Exploratory and Explanation-Aware Network Intrusion Profiling using Subgroup Discovery and Complex Network AnalysisMartin Atzmueller; Sophia Sylvester; Rushed Kanawati
In: Proceedings of the European Interdisciplinary Cybersecurity Conference. European Interdisciplinary Cybersecurity Conference (EICC-2023), June 14-15, Stavanger, Norway, Pages 153-158, ACM, 2023.
In this paper, we target the problem of mining descriptive profiles of computer network intrusion attacks. We present an exploratory and explanation-aware approach using subgroup discovery – facilitating human-in-the-loop interaction for guiding the exploration process – since the results of subgroup discovery are inherently interpretable patterns. Furthermore, we explore enriching the feature set describing the network traffic (i. e., exchanged packets) with a new type of features computed on complex networks depicting the interactions among the different involved sites. Complex networks based metrics provide explainable features on the global network level, compared to local features targeted at the local network traffic/packet level. We exemplify the proposed approach using the standard UNSW-NB15 dataset for network intrusion detection.