01731nas a2200169 4500000000100000008004100001653002500042653001800067653002100085653002800106653002300134100002200157245006400179300001100243490000700254520130000261 2021 d10aClustering algorithm10aCybersecurity10amachine learning10aweb page categorisation10aweb users analysis1 aMichal Turčaník00aNetwork User Behaviour Analysis by Machine Learning Methods a66-78 0 v503 a
Cyber security is one of the prominent global challenges due to the significant increase in the number of cyberattacks over the last few decades. The amount of transferred data is growing, and a quick reaction to cyber incidents is needed. The paper is a contribution to this effort. There is a possibility to save time and resources by concentrating only on a subgroup of potential threats caused by a specific group of users. The main source of information about a selected group of users is the web access log file, where all the necessary data is stored. The contribution also presents the concept of preprocessing data from the log files to a form useful for clustering. In the next step, a density-based spatial clustering algorithm is applied to create the clusters. Clustering algorithms have been applied to many fields (marketing, business, etc.), but not for the purposes of cyber defence. The created clusters were analysed according to our definition of risky behaviour. After analysis of the clustering results, it was possible to select a potentially dangerous group of users in the specific cluster. The presented method has potential use in different areas of cyber defence and other applications where intelligent classification is required.