TY - JOUR
T1 - Analysis of vulnerability assessment results based on CAOS
AU - Corral, G.
AU - Garcia-Piquer, A.
AU - Orriols-Puig, A.
AU - Fornells, A.
AU - Golobardes, E.
N1 - Funding Information:
This work has been supported by the MCYT-FEDER project TIN2008-06681-C06-05, and by the Generalitat de Catalunya, DIUE, and European Social Fund (2009-SGR-183, 2010FI_B 01084).
PY - 2011/10
Y1 - 2011/10
N2 - Information system security must battle regularly with new threats that jeopardize the protection of those systems. Security tests have to be run periodically not only to identify vulnerabilities but also to control information systems, network devices, services and communications. Vulnerability assessments gather large amounts of data to be further analyzed by security experts, who recently have started using data analysis techniques to extract useful knowledge from these data. With the aim of assisting this process, this work presents CAOS, an evolutionary multiobjective approach to be used to cluster information of security tests. The process enables the clustering of the tested devices with similar vulnerabilities to detect hidden patterns, rogue or risky devices. Two different types of metrics have been selected to guide the discovery process in order to get the best clustering solution: general-purpose and specific-domain objectives. The results of both approaches are compared with the state-of-the-art single-objective clustering techniques to corroborate the benefits of the clustering results to security analysts.
AB - Information system security must battle regularly with new threats that jeopardize the protection of those systems. Security tests have to be run periodically not only to identify vulnerabilities but also to control information systems, network devices, services and communications. Vulnerability assessments gather large amounts of data to be further analyzed by security experts, who recently have started using data analysis techniques to extract useful knowledge from these data. With the aim of assisting this process, this work presents CAOS, an evolutionary multiobjective approach to be used to cluster information of security tests. The process enables the clustering of the tested devices with similar vulnerabilities to detect hidden patterns, rogue or risky devices. Two different types of metrics have been selected to guide the discovery process in order to get the best clustering solution: general-purpose and specific-domain objectives. The results of both approaches are compared with the state-of-the-art single-objective clustering techniques to corroborate the benefits of the clustering results to security analysts.
KW - AI applications
KW - Clustering
KW - Evolutionary algorithm
KW - Information system security
KW - Multiobjective optimization
KW - Network security
KW - Unsupervised learning
UR - http://www.scopus.com/inward/record.url?scp=79960562498&partnerID=8YFLogxK
U2 - 10.1016/j.asoc.2010.09.011
DO - 10.1016/j.asoc.2010.09.011
M3 - Article
AN - SCOPUS:79960562498
SN - 1568-4946
VL - 11
SP - 4321
EP - 4331
JO - Applied Soft Computing Journal
JF - Applied Soft Computing Journal
IS - 7
ER -