Authors: Michael Knight, Kortney Raulston, Kennard Laviers, Kenneth Hopkinson
Even after a network intrusion system (IDS) has identified a cyber-attack, network administrators are still faced with the difficult challenge of assessing network health and status in order to appropriately take action to mitigate damage caused by such an attack due to the large amount of data available from the network components. This paper explores the use of auto-clustering to abstract network meta-data to form high-level units of information that are more comprehensible for a network administrator or an AI Agent to understand and act on. We perform an empirical analysis to evaluate our approach using the NSL-KDD99 dataset for both abstraction of network log data and attack family classification. By auto-clustering, we significantly increase the classification speed without greatly increasing the error.