An Explainable Clustering-Based Approach for Cyber Situational Awareness on Masquerade Attacks Detection

Main Article Content

Nelva N. Almanza-Ortega
Joaquin Perez-Ortega
Sergio M. Martinez-Monterrubio
Juan Recio-Garcia

Abstract

Masquerade attacks pose a significant challenge in cybersecurity, as intruders mimic legitimate user behavior to evade detection. In dynamic, data-intensive environments, traditional intrusion detection systems often struggle to provide both timely and interpretable results, limiting their usefulness for effective Cyber Situational Awareness (CSA). This article presents a clustering-based approach for detecting masquerade attacks using OK-Means—a variant of K-Means optimized for faster convergence—combined with a nearest neighbor classifier and noise reduction techniques. The proposed Intrusion Detection System (IDS) reduces computational overhead while enhancing explainability, leading to more reliable and transparent Cyber Threat Intelligence (CTI) decisions.

Article Details

Section
Original Research Articles