Analysis of vulnerability assessment results based on CAOS

Abstract: Information system security must battle regularly with new threats that jeopardize the protection of those systems. Security tests have to be run periodically not only to identify vulnerabilities but also to control information systems, network devices, services and communications. Vulnerability assessments gather large amounts of data to be further analyzed by security experts, who recently have started using data analysis techniques to extract useful knowledge from these data. With the aim of assisting this process, this work presents CAOS, an evolutionary multiobjective approach to be used to cluster information of security tests. The process enables the clustering of the tested devices with similar vulnerabilities to detect hidden patterns, rogue or risky devices. Two different types of metrics have been selected to guide the discovery process in order to get the best clustering solution: general-purpose and specific-domain objectives. The results of both approaches are compared with the state-of-the-art single-objective clustering techniques to corroborate the benefits of the clustering results to security analysts.

[1]  Samuel Kaski,et al.  Bibliography of Self-Organizing Map (SOM) Papers: 1981-1997 , 1998 .

[2]  M. Friedman A Comparison of Alternative Tests of Significance for the Problem of $m$ Rankings , 1940 .

[3]  S. Holm A Simple Sequentially Rejective Multiple Test Procedure , 1979 .

[4]  Jaume Abella,et al.  Cohesion Factors: Improving the Clustering Capabilities of Consensus , 2006, IDEAL.

[5]  Julian F. Miller,et al.  Genetic and Evolutionary Computation — GECCO 2003 , 2003, Lecture Notes in Computer Science.

[6]  Donald W. Bouldin,et al.  A Cluster Separation Measure , 1979, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[7]  J. A. Hartigan,et al.  A k-means clustering algorithm , 1979 .

[8]  Ian Witten,et al.  Data Mining , 2000 .

[9]  J. Dunn Well-Separated Clusters and Optimal Fuzzy Partitions , 1974 .

[10]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques with Java implementations , 2002, SGMD.

[11]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[12]  K. Ciliz,et al.  Network-based anomaly intrusion detection system using SOMs , 2004, Proceedings of the IEEE 12th Signal Processing and Communications Applications Conference, 2004..

[13]  David G. Stork,et al.  Pattern Classification , 1973 .

[14]  Philip S. Yu,et al.  Top 10 algorithms in data mining , 2007, Knowledge and Information Systems.

[15]  P. Rousseeuw Silhouettes: a graphical aid to the interpretation and validation of cluster analysis , 1987 .

[16]  Anil K. Jain,et al.  Multiobjective data clustering , 2004, CVPR 2004.

[17]  Jianhong Wu,et al.  Data clustering - theory, algorithms, and applications , 2007 .

[18]  Martin J. Oates,et al.  PESA-II: region-based selection in evolutionary multiobjective optimization , 2001 .

[19]  L.L. DeLooze Classification of computer attacks using a self-organizing map , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[20]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[21]  Maurice K. Wong,et al.  Algorithm AS136: A k-means clustering algorithm. , 1979 .

[22]  Lisa M. Talbot,et al.  Data Mining Applied to Intrusion Detection: MITRE Experiences , 2006 .

[23]  John A. Hartigan,et al.  Clustering Algorithms , 1975 .

[24]  R. J. Kuo,et al.  Application of ant K-means on clustering analysis , 2005 .

[25]  Nadia Nedjah,et al.  Computational Intelligence in Information Assurance and Security , 2007, Studies in Computational Intelligence.

[26]  Erfu Yang,et al.  Multi-Objective Evolutionary Optimizations of a Space-Based Reconfigurable Sensor Network under Hard Constraints , 2007 .

[27]  Joydeep Ghosh,et al.  Cluster Ensembles --- A Knowledge Reuse Framework for Combining Multiple Partitions , 2002, J. Mach. Learn. Res..

[28]  John Hale,et al.  A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[29]  Anil K. Jain,et al.  Algorithms for Clustering Data , 1988 .

[30]  Joshua D. Knowles,et al.  An Evolutionary Approach to Multiobjective Clustering , 2007, IEEE Transactions on Evolutionary Computation.

[31]  Jackie Rees Ulmer,et al.  Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach , 2006, Decis. Support Syst..

[32]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[33]  Andrew W. Moore,et al.  X-means: Extending K-means with Efficient Estimation of the Number of Clusters , 2000, ICML.

[34]  Janez Demsar,et al.  Statistical Comparisons of Classifiers over Multiple Data Sets , 2006, J. Mach. Learn. Res..