Abstract
Network vulnerability assessments collect large amounts of data to be further analyzed by security experts. Data mining and, particularly, unsupervised learning can help experts analyze these data and extract several conclusions. This paper presents a contribution to mine data in this security domain. We have implemented an evolutionary multiobjective approach to cluster data of security assessments. Clusters hold groups of tested devices with similar vulnerabilities to detect hidden patterns. Two different metrics have been selected as objectives to guide the discovery process. The results of this contribution are compared with other single-objective clustering approaches to confirm the value of the obtained clustering structures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anchor, K., Zydallis, J., Gunsch, G.: Extending the computer defense immune system: Network intrusion detection with a multiobjective evolutionary programming approach. In: 1st Conf. on Artificial Immune Systems, pp. 12–21 (2002)
Bloedorn, E., Talbot, L., DeBarr, D.: Data Mining Applied to Intrusion Detection: MITRE Experiences. In: Maloof, M.A. (ed.). Springer, Heidelberg (2005)
Corral, G., Armengol, E., Fornells, A., Golobardes, E.: Data security analysis using unsupervised learning and explanations. In: Innovations in Hybrid Intelligent Systems. Advances in Soft Computing, vol. 44, pp. 112–119. Springer, Heidelberg (2008)
Corral, G., Fornells, A., Golobardes, E., Abella, J.: Cohesion factors: improving the clustering capabilities of consensus. In: Corchado, E., Yin, H., Botti, V., Fyfe, C. (eds.) IDEAL 2006. LNCS, vol. 4224, pp. 488–495. Springer, Heidelberg (2006)
Corral, G., Zaballos, A., Cadenas, X., Grane, A.: A distributed vulnerability detection system for an intranet. In: Proceedings of the 39th IEEE International Carnahan Conference on Security Technology (ICCST 2005), pp. 291–295 (2005)
Davies, D.L., Bouldin, D.W.: A cluster separation measure. IEEE Transactions on Pattern Analysis and Machine Learning 4, 224–227 (1979)
Dawkins, J., Dale, J.: A systematic approach to multi-stage network attack analysis. In: 2nd. IEEE Int. Information Assurance Workshop (IWIA 2004) (2004)
DeLooze, L.: Classification of computer attacks using a self-organizing map. In: Proc. of the 2004 IEEE Workshop on Information Assurance, pp. 365–369 (2004)
Depren, M.O., Topallar, M., Anarim, E., Ciliz, K.: Network-based anomaly intrusion detection system using soms. In: Proc. of the IEEE 12th Signal Processing and Communications Applications Conference, pp. 76–79 (2004)
Dunn, J.C.: Well separated clusters and optimal fuzzy partitions. Journal of Cybernetics 4, 95–104 (1974)
Gupta, M., Rees, J., Chaturvedi, A., Chi, J.: Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach. Decision Support Systems 41(3), 592–603 (2006)
Handl, J., Knowles, J.: An evolutionary approach to multiobjective clustering. IEEE Transactions on Evolutionary Computation 11(1), 56–76 (2007)
Hartigan, J.A.: Clustering Algorithms. John Wiley and Sons, New York (1975)
Kohonen, T.: Self-Organizing Maps, 3rd edn. Springer, Heidelberg (2000)
Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proc. 28th Australasian CS Conf., vol. 38 (2005)
Peltier, T.R., Peltier, J., Blackley, J.: Managing a Network Vulnerability Assessment. Auerbach Publishers Inc. (2003)
Ramadas, M., Ostermann, S., Tjaden, B.C.: Detecting anomalous network traffic with self-organizing maps. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003)
Rousseeuw, P.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. of Comp. Applic. in Math 20, 53–65 (1987)
Yang, E., Erdogan, A., Arslan, T., Barton, N.: Multi-objective evolutionary optimizations of a space-based reconfigurable sensor network under hard constraints. In: Symp. on Bioinspired, Learning, and Int. Syst. for Security, pp. 72–75 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Corral, G., Garcia-Piquer, A., Orriols-Puig, A., Fornells, A., Golobardes, E. (2009). Multiobjective Evolutionary Clustering Approach to Security Vulnerability Assesments. In: Corchado, E., Wu, X., Oja, E., Herrero, Á., Baruque, B. (eds) Hybrid Artificial Intelligence Systems. HAIS 2009. Lecture Notes in Computer Science(), vol 5572. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02319-4_72
Download citation
DOI: https://doi.org/10.1007/978-3-642-02319-4_72
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02318-7
Online ISBN: 978-3-642-02319-4
eBook Packages: Computer ScienceComputer Science (R0)