# System Misuse Detection via Informed Behavior Clustering and Modeling

**Authors:** Linara Adilova, Livin Natious, Siming Chen, Olivier Thonnard, and, Michael Kamp

arXiv: 1907.00874 · 2019-07-02

## TL;DR

This paper presents a machine learning approach using LSTM neural networks and expert-informed clustering to detect malicious system interactions, improving the accuracy of identifying abnormal behaviors in cybersecurity logs.

## Contribution

It introduces an interactive visual interface for security experts to incorporate domain knowledge into behavior modeling, enhancing anomaly detection accuracy.

## Key findings

- Informed modeling effectively captures normal system behavior.
- The approach improves detection of abnormal interactions.
- Empirical results demonstrate the method's practical effectiveness.

## Abstract

One of the main tasks of cybersecurity is recognizing malicious interactions with an arbitrary system. Currently, the logging information from each interaction can be collected in almost unrestricted amounts, but identification of attacks requires a lot of effort and time of security experts. We propose an approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks. In order to enrich the modeling with system specific knowledge, we propose to use an interactive visual interface that allows security experts to identify semantically meaningful clusters of interactions. These clusters incorporate domain knowledge and lead to more precise behavior modeling via informed machine learning. We evaluate the proposed approach on a dataset containing logs of interactions with an administrative interface of login and security server. Our empirical results indicate that the informed modeling is capable of capturing normal behavior, which can then be used to detect abnormal behavior.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1907.00874/full.md

## Figures

1 figure with captions in the complete paper: https://tomesphere.com/paper/1907.00874/full.md

## References

7 references — full list in the complete paper: https://tomesphere.com/paper/1907.00874/full.md

---
Source: https://tomesphere.com/paper/1907.00874