An Explainable Clustering-Based Approach for Cyber Situational Awareness on Masquerade Attacks Detection
Main Article Content
Abstract
Masquerade attacks pose a significant challenge in cybersecurity, as intruders mimic legitimate user behavior to evade detection. In dynamic, data-intensive environments, traditional intrusion detection systems often struggle to provide both timely and interpretable results, limiting their usefulness for effective Cyber Situational Awareness (CSA). This article presents a clustering-based approach for detecting masquerade attacks using OK-Means—a variant of K-Means optimized for faster convergence—combined with a nearest neighbor classifier and noise reduction techniques. The proposed Intrusion Detection System (IDS) reduces computational overhead while enhancing explainability, leading to more reliable and transparent Cyber Threat Intelligence (CTI) decisions.
Article Details

This work is licensed under a Creative Commons Attribution 4.0 International License.