What Should We Learn? Special Issue on Data Mining for Cybersecurity

Computer and communication systems are subject to repeated security attacks. Given the variety of new vulnerabilities discovered every day, the introduction of new attack schemes, and the ever-expanding use of the Internet, it is not surprising that the field of computer and network security has grown and evolved significantly in recent years. Attacks are so pervasive nowadays that many firms, especially large financial institutions, spend over 10% of their total information and communication technology budget directly on computer and network security. Changes in the type of attacks and the identification of new vulnerabilities have resulted in a highly dynamic threat landscape that is unamenable to traditional security approaches.

Data mining techniques that explore data in order to discover hidden patterns and develop predictive models have proven to be effective in tackling the aforementioned information security challenges. In recent years, classification, anomaly detection, and temporal analysis have all been used among other techniques to discover and generalize attack patterns in order to develop powerful solutions for coping with the latest threats.

The articles presented in the special issue published by IEEE Intelligent Systems in March/April 2018 are quite representative of the field of data mining applied to cybersecurity—both in terms of the tasks and domains that they consider and in terms of the solutions that they propose. Specifically, the tasks represented in this issue include user authentication through biometrics, SCADA systems vulnerability assessment, user action identification in IoT encrypted traffic, and network anomaly and intrusion detection in large computer networks as well as in small ones such as car controller networks. In order to address all the issues surveyed in this volume, a plethora of approaches are presented including ensemble methods, one-class classification methods, text mining, transfer learning, data stream mining, and temporal analyses via neural networks. The principal problems tackled by these techniques are problems of reliability, the need to function in different environments, or adaptability to dynamic conditions either due to natural changes to the systems or to adversarial settings.

The articles published in this volume provide both a comprehensive introduction to the types of issues encountered in the field and present sophisticated solution to tackle them. It is an important read for anyone interested in the state-of-the-art in cybersecurity.