System misuse detection via informed behavior clustering and modeling

Linara Adilova, Livin Natious, Siming Chen, Olivier Thonnard, Michael Kamp

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review


One of the main tasks of cybersecurity is recognizing malicious interactions with an arbitrary system. Currently, the logging information from each interaction can be collected in almost unrestricted amounts, but identification of attacks requires a lot of effort and time of security experts.We propose an approach for identifying fraud activity through modeling normal behavior in interactions with a system via machine learning methods, in particular LSTM neural networks. In order to enrich the modeling with system specific knowledge, we propose to use an interactive visual interface that allows security experts to identify semantically meaningful clusters of interactions. These clusters incorporate domain knowledge and lead to more precise behavior modeling via informed machine learning. We evaluate the proposed approach on a dataset containing logs of interactions with an administrative interface of login and security server. Our empirical results indicate that the informed modeling is capable of capturing normal behavior, which can then be used to detect abnormal behavior.

Original languageEnglish
Title of host publicationProceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019, Workshop Volume
EditorsMatthieu Roy, Yennun Huang
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages9
ISBN (Electronic)9781728130309
Publication statusPublished - 2019
Externally publishedYes
EventWorkshop on Data-Centric Dependability and Security 2019 - Portland, United States of America
Duration: 24 Jun 201924 Jun 2019
Conference number: 1st


ConferenceWorkshop on Data-Centric Dependability and Security 2019
Abbreviated titleDCDS 2019
CountryUnited States of America
Internet address


  • Clustering
  • Cybersecurity
  • Informed ML
  • Knowledge injection
  • Language models
  • Vizualization tools

Cite this