Vincent S. Tseng, Tu Bao Ho, Zhi-Hua Zhou, Arbee L.P. Chen, Hung-Yu Kao

The two-volume set LNAI 8443 + LNAI 8444 constitutes the refereed lawsuits of the 18th Pacific-Asia convention on wisdom Discovery and information Mining, PAKDD 2014, held in Tainan, Taiwan, in may possibly 2014. The forty complete papers and the 60 brief papers offered inside those lawsuits have been rigorously reviewed and chosen from 371 submissions. They hide the overall fields of development mining; social community and social media; class; graph and community mining; functions; privateness conserving; suggestion; function choice and relief; computing device studying; temporal and spatial info; novel algorithms; clustering; biomedical information mining; flow mining; outlier and anomaly detection; multi-sources mining; and unstructured facts and textual content mining.

A more formal definition of the problem at hand is as follows Problem 1. Attack Patterns Discovery in MalSpot – Given: (1) intrusion detection system (IDS) event logs, recording event name, timestamp, target ip (2) Honeynet firewall logs, recording source ip, target ip, timestamp – Find: (1) the suspicious and common patterns in all three modes/aspects of the data, (2) provide an intuitive visualization of the above patterns, and (3) scale up in millions of nodes in our network. Guided by the format of the data at hand, we propose MalSpot which choses to formulate the problem as multi-linear solution as well as tensor analysis.

The canonical polyadic (CP) or PARAFAC decomposition we employ can be seen as a generalization of the Singular Value Decomposition (SVD) for matrices. CP/PARAFAC decomposes a tensor to the weighted sum of outer products of mode-specific vectors for a 3-order tensor. Formally, for an M-mode tensor X of size {I1 ×I2 ×· · ·×IM }, its CP/PARAFAC decomposition of (1) (M) (m) M rank R yields X ≈ R )= R where ◦ denotes r=1 λ(ar ◦ ... ◦ ar r=1 m=1 ar the outer product, and is in the sense of vector outer product multiplication (and not in the traditional multiplication operation).

