ABSTRACT
Artificial intelligence (AI) approaches are widely applied in cyber security, while they currently lack explainability towards their users. Here, complex network analysis (CNA) can be leveraged for providing explainability. The goal of this overview paper is to present a brief methodological view on explainability in cyber security using CNA. In particular, we (1) motivate the concept, use and application of explainability, (2) present CNA methods, and (3) outline challenges and open issues in the domain of cyber security.
- Martin Atzmueller. 2016. Detecting Community Patterns Capturing Exceptional Link Trails. In Proc. IEEE/ACM ASONAM. IEEE, Boston, MA, USA.Google ScholarCross Ref
- Martin Atzmueller. 2017. Declarative Aspects in Explicative Data Mining for Computational Sensemaking. In Proc. Conference on Declarative Programming, DECLARE(LNCS, Vol. 10997). Springer, 97–114.Google Scholar
- Martin Atzmueller. 2018. Compositional Subgroup Discovery on Attributed Social Interaction Networks. In Proc. International Conference on Discovery Science. Springer, Heidelberg, Germany.Google ScholarDigital Library
- Martin Atzmueller. 2019. Onto Model-based Anomalous Link Pattern Mining on Feature-Rich Social Interaction Networks. In Proc. WWW 2019 (Companion). IW3C2 / ACM.Google ScholarDigital Library
- Martin Atzmueller, Stefan Bloemheuvel, and Benjamin Kloepper. 2019. A Framework for Human-Centered Exploration of Complex Event Log Graphs. In Proc. International Conference on Discovery Science (DS). Springer.Google ScholarDigital Library
- Martin Atzmueller, Stephan Doerfel, and Folke Mitzlaff. 2016. Description-Oriented Community Detection using Exhaustive Subgroup Discovery. Information Sciences 329(2016), 965–984.Google ScholarDigital Library
- Martin Atzmueller, Stephan Günnemann, and Albrecht Zimmermann. 2021. Mining communities and their descriptions on attributed graphs: a survey. Data Mining and Knowledge Discovery 35, 3 (2021), 661–687.Google ScholarCross Ref
- Martin Atzmueller and Benjamin Kloepper. 2018. Mining Attributed Interaction Networks on Industrial Event Logs. In Proc. International Conference on Intelligent Data Engineering and Automated Learning (IDEAL). Springer.Google ScholarDigital Library
- Martin Atzmueller, Florian Lemmerich, Beate Krause, and Andreas Hotho. 2009. Who are the Spammers? Understandable Local Patterns for Concept Description. In Proc. 7th Conference on Computer Methods and Systems. Oprogramowanie Nauko-Techniczne, Krakow, Poland.Google Scholar
- Martin Atzmueller and Frank Puppe. 2008. A Case-Based Approach for Characterization and Analysis of Subgroup Patterns. Journal of Applied Intelligence 28, 3 (2008), 210–221.Google ScholarDigital Library
- Martin Atzmueller and Thomas Roth-Berghofer. 2010. The Mining and Analysis Continuum of Explaining Uncovered. In Proc. AI-2010. Springer.Google Scholar
- Martin Atzmueller, Henry Soldano, Guillaume Santini, and Dominique Bouthinon. 2019. MinerLSD: Efficient Mining of Local Patterns on Attributed Networks. Applied Network Science 4, 43 (2019).Google Scholar
- Alejandro Barredo Arrieta, Natalia Díaz-Rodríguez, Javier Del Ser, Adrien Bennetot, Siham Tabik, Alberto Barbado, Salvador Garcia, Sergio Gil-Lopez, Daniel Molina, Richard Benjamins, Raja Chatila, and Francisco Herrera. 2020. Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI. Information Fusion 58(2020), 82 – 115.Google ScholarDigital Library
- Or Biran and Courtenay Cotton. 2017. Explanation and Justification in Machine Learning: A Survey. In IJCAI-17 Workshop on Explainable AI.Google Scholar
- Stefan Bloemheuvel, Jurgen van den Hoogen, and Martin Atzmueller. 2021. A computational framework for modeling complex sensor network data using graph signal processing and graph neural networks in structural health monitoring. Applied Network Science 6, 1 (2021), 97.Google ScholarCross Ref
- Krzysztof Cabaj, Zbigniew Kotulski, Bogdan Księżopolski, and Wojciech Mazurczyk. 2018. Cybersecurity: trends, issues, and challenges. EURASIP Journal on Information Security 2018, 1 (2018), 1–3.Google ScholarCross Ref
- Ángel Martín del Rey, A. Queiruga Dios, Guillermo Hernández, and A. Bustos Tabernero. 2019. Modeling the Spread of Malware on Complex Networks. In Proc. International Conference on Distributed Computing and Artificial Intelligence(Advances in Intelligent Systems and Computing, Vol. 1004). Springer, 109–116.Google Scholar
- David Gunning. 2017. Explainable artificial intelligence (xai). Defense Advanced Research Projects Agency (DARPA) 2, 2 (2017).Google Scholar
- Cicek Guven, Dietmar Seipel, and Martin Atzmueller. 2021. Applying ASP for Knowledge-Based Link Prediction with Explanation Generation in Feature Rich Networks. IEEE Transactions on Network Science and Engineering 8, 2(2021).Google ScholarCross Ref
- Yi Hu and Brajendra Panda. 2004. A data mining approach for database intrusion detection. In Proc. ACM symposium on Applied computing. 711–716.Google ScholarDigital Library
- Martin Husák, Tomáš Jirsík, and Shanchieh Jay Yang. 2020. SoK: contemporary issues and challenges to enable cyber situational awareness for network security. In Proc. International Conference on Availability, Reliability and Security. 1–10.Google ScholarDigital Library
- Martin Husák, Jana Komárková, Elias Bou-Harb, and Pavel Celeda. 2019. Survey of Attack Projection, Prediction, and Forecasting in Cyber Security. IEEE Commun. Surv. Tutorials 21, 1 (2019), 640–660.Google ScholarCross Ref
- Martin Husák, Lukás Sadlek, Stanislav Spacek, Martin Lastovicka, Michal Javorník, and Jana Komárková. 2022. CRUSOE: A toolset for cyber situational awareness and decision support in incident handling. Comput. Secur. 115(2022). https://doi.org/10.1016/j.cose.2022.102609Google Scholar
- Roberto Interdonato, Martin Atzmueller, Sabrina Gaito, Rushed Kanawati, Christine Largeron, and Alessandra Sala. 2019. Feature-rich networks: going beyond complex network topologies. Applied Network Science 4, 1 (2019), 1–13.Google ScholarCross Ref
- Klaus Julisch. 2002. Data mining for intrusion detection. Applications of data mining in computer security (2002), 33–62.Google Scholar
- Rushed Kanawati. 2015. Multiplex Network Mining: A Brief Survey.IEEE Intell. Informatics Bull. 16, 1 (2015), 24–27.Google Scholar
- Rushed Kanawati and Martin Atzmueller. 2019. Modeling and Mining Feature-Rich Networks. In Proc. WWW 2019 (Companion). IW3C2 / ACM.Google ScholarDigital Library
- David Liben-Nowell and Jon Kleinberg. 2007. The link-prediction problem for social networks. Journal of the American society for information science and technology 58, 7 (2007), 1019–1031.Google ScholarDigital Library
- Linyuan Lü and Tao Zhou. 2011. Link prediction in complex networks: A survey. Physica A: statistical mechanics and its applications 390, 6(2011), 1150–1170.Google Scholar
- Asep Maulana and Martin Atzmueller. 2021. Many-Objective Optimization for Anomaly Detection on Multi-Layer Complex Interaction Networks. Applied Sciences 11, 9 (2021), 4005.Google ScholarCross Ref
- Silvia Metelli and Nicholas Heard. 2019. On Bayesian new edge prediction and anomaly detection in computer networks. The Annals of Applied Statistics 13, 4 (2019), 2586–2610.Google ScholarCross Ref
- D. Mollenhauer and M. Atzmueller. 2020. Sequential Exceptional Pattern Discovery Using Pattern-Growth: An Extensible Framework for Interpretable Machine Learning on Sequential Data. In Proc. International Workshop on Explainable and Interpretable Machine Learning, co-located with the 43rd German Conference on Artificial Intelligence(CEUR Workshop Proceedings, Vol. 2796). CEUR-WS.org.Google Scholar
- Nour Moustafa and Jill Slay. 2015. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). https://doi.org/10.1109/milcis.2015.7348942Google Scholar
- S. Noel, E. Hatley, K.H. Tam, L. Liliero, and M. Share. 2016. CyGraph: graph-based analytics and visulization for cybersecurity. Elsevier, Chapter 4, 1–52.Google Scholar
- Antonio Ortega, Pascal Frossard, Jelena Kovačević, José MF Moura, and Pierre Vandergheynst. 2018. Graph signal processing: Overview, challenges, and applications. Proc. IEEE 106, 5 (2018), 808–828.Google ScholarCross Ref
- Anthony Palladino and Christopher J. Thissen. 2018. Cyber Anomaly Detection Using Graph-node Role-dynamics. Proceedings of DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop (DYNAMICS’18). ACM, New York, NY, USA. (2019) (Dec. 2018). arxiv:1812.02848 [cs.CR]Google Scholar
- José A Perusquía, Jim E Griffin, and Cristiano Villa. 2021. Bayesian Models Applied to Cyber Security Anomaly Detection Problems. Int. Stat. Rev. (2021).Google Scholar
- Lida Rashidi, Andrey Kan, James Bailey, Jeffrey Chan, Christopher Leckie, Wei Liu, Sutharshan Rajasegarar, and Kotagiri Ramamohanarao. 2016. Node Re-Ordering as a Means of Anomaly Detection in Time-Evolving Graphs. In Proc. ECML PKDD(LNCS, Vol. 9852). Springer, 162–178.Google ScholarCross Ref
- Matthew J Rattigan and David Jensen. 2005. The case for anomalous link discovery. Acm Sigkdd Explorations Newsletter 7, 2 (2005), 41–47.Google ScholarDigital Library
- Mouna Rifi, Mohamed Hibti, and Rushed Kanawati. 2018. A Complex Network Analysis Approach for Risk Increase Factor Prediction in Nuclear Power Plants. In Proc. International Conference on Complexity, Future Information Systems and Risk COMPLEXIS. SciTePress, 23–30.Google ScholarCross Ref
- Roger C Schank, Alex Kass, and Christopher K Riesbeck. 2014. Inside case-based explanation. Psychology Press.Google Scholar
- Christoph Scholz, Martin Atzmueller, Alain Barrat, Ciro Cattuto, and Gerd Stumme. 2013. New Insights and Methods For Predicting Face-To-Face Contacts. In Proc. AAAI ICWSM. AAAI Press, Palo Alto, CA, USA.Google Scholar
- Dietmar Seipel, Stefan Köhler, Philipp Neubeck, and Martin Atzmueller. 2013. Mining Complex Event Patterns in Computer Networks. In Postproceedings of the 1st Workshop on New Frontiers in Mining Complex Patterns (NFMCP 2012. Springer, Heidelberg, Germany.Google Scholar
- Robin Sommer and Vern Paxson. 2010. Outside the closed world: On using machine learning for network intrusion detection. In 2010 IEEE symposium on security and privacy. IEEE, 305–316.Google ScholarDigital Library
- Daniel Spiekermann and Jörg Keller. 2021. Unsupervised packet-based anomaly detection in virtual networks. Computer Networks 192(2021), 108017.Google ScholarCross Ref
- Nikita Spirin and Jiawei Han. 2012. Survey on web spam detection: principles and algorithms. ACM SIGKDD explorations newsletter 13, 2 (2012), 50–64.Google ScholarDigital Library
- Steven H Strogatz. 2001. Exploring complex networks. Nature 410, 6825 (2001), 268–276.Google Scholar
- Maonan Wang, Kangfeng Zheng, Yanqing Yang, and Xiujuan Wang. 2020. An explainable machine learning framework for intrusion detection systems. IEEE Access 8(2020), 73127–73141.Google ScholarCross Ref
- Qingsai Xiao, Jian Liu, Quiyun Wang, Zhengwei Jiang, Xuren Wang, and Yepeng Yao. 2020. Towards network anomaly detection using graph embedding. In International Conference on Computational Science. Springer, 156–169.Google ScholarDigital Library
- Meng Yang, Lida Rashidi, Sutharshan Rajasegarar, and Christopher Leckie. 2018. Graph Stream Mining Based Anomalous Event Analysis. In Proc. PRICAI: International Conference on Artificial Intelligence(LNCS, Vol. 11012). Springer, 891–903.Google ScholarCross Ref
- Yanfang Ye, Tao Li, Donald Adjeroh, and S Sitharama Iyengar. 2017. A survey on malware detection using data mining techniques. ACM CSUR 50, 3 (2017), 1–40.Google ScholarDigital Library
Recommendations
Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain
In recent years, machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the ...
Government regulations in cyber security: Framework, standards and recommendations
AbstractCyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
From information security to cyber security
The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous. ...
Comments