Multiobjective Evolutionary Clustering Approach to Security Vulnerability Assesments

Network vulnerability assessments collect large amounts of data to be further analyzed by security experts. Data mining and, particularly, unsupervised learning can help experts analyze these data and extract several conclusions. This paper presents a contribution to mine data in this security domain. We have implemented an evolutionary multiobjective approach to cluster data of security assessments. Clusters hold groups of tested devices with similar vulnerabilities to detect hidden patterns. Two different metrics have been selected as objectives to guide the discovery process. The results of this contribution are compared with other single-objective clustering approaches to confirm the value of the obtained clustering structures.

[1]  P. Rousseeuw Silhouettes: a graphical aid to the interpretation and validation of cluster analysis , 1987 .

[2]  Kevin P. Anchor,et al.  Extending the Computer Defense Immune System : Network Intrusion Detection with a Multiobjective Evolutionary Programming Approach , 2002 .

[3]  K. Ciliz,et al.  Network-based anomaly intrusion detection system using SOMs , 2004, Proceedings of the IEEE 12th Signal Processing and Communications Applications Conference, 2004..

[4]  L.L. DeLooze Classification of computer attacks using a self-organizing map , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[5]  Joshua D. Knowles,et al.  An Evolutionary Approach to Multiobjective Clustering , 2007, IEEE Transactions on Evolutionary Computation.

[6]  Jackie Rees Ulmer,et al.  Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach , 2006, Decis. Support Syst..

[7]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[8]  Jaume Abella,et al.  Cohesion Factors: Improving the Clustering Capabilities of Consensus , 2006, IDEAL.

[9]  Juan M. Corchado,et al.  Innovations in Hybrid Intelligent Systems , 2008, Advances in Soft Computing.

[10]  A. Zaballos,et al.  A distributed vulnerability detection system for an intranet , 2005, Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology.

[11]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[12]  Thomas Peltier,et al.  Managing a Network Vulnerability Assessment , 2003 .

[13]  J. Dunn Well-Separated Clusters and Optimal Fuzzy Partitions , 1974 .

[14]  John A. Hartigan,et al.  Clustering Algorithms , 1975 .

[15]  Donald W. Bouldin,et al.  A Cluster Separation Measure , 1979, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[16]  Albert Fornells,et al.  Data Security Analysis Using Unsupervised Learning and Explanations , 2008, Innovations in Hybrid Intelligent Systems.

[17]  Erfu Yang,et al.  Multi-Objective Evolutionary Optimizations of a Space-Based Reconfigurable Sensor Network under Hard Constraints , 2007 .

[18]  John Hale,et al.  A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[19]  Adem Karahoca,et al.  Multi-Objective Evolutionary Optimizations of a Space-Based Reconfigurable Sensor Network under Hard Constraints , 2007, BLISS.

[20]  Emilio Corchado,et al.  Intelligent Data Engineering and Automated Learning - IDEAL 2006, 7th International Conference, Burgos, Spain, September 20-23, 2006, Proceedings , 2006, IDEAL.

[21]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[22]  Rajkumar Roy,et al.  Advances in Soft Computing , 2018, Lecture Notes in Computer Science.

[23]  Lisa M. Talbot,et al.  Data Mining Applied to Intrusion Detection: MITRE Experiences , 2006 .