Visible to the public Biblio

Filters: Keyword is pattern clustering  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
A
Teoh, T. T., Zhang, Y., Nguwi, Y. Y., Elovici, Y., Ng, W. L..  2017.  Analyst Intuition Inspired High Velocity Big Data Analysis Using PCA Ranked Fuzzy K-Means Clustering with Multi-Layer Perceptron (MLP) to Obviate Cyber Security Risk. 2017 13th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD). :1790–1793.
The growing prevalence of cyber threats in the world are affecting every network user. Numerous security monitoring systems are being employed to protect computer networks and resources from falling victim to cyber-attacks. There is a pressing need to have an efficient security monitoring system to monitor the large network datasets generated in this process. A large network datasets representing Malware attacks have been used in this work to establish an expert system. The characteristics of attacker's IP addresses can be extracted from our integrated datasets to generate statistical data. The cyber security expert provides to the weight of each attribute and forms a scoring system by annotating the log history. We adopted a special semi supervise method to classify cyber security log into attack, unsure and no attack by first breaking the data into 3 cluster using Fuzzy K mean (FKM), then manually label a small data (Analyst Intuition) and finally train the neural network classifier multilayer perceptron (MLP) base on the manually labelled data. By doing so, our results is very encouraging as compare to finding anomaly in a cyber security log, which generally results in creating huge amount of false detection. The method of including Artificial Intelligence (AI) and Analyst Intuition (AI) is also known as AI2. The classification results are encouraging in segregating the types of attacks.
Aloui, M., Elbiaze, H., Glitho, R., Yangui, S..  2018.  Analytics as a service architecture for cloud-based CDN: Case of video popularity prediction. 2018 15th IEEE Annual Consumer Communications Networking Conference (CCNC). :1–4.
User Generated Videos (UGV) are the dominating content stored in scattered caches to meet end-user Content Delivery Networks (CDN) requests with quality of service. End-User behaviour leads to a highly variable UGV popularity. This aspect can be exploited to efficiently utilize the limited storage of the caches, and improve the hit ratio of UGVs. In this paper, we propose a new architecture for Data Analytics in Cloud-based CDN to derive UGVs popularity online. This architecture uses RESTful web services to gather CDN logs, store them through generic collections in a NoSQL database, and calculate related popular UGVs in a real time fashion. It uses a dynamic model training and prediction services to provide each CDN with related popular videos to be cached based on the latest trained model. The proposed architecture is implemented with k-means clustering prediction model and the obtained results are 99.8% accurate.
Craig, P., Roa Seiler, N., Olvera Cervantes, A.D..  2014.  Animated Geo-temporal Clusters for Exploratory Search in Event Data Document Collections. Information Visualisation (IV), 2014 18th International Conference on. :157-163.

This paper presents a novel visual analytics technique developed to support exploratory search tasks for event data document collections. The technique supports discovery and exploration by clustering results and overlaying cluster summaries onto coordinated timeline and map views. Users can also explore and interact with search results by selecting clusters to filter and re-cluster the data with animation used to smooth the transition between views. The technique demonstrates a number of advantages over alternative methods for displaying and exploring geo-referenced search results and spatio-temporal data. Firstly, cluster summaries can be presented in a manner that makes them easy to read and scan. Listing representative events from each cluster also helps the process of discovery by preserving the diversity of results. Also, clicking on visual representations of geo-temporal clusters provides a quick and intuitive way to navigate across space and time simultaneously. This removes the need to overload users with the display of too many event labels at any one time. The technique was evaluated with a group of nineteen users and compared with an equivalent text based exploratory search engine.
 

Gao, F..  2017.  Application of Generalized Regression Neural Network in Cloud Security Intrusion Detection. 2017 International Conference on Robots Intelligent System (ICRIS). :54–57.

By using generalized regression neural network clustering analysis, effective clustering of five kinds of network intrusion behavior modes is carried out. First of all, intrusion data is divided into five categories by making use of fuzzy C means clustering algorithm. Then, the samples that are closet to the center of each class in the clustering results are taken as the clustering training samples of generalized neural network for the data training, and the results output by the training are the individual owned invasion category. The experimental results showed that the new algorithm has higher classification accuracy of network intrusion ways, which can provide more reliable data support for the prevention of the network intrusion.

Duan, J., Zeng, Z., Oprea, A., Vasudevan, S..  2018.  Automated Generation and Selection of Interpretable Features for Enterprise Security. 2018 IEEE International Conference on Big Data (Big Data). :1258-1265.

We present an effective machine learning method for malicious activity detection in enterprise security logs. Our method involves feature engineering, or generating new features by applying operators on features of the raw data. We generate DNF formulas from raw features, extract Boolean functions from them, and leverage Fourier analysis to generate new parity features and rank them based on their highest Fourier coefficients. We demonstrate on real enterprise data sets that the engineered features enhance the performance of a wide range of classifiers and clustering algorithms. As compared to classification of raw data features, the engineered features achieve up to 50.6% improvement in malicious recall, while sacrificing no more than 0.47% in accuracy. We also observe better isolation of malicious clusters, when performing clustering on engineered features. In general, a small number of engineered features achieve higher performance than raw data features according to our metrics of interest. Our feature engineering method also retains interpretability, an important consideration in cyber security applications.

Vollmer, T., Manic, M., Linda, O..  2014.  Autonomic Intelligent Cyber-Sensor to Support Industrial Control Network Awareness. Industrial Informatics, IEEE Transactions on. 10:1647-1658.

The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of autonomic computing and a simple object access protocol (SOAP)-based interface to metadata access points (IF-MAP) external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, and self-managed framework. The contribution of this paper is twofold: 1) A flexible two-level communication layer based on autonomic computing and service oriented architecture is detailed and 2) three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real-world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific operating system and port configurations. In addition, the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.

Vollmer, T., Manic, M., Linda, O..  2014.  Autonomic Intelligent Cyber-Sensor to Support Industrial Control Network Awareness. Industrial Informatics, IEEE Transactions on. 10:1647-1658.

The proliferation of digital devices in a networked industrial ecosystem, along with an exponential growth in complexity and scope, has resulted in elevated security concerns and management complexity issues. This paper describes a novel architecture utilizing concepts of autonomic computing and a simple object access protocol (SOAP)-based interface to metadata access points (IF-MAP) external communication layer to create a network security sensor. This approach simplifies integration of legacy software and supports a secure, scalable, and self-managed framework. The contribution of this paper is twofold: 1) A flexible two-level communication layer based on autonomic computing and service oriented architecture is detailed and 2) three complementary modules that dynamically reconfigure in response to a changing environment are presented. One module utilizes clustering and fuzzy logic to monitor traffic for abnormal behavior. Another module passively monitors network traffic and deploys deceptive virtual network hosts. These components of the sensor system were implemented in C++ and PERL and utilize a common internal D-Bus communication mechanism. A proof of concept prototype was deployed on a mixed-use test network showing the possible real-world applicability. In testing, 45 of the 46 network attached devices were recognized and 10 of the 12 emulated devices were created with specific operating system and port configurations. In addition, the anomaly detection algorithm achieved a 99.9% recognition rate. All output from the modules were correctly distributed using the common communication structure.

B
Mutiarachim, A., Pranata, S. Felix, Ansor, B., Shidik, G. Faiar, Fanani, A. Zainul, Soeleman, A., Pramunendar, R. Anggi.  2018.  Bit Localization in Least Significant Bit Using Fuzzy C-Means. 2018 International Seminar on Application for Technology of Information and Communication. :290-294.
Least Significant Bit (LSB) as one of steganography methods that already exist today is really mainstream because easy to use, but has weakness that is too easy to decode the hidden message. It is because in LSB the message embedded evenly to all pixels of an image. This paper introduce a method of steganography that combine LSB with clustering method that is Fuzzy C-Means (FCM). It is abbreviated with LSB\_FCM, then compare the stegano result with LSB method. Each image will divided into two cluster, then the biggest cluster capacity will be choosen, finally save the cluster coordinate key as place for embedded message. The key as a reference when decode the message. Each image has their own cluster capacity key. LSB\_FCM has disadvantage that is limited place to embedded message, but it also has advantages compare with LSB that is LSB\_FCM have more difficulty level when decrypted the message than LSB method, because in LSB\_FCM the messages embedded randomly in the best cluster pixel of an image, so to decrypted people must have the cluster coordinate key of the image. Evaluation result show that the MSE and PSNR value of LSB\_FCM some similiar with the pure LSB, it means that LSB\_FCM can give imperceptible image as good as the pure LSB, but have better security from the embedding place.
Nan, Z., Zhai, L., Zhai, L., Liu, H..  2018.  Botnet Homology Method Based on Symbolic Approximation Algorithm of Communication Characteristic Curve. 2018 15th IEEE International Conference on Advanced Video and Signal Based Surveillance (AVSS). :1-6.
The IRC botnet is the earliest and most significant botnet group that has a significant impact. Its characteristic is to control multiple zombies hosts through the IRC protocol and constructing command control channels. Relevant research analyzes the large amount of network traffic generated by command interaction between the botnet client and the C&C server. Packet capture traffic monitoring on the network is currently a more effective detection method, but this information does not reflect the essential characteristics of the IRC botnet. The increase in the amount of erroneous judgments has often occurred. To identify whether the botnet control server is a homogenous botnet, dynamic network communication characteristic curves are extracted. For unequal time series, dynamic time warping distance clustering is used to identify the homologous botnets by category, and in order to improve detection. Speed, experiments will use SAX to reduce the dimension of the extracted curve, reducing the time cost without reducing the accuracy.
Bian, R., Xue, M., Wang, J..  2018.  Building Trusted Golden Models-Free Hardware Trojan Detection Framework Against Untrustworthy Testing Parties Using a Novel Clustering Ensemble Technique. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :1458-1463.

As a result of the globalization of integrated circuits (ICs) design and fabrication process, ICs are becoming vulnerable to hardware Trojans. Most of the existing hardware Trojan detection works suppose that the testing stage is trustworthy. However, testing parties may conspire with malicious attackers to modify the results of hardware Trojan detection. In this paper, we propose a trusted and robust hardware Trojan detection framework against untrustworthy testing parties exploiting a novel clustering ensemble method. The proposed technique can expose the malicious modifications on Trojan detection results introduced by untrustworthy testing parties. Compared with the state-of-the-art detection methods, the proposed technique does not require fabricated golden chips or simulated golden models. The experiment results on ISCAS89 benchmark circuits show that the proposed technique can resist modifications robustly and detect hardware Trojans with decent accuracy (up to 91%).

C
Saurabh, V. K., Sharma, R., Itare, R., Singh, U..  2017.  Cluster-based technique for detection and prevention of black-hole attack in MANETs. 2017 International conference of Electronics, Communication and Aerospace Technology (ICECA). 2:489–494.

Secure routing in the field of mobile ad hoc network (MANET) is one of the most flourishing areas of research. Devising a trustworthy security protocol for ad hoc routing is a challenging task due to the unique network characteristics such as lack of central authority, rapid node mobility, frequent topology changes, insecure operational environment, and confined availability of resources. Due to low configuration and quick deployment, MANETs are well-suited for emergency situations like natural disasters or military applications. Therefore, data transfer between two nodes should necessarily involve security. A black-hole attack in the mobile ad-hoc network (MANET) is an offense occurring due to malicious nodes, which attract the data packets by incorrectly publicizing a fresh route to the destination. A clustering direction in AODV routing protocol for the detection and prevention of black-hole attack in MANET has been put forward. Every member of the unit will ping once to the cluster head, to detect the exclusive difference between the number of data packets received and forwarded by the particular node. If the fault is perceived, all the nodes will obscure the contagious nodes from the network. The reading of the system performance has been done in terms of packet delivery ratio (PDR), end to end delay (ETD) throughput and Energy simulation inferences are recorded using ns2 simulator.

D
Bhaya, W., EbadyManaa, M..  2017.  DDoS attack detection approach using an efficient cluster analysis in large data scale. 2017 Annual Conference on New Trends in Information Communications Technology Applications (NTICT). :168–173.

Distributed Denial of Service (DDoS) attack is a congestion-based attack that makes both the network and host-based resources unavailable for legitimate users, sending flooding attack packets to the victim's resources. The non-existence of predefined rules to correctly identify the genuine network flow made the task of DDoS attack detection very difficult. In this paper, a combination of unsupervised data mining techniques as intrusion detection system are introduced. The entropy concept in term of windowing the incoming packets is applied with data mining technique using Clustering Using Representative (CURE) as cluster analysis to detect the DDoS attack in network flow. The data is mainly collected from DARPA2000, CAIDA2007 and CAIDA2008 datasets. The proposed approach has been evaluated and compared with several existing approaches in terms of accuracy, false alarm rate, detection rate, F. measure and Phi coefficient. Results indicates the superiority of the proposed approach with four out five detected phases, more than 99% accuracy rate 96.29% detection rate, around 0% false alarm rate 97.98% F-measure, and 97.98% Phi coefficient.

Panagiotakis, C., Papadakis, H., Fragopoulou, P..  2018.  Detection of Hurriedly Created Abnormal Profiles in Recommender Systems. 2018 International Conference on Intelligent Systems (IS). :499–506.

Recommender systems try to predict the preferences of users for specific items. These systems suffer from profile injection attacks, where the attackers have some prior knowledge of the system ratings and their goal is to promote or demote a particular item introducing abnormal (anomalous) ratings. The detection of both cases is a challenging problem. In this paper, we propose a framework to spot anomalous rating profiles (outliers), where the outliers hurriedly create a profile that injects into the system either random ratings or specific ratings, without any prior knowledge of the existing ratings. The proposed detection method is based on the unpredictable behavior of the outliers in a validation set, on the user-item rating matrix and on the similarity between users. The proposed system is totally unsupervised, and in the last step it uses the k-means clustering method automatically spotting the spurious profiles. For the cases where labeling sample data is available, a random forest classifier is trained to show how supervised methods outperforms unsupervised ones. Experimental results on the MovieLens 100k and the MovieLens 1M datasets demonstrate the high performance of the proposed schemata.

Li-Xin, L., Yong-Shan, D., Jia-Yan, W..  2017.  Differential Privacy Data Protection Method Based on Clustering. 2017 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :11–16.

To enhance privacy protection and improve data availability, a differential privacy data protection method ICMD-DP is proposed. Based on insensitive clustering algorithm, ICMD-DP performs differential privacy on the results of ICMD (insensitive clustering method for mixed data). The combination of clustering and differential privacy realizes the differentiation of query sensitivity from single record to group record. At the meanwhile, it reduces the risk of information loss and information disclosure. In addition, to satisfy the requirement of maintaining differential privacy for mixed data, ICMD-DP uses different methods to calculate the distance and centroid of categorical and numerical attributes. Finally, experiments are given to illustrate the availability of the method.

E
Uddin, M. Y. S., Venkatasubramanian, N..  2018.  Edge Caching for Enriched Notifications Delivery in Big Active Data. 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS). :696–705.
In this paper, we propose a set of caching strategies for big active data (BAD) systems. BAD is a data management paradigm that allows ingestion of massive amount of data from heterogeneous sources, such as sensor data, social networks, web and crowdsourced data in a large data cluster consisting of many computing and storage nodes, and enables a very large number of end users to subscribe to those data items through declarative subscriptions. A set of distributed broker nodes connect these end users to the backend data cluster, manage their subscriptions and deliver the subscription results to the end users. Unlike the most traditional publish-subscribe systems that match subscriptions against a single stream of publications to generate notifications, BAD can match subscriptions across multiple publications (by leveraging storage in the backend) and thus can enrich notifications with a rich set of diverse contents. As the matched results are delivered to the end users through the brokers, the broker node caches the results for a while so that the subscribers can retrieve them with reduced latency. Interesting research questions arise in this context so as to determine which result objects to cache or drop when the cache becomes full (eviction-based caching) or to admit objects with an explicit expiration time indicating how much time they should reside in the cache (TTL based caching). To this end, we propose a set of caching strategies for the brokers and show that the schemes achieve varying degree of efficiency in terms of notification delivery in the BAD system. We evaluate our schemes via a prototype implementation and through detailed simulation studies.
Macharla, D. R., Tejaskanda, S..  2017.  An enhanced three-layer clustering approach and security framework for battlefeld surveillance. 2017 International conference on Microelectronic Devices, Circuits and Systems (ICMDCS). :1–6.

Hierarchical based formation is one of the approaches widely used to minimize the energy consumption in which node with higher residual energy routes the data gathered. Several hierarchical works were proposed in the literature with two and three layered architectures. In the work presented in this paper, we propose an enhanced architecture for three layered hierarchical clustering based approach, which is referred to as enhanced three-layer hierarchical clustering approach (EHCA). The EHCA is based on an enhanced feature of the grid node in terms of its mobility. Further, in our proposed EHCA, we introduce distributed clustering technique for lower level head selection and incorporate security mechanism to detect the presence of any malicious node. We show by simulation results that our proposed EHCA reduces the energy consumption significantly and thus improves the lifetime of the network. Also, we highlight the appropriateness of the proposed EHCA for battlefield surveillance applications.

Olabelurin, A., Veluru, S., Healing, A., Rajarajan, M..  2015.  Entropy clustering approach for improving forecasting in DDoS attacks. 2015 IEEE 12th International Conference on Networking, Sensing and Control. :315–320.

Volume anomaly such as distributed denial-of-service (DDoS) has been around for ages but with advancement in technologies, they have become stronger, shorter and weapon of choice for attackers. Digital forensic analysis of intrusions using alerts generated by existing intrusion detection system (IDS) faces major challenges, especially for IDS deployed in large networks. In this paper, the concept of automatically sifting through a huge volume of alerts to distinguish the different stages of a DDoS attack is developed. The proposed novel framework is purpose-built to analyze multiple logs from the network for proactive forecast and timely detection of DDoS attacks, through a combined approach of Shannon-entropy concept and clustering algorithm of relevant feature variables. Experimental studies on a cyber-range simulation dataset from the project industrial partners show that the technique is able to distinguish precursor alerts for DDoS attacks, as well as the attack itself with a very low false positive rate (FPR) of 22.5%. Application of this technique greatly assists security experts in network analysis to combat DDoS attacks.

F
Zhang, L., Li, B., Zhang, L., Li, D..  2015.  Fuzzy clustering of incomplete data based on missing attribute interval size. 2015 IEEE 9th International Conference on Anti-counterfeiting, Security, and Identification (ASID). :101–104.

Fuzzy c-means algorithm is used to identity clusters of similar objects within a data set, while it is not directly applied to incomplete data. In this paper, we proposed a novel fuzzy c-means algorithm based on missing attribute interval size for the clustering of incomplete data. In the new algorithm, incomplete data set was transformed to interval data set according to the nearest neighbor rule. The missing attribute value was replaced by the corresponding interval median and the interval size was set as the additional property for the incomplete data to control the effect of interval size in clustering. Experiments on standard UCI data set show that our approach outperforms other clustering methods for incomplete data.

Saoud, Z., Faci, N., Maamar, Z., Benslimane, D..  2014.  A Fuzzy Clustering-Based Credibility Model for Trust Assessment in a Service-Oriented Architecture. WETICE Conference (WETICE), 2014 IEEE 23rd International. :56-61.

This paper presents a credibility model to assess trust of Web services. The model relies on consumers' ratings whose accuracy can be questioned due to different biases. A category of consumers known as strict are usually excluded from the process of reaching a majority consensus. We demonstrated that this exclusion should not be. The proposed model reduces the gap between these consumers' ratings and the current majority rating. Fuzzy clustering is used to compute consumers' credibility. To validate this model a set of experiments are carried out.

H
Douzi, S., Benchaji, I., ElOuahidi, B..  2018.  Hybrid Approach for Intrusion Detection Using Fuzzy Association Rules. 2018 2nd Cyber Security in Networking Conference (CSNet). :1-3.

Rapid development of internet and network technologies has led to considerable increase in number of attacks. Intrusion detection system is one of the important ways to achieve high security in computer networks. However, it have curse of dimensionality which tends to increase time complexity and decrease resource utilization. To improve the ability of detecting anomaly intrusions, a combined algorithm is proposed based on Weighted Fuzzy C-Mean Clustering Algorithm (WFCM) and Fuzzy logic. Decision making is performed in two stages. In the first stage, WFCM algorithm is applied to reduce the input data space. The reduced dataset is then fed to Fuzzy Logic scheme to build the fuzzy sets, membership function and the rules that decide whether an instance represents an anomaly or not.

I
Gamachchi, A., Boztas, S..  2017.  Insider Threat Detection Through Attributed Graph Clustering. 2017 IEEE Trustcom/BigDataSE/ICESS. :112–119.

While most organizations continue to invest in traditional network defences, a formidable security challenge has been brewing within their own boundaries. Malicious insiders with privileged access in the guise of a trusted source have carried out many attacks causing far reaching damage to financial stability, national security and brand reputation for both public and private sector organizations. Growing exposure and impact of the whistleblower community and concerns about job security with changing organizational dynamics has further aggravated this situation. The unpredictability of malicious attackers, as well as the complexity of malicious actions, necessitates the careful analysis of network, system and user parameters correlated with insider threat problem. Thus it creates a high dimensional, heterogeneous data analysis problem in isolating suspicious users. This research work proposes an insider threat detection framework, which utilizes the attributed graph clustering techniques and outlier ranking mechanism for enterprise users. Empirical results also confirm the effectiveness of the method by achieving the best area under curve value of 0.7648 for the receiver operating characteristic curve.

L
Stein, G., Peng, Q..  2018.  Low-Cost Breaking of a Unique Chinese Language CAPTCHA Using Curriculum Learning and Clustering. 2018 IEEE International Conference on Electro/Information Technology (EIT). :0595–0600.

Text-based CAPTCHAs are still commonly used to attempt to prevent automated access to web services. By displaying an image of distorted text, they attempt to create a challenge image that OCR software can not interpret correctly, but a human user can easily determine the correct response to. This work focuses on a CAPTCHA used by a popular Chinese language question-and-answer website and how resilient it is to modern machine learning methods. While the majority of text-based CAPTCHAs focus on transcription tasks, the CAPTCHA solved in this work is based on localization of inverted symbols in a distorted image. A convolutional neural network (CNN) was created to evaluate the likelihood of a region in the image belonging to an inverted character. It is used with a feature map and clustering to identify potential locations of inverted characters. Training of the CNN was performed using curriculum learning and compared to other potential training methods. The proposed method was able to determine the correct response in 95.2% of cases of a simulated CAPTCHA and 67.6% on a set of real CAPTCHAs. Potential methods to increase difficulty of the CAPTCHA and the success rate of the automated solver are considered.

Lei Xu, Pham Dang Khoa, Seung Hun Kim, Won Woo Ro, Weidong Shi.  2014.  LUT based secure cloud computing #x2014; An implementation using FPGAs. ReConFigurable Computing and FPGAs (ReConFig), 2014 International Conference on. :1-6.

Cloud computing is widely deployed to handle challenges such as big data processing and storage. Due to the outsourcing and sharing feature of cloud computing, security is one of the main concerns that hinders the end users to shift their businesses to the cloud. A lot of cryptographic techniques have been proposed to alleviate the data security issues in cloud computing, but most of these works focus on solving a specific security problem such as data sharing, comparison, searching, etc. At the same time, little efforts have been done on program security and formalization of the security requirements in the context of cloud computing. We propose a formal definition of the security of cloud computing, which captures the essence of the security requirements of both data and program. Analysis of some existing technologies under the proposed definition shows the effectiveness of the definition. We also give a simple look-up table based solution for secure cloud computing which satisfies the given definition. As FPGA uses look-up table as its main computation component, it is a suitable hardware platform for the proposed secure cloud computing scheme. So we use FPGAs to implement the proposed solution for k-means clustering algorithm, which shows the effectiveness of the proposed solution.
 

M
Yun Shen, Thonnard, O..  2014.  MR-TRIAGE: Scalable multi-criteria clustering for big data security intelligence applications. Big Data (Big Data), 2014 IEEE International Conference on. :627-635.

Security companies have recently realised that mining massive amounts of security data can help generate actionable intelligence and improve their understanding of Internet attacks. In particular, attack attribution and situational understanding are considered critical aspects to effectively deal with emerging, increasingly sophisticated Internet attacks. This requires highly scalable analysis tools to help analysts classify, correlate and prioritise security events, depending on their likely impact and threat level. However, this security data mining process typically involves a considerable amount of features interacting in a non-obvious way, which makes it inherently complex. To deal with this challenge, we introduce MR-TRIAGE, a set of distributed algorithms built on MapReduce that can perform scalable multi-criteria data clustering on large security data sets and identify complex relationships hidden in massive datasets. The MR-TRIAGE workflow is made of a scalable data summarisation, followed by scalable graph clustering algorithms in which we integrate multi-criteria evaluation techniques. Theoretical computational complexity of the proposed parallel algorithms are discussed and analysed. The experimental results demonstrate that the algorithms can scale well and efficiently process large security datasets on commodity hardware. Our approach can effectively cluster any type of security events (e.g., spam emails, spear-phishing attacks, etc) that are sharing at least some commonalities among a number of predefined features.
 

Xia, S., Li, N., Xiaofeng, T., Fang, C..  2018.  Multiple Attributes Based Spoofing Detection Using an Improved Clustering Algorithm in Mobile Edge Network. 2018 1st IEEE International Conference on Hot Information-Centric Networking (HotICN). :242–243.

Information centric network (ICN) based Mobile Edge Computing (MEC) network has drawn growing attentions in recent years. The distributed network architecture brings new security problems, especially the identity security problem. Because of the cloud platform deployed on the edge of the MEC network, multiple channel attributes can be easily obtained and processed. Thus this paper proposes a multiple channel attributes based spoofing detection mechanism. To further reduce the complexity, we also propose an improved clustering algorithm. The simulation results indicate that the proposed spoofing detection method can provide near-optimal performance with extremely low complexity.