Imperial College London
Alternate

DrMarinaEvangelou

Faculty of Natural SciencesDepartment of Mathematics

Senior Lecturer in Statistics
 
 
 
//

Contact

 

+44 (0)20 7594 7184m.evangelou

 
 
//

Location

 

546Huxley BuildingSouth Kensington Campus

//

Summary

 

Publications

Citation

BibTex format

@article{Adams:2021:10.1016/j.patrec.2021.05.021,
author = {Adams, N and Riddle-Workman, E and Evangelou, M},
doi = {10.1016/j.patrec.2021.05.021},
journal = {Pattern Recognition Letters},
pages = {172--178},
title = {Multi-Type relational clustering for enterprise cyber-security networks},
url = {http://dx.doi.org/10.1016/j.patrec.2021.05.021},
volume = {149},
year = {2021}
}
Download

RIS format (EndNote, RefMan)

TY  - JOUR
AB  - Several cyber-security data sources are collected in enterprise networks providing relational information between different types of nodes in the network, namely computers, users and ports. This relational data can be expressed as adjacency matrices detailing inter-type relationships corresponding to relations between nodes of different types and intra-type relationships showing relationships between nodes of the same type. In this paper, we propose an extension of Non-Negative Matrix Tri-Factorisation (NMTF) to simultaneously cluster nodes based on their intra and inter-type relationships. Existing NMTF based clustering methods suffer from long computational times due to large matrix multiplications. In our approach, we enforce stricter cluster indicator constraints on the factor matrices to circumvent these issues. Additionally, to make our proposed approach less susceptible to variation in results due to random initialisation, we propose a novel initialisation procedure based on Non-Negative Double Singular Value Decomposition for multi-type relational clustering. Finally, a new performance measure suitable for assessing clustering performance on unlabelled multi-type relational data sets is presented. Our algorithm is assessed on both a simulated and real computer network against standard approaches showing its strong performance.
AU  - Adams,N
AU  - Riddle-Workman,E
AU  - Evangelou,M
DO  - 10.1016/j.patrec.2021.05.021
EP  - 178
PY  - 2021///
SN  - 0167-8655
SP  - 172
TI  - Multi-Type relational clustering for enterprise cyber-security networks
T2  - Pattern Recognition Letters
UR  - http://dx.doi.org/10.1016/j.patrec.2021.05.021
UR  - https://www.sciencedirect.com/science/article/pii/S0167865521002051
UR  - http://hdl.handle.net/10044/1/91017
VL  - 149
ER  -
Download