Using K-means clustering to detect anomalous file removes

B. Anderson; M. Genty

Using K-means clustering to detect anomalous file removes

B. Anderson, M. Genty

High Performance Computing Division Section

National Center for Atmospheric Research

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

One of the purposes of a data archive is to preserve irreplaceable data for future studies and generations. There are a number of ways that data can be lost from an archive, including accidental or malicious deletion of data. While there is a lot of software that can check for specific known threats or problems on a system, detecting non-specific anomalous behavior, such as unusual file removal patterns, is harder. One approach to detecting this kind of problem is machine learning. Machine learning algorithms can build a statistical model of what constitutes normal behavior and then flag data points that are outliers. To help protect the 87 petabytes of data in the National Center for Atmospheric Research's data archive, we explored our file removal patterns and implemented a k-means clustering solution to detect anomalous file removes. This approach can also be used to detect other anomalies, such as operational inconsistencies.

Original language	English
Title of host publication	2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018
Editors	Hamid R. Arabnia, David de la Fuente, Elena B. Kozerenko, Jose A. Olivas, Fernando G. Tinetti
Publisher	CSREA Press
Pages	454-458
Number of pages	5
ISBN (Electronic)	1601324804, 9781601324801
State	Published - 2018
Event	2018 International Conference on Artificial Intelligence, ICAI 2018 at 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Las Vegas, United States Duration: Jul 30 2018 → Aug 2 2018

Publication series

Name	2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018

Conference

Conference	2018 International Conference on Artificial Intelligence, ICAI 2018 at 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018
Country/Territory	United States
City	Las Vegas
Period	07/30/18 → 08/2/18

Keywords

Analysis
Archive
Cybersecurity
Data science
Machine learning
Metrics

Cite this

Anderson, B., & Genty, M. (2018). Using K-means clustering to detect anomalous file removes. In H. R. Arabnia, D. de la Fuente, E. B. Kozerenko, J. A. Olivas, & F. G. Tinetti (Eds.), 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018 (pp. 454-458). (2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018). CSREA Press.

Anderson, B. ; Genty, M. / Using K-means clustering to detect anomalous file removes. 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018. editor / Hamid R. Arabnia ; David de la Fuente ; Elena B. Kozerenko ; Jose A. Olivas ; Fernando G. Tinetti. CSREA Press, 2018. pp. 454-458 (2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018).

@inproceedings{b5a1b9c0aed04380aac045c61abe4c16,

title = "Using K-means clustering to detect anomalous file removes",

abstract = "One of the purposes of a data archive is to preserve irreplaceable data for future studies and generations. There are a number of ways that data can be lost from an archive, including accidental or malicious deletion of data. While there is a lot of software that can check for specific known threats or problems on a system, detecting non-specific anomalous behavior, such as unusual file removal patterns, is harder. One approach to detecting this kind of problem is machine learning. Machine learning algorithms can build a statistical model of what constitutes normal behavior and then flag data points that are outliers. To help protect the 87 petabytes of data in the National Center for Atmospheric Research's data archive, we explored our file removal patterns and implemented a k-means clustering solution to detect anomalous file removes. This approach can also be used to detect other anomalies, such as operational inconsistencies.",

keywords = "Analysis, Archive, Cybersecurity, Data science, Machine learning, Metrics",

author = "B. Anderson and M. Genty",

note = "Publisher Copyright: CSREA Press {\textcopyright}.; 2018 International Conference on Artificial Intelligence, ICAI 2018 at 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 ; Conference date: 30-07-2018 Through 02-08-2018",

year = "2018",

language = "English",

series = "2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018",

publisher = "CSREA Press",

pages = "454--458",

editor = "Arabnia, \{Hamid R.\} and \{de la Fuente\}, David and Kozerenko, \{Elena B.\} and Olivas, \{Jose A.\} and Tinetti, \{Fernando G.\}",

booktitle = "2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018",

}

Anderson, B & Genty, M 2018, Using K-means clustering to detect anomalous file removes. in HR Arabnia, D de la Fuente, EB Kozerenko, JA Olivas & FG Tinetti (eds), 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018. 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018, CSREA Press, pp. 454-458, 2018 International Conference on Artificial Intelligence, ICAI 2018 at 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018, Las Vegas, United States, 07/30/18.

Using K-means clustering to detect anomalous file removes. / Anderson, B.; Genty, M.
2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018. ed. / Hamid R. Arabnia; David de la Fuente; Elena B. Kozerenko; Jose A. Olivas; Fernando G. Tinetti. CSREA Press, 2018. p. 454-458 (2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Using K-means clustering to detect anomalous file removes

AU - Anderson, B.

AU - Genty, M.

N1 - Publisher Copyright: CSREA Press ©.

PY - 2018

Y1 - 2018

N2 - One of the purposes of a data archive is to preserve irreplaceable data for future studies and generations. There are a number of ways that data can be lost from an archive, including accidental or malicious deletion of data. While there is a lot of software that can check for specific known threats or problems on a system, detecting non-specific anomalous behavior, such as unusual file removal patterns, is harder. One approach to detecting this kind of problem is machine learning. Machine learning algorithms can build a statistical model of what constitutes normal behavior and then flag data points that are outliers. To help protect the 87 petabytes of data in the National Center for Atmospheric Research's data archive, we explored our file removal patterns and implemented a k-means clustering solution to detect anomalous file removes. This approach can also be used to detect other anomalies, such as operational inconsistencies.

AB - One of the purposes of a data archive is to preserve irreplaceable data for future studies and generations. There are a number of ways that data can be lost from an archive, including accidental or malicious deletion of data. While there is a lot of software that can check for specific known threats or problems on a system, detecting non-specific anomalous behavior, such as unusual file removal patterns, is harder. One approach to detecting this kind of problem is machine learning. Machine learning algorithms can build a statistical model of what constitutes normal behavior and then flag data points that are outliers. To help protect the 87 petabytes of data in the National Center for Atmospheric Research's data archive, we explored our file removal patterns and implemented a k-means clustering solution to detect anomalous file removes. This approach can also be used to detect other anomalies, such as operational inconsistencies.

KW - Analysis

KW - Archive

KW - Cybersecurity

KW - Data science

KW - Machine learning

KW - Metrics

UR - https://www.scopus.com/pages/publications/85068400484

M3 - Conference contribution

AN - SCOPUS:85068400484

T3 - 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018

SP - 454

EP - 458

BT - 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018

A2 - Arabnia, Hamid R.

A2 - de la Fuente, David

A2 - Kozerenko, Elena B.

A2 - Olivas, Jose A.

A2 - Tinetti, Fernando G.

PB - CSREA Press

T2 - 2018 International Conference on Artificial Intelligence, ICAI 2018 at 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018

Y2 - 30 July 2018 through 2 August 2018

ER -

Anderson B, Genty M. Using K-means clustering to detect anomalous file removes. In Arabnia HR, de la Fuente D, Kozerenko EB, Olivas JA, Tinetti FG, editors, 2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018. CSREA Press. 2018. p. 454-458. (2018 World Congress in Computer Science, Computer Engineering and Applied Computing, CSCE 2018 - Proceedings of the 2018 International Conference on Artificial Intelligence, ICAI 2018).

Using K-means clustering to detect anomalous file removes

Abstract

Publication series

Conference

Keywords

Other files and links

Fingerprint

Cite this