXX3DFja5DO51Kam1rkir99-ZS164OA985nDmMXXJIOPD8ukumylvCRIDgCWRJkCO24aoQcSHT9JhtAlbEKs-yU3bmXAcAuSzVhj08z703sV8miiz1lTfjUPUR9rPzZM3wHrWjjWgIx2SNowiXmmzsCGdr_BIN5H9G--HO2Ulb9Y4u_nTL3u7vXneP8f7l4Wl3u49RKvCxqtIGM8ELbKHGkkNOTV0h5pQWsoSiaBWiAgUFQgm1aEupJCCAaipZCiW37GrNnez4NZPzuhtnGyo7LbJcSc6FSgOVrhTa0TlLrQ7lPyu7aA76MJnu9DqZPkymIdNBgu1mtVH44NuQ1Q4NDUiNCajXzWj-D_gFh-t3Sw</recordid><startdate>202109</startdate><enddate>202109</enddate><creator>Riddle-Workman, Elizabeth</creator><creator>Evangelou, Marina</creator><creator>Adams, Niall M.</creator><general>Elsevier B.V</general><general>Elsevier Science Ltd</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7TK</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>202109</creationdate><title>Multi-type relational clustering for enterprise cyber-security networks</title><author>Riddle-Workman, Elizabeth ; Evangelou, Marina ; Adams, Niall M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c380t-8a4dc5217cf0bc9106edbacc6e4739077f8cc80807c090b2f93830c008da39283</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Clustering</topic><topic>Computer applications</topic><topic>Computer networks</topic><topic>Computers</topic><topic>Cyber-security</topic><topic>Cybersecurity</topic><topic>Multi-type relational clustering</topic><topic>Network clustering</topic><topic>Nodes</topic><topic>Non-negative matrix factorization</topic><topic>Singular value decomposition</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Riddle-Workman, Elizabeth</creatorcontrib><creatorcontrib>Evangelou, Marina</creatorcontrib><creatorcontrib>Adams, Niall M.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Neurosciences Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Pattern recognition letters</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Riddle-Workman, Elizabeth</au><au>Evangelou, Marina</au><au>Adams, Niall M.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Multi-type relational clustering for enterprise cyber-security networks</atitle><jtitle>Pattern recognition letters</jtitle><date>2021-09</date><risdate>2021</risdate><volume>149</volume><spage>172</spage><epage>178</epage><pages>172-178</pages><issn>0167-8655</issn><eissn>1872-7344</eissn><abstract>•Propose fast novel hard clustering algorithm for multi-type relational data.•Extend the popular NNDSVD method initialisation of our algorithm.•Propose internal performance clustering measure for assessing cluster similarity.
Several cyber-security data sources are collected in enterprise networks providing relational information between different types of nodes in the network, namely computers, users and ports. This relational data can be expressed as adjacency matrices detailing inter-type relationships corresponding to relations between nodes of different types and intra-type relationships showing relationships between nodes of the same type. In this paper, we propose an extension of Non-Negative Matrix Tri-Factorisation (NMTF) to simultaneously cluster nodes based on their intra and inter-type relationships. Existing NMTF based clustering methods suffer from long computational times due to large matrix multiplications. In our approach, we enforce stricter cluster indicator constraints on the factor matrices to circumvent these issues. Additionally, to make our proposed approach less susceptible to variation in results due to random initialisation, we propose a novel initialisation procedure based on Non-Negative Double Singular Value Decomposition for multi-type relational clustering. Finally, a new performance measure suitable for assessing clustering performance on unlabelled multi-type relational data sets is presented. Our algorithm is assessed on both a simulated and real computer network against standard approaches showing its strong performance.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.patrec.2021.05.021</doi><tpages>7</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0167-8655 |
| ispartof | Pattern recognition letters, 2021-09, Vol.149, p.172-178 |
| issn | 0167-8655 1872-7344 |
| language | eng |
| recordid | cdi_proquest_journals_2568311284 |
| source | ScienceDirect Journals (5 years ago - present) |
| subjects | Algorithms Clustering Computer applications Computer networks Computers Cyber-security Cybersecurity Multi-type relational clustering Network clustering Nodes Non-negative matrix factorization Singular value decomposition |
| title | Multi-type relational clustering for enterprise cyber-security networks |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T15%3A31%3A34IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Multi-type%20relational%20clustering%20for%20enterprise%20cyber-security%20networks&rft.jtitle=Pattern%20recognition%20letters&rft.au=Riddle-Workman,%20Elizabeth&rft.date=2021-09&rft.volume=149&rft.spage=172&rft.epage=178&rft.pages=172-178&rft.issn=0167-8655&rft.eissn=1872-7344&rft_id=info:doi/10.1016/j.patrec.2021.05.021&rft_dat=%3Cproquest_cross%3E2568311284%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2568311284&rft_id=info:pmid/&rft_els_id=S0167865521002051&rfr_iscdi=true |