Multiobjective Evolutionary Clustering Approach to Security Vulnerability Assesments

  • G. Corral
  • A. Garcia-Piquer
  • A. Orriols-Puig
  • A. Fornells
  • E. Golobardes
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5572)


Network vulnerability assessments collect large amounts of data to be further analyzed by security experts. Data mining and, particularly, unsupervised learning can help experts analyze these data and extract several conclusions. This paper presents a contribution to mine data in this security domain. We have implemented an evolutionary multiobjective approach to cluster data of security assessments. Clusters hold groups of tested devices with similar vulnerabilities to detect hidden patterns. Two different metrics have been selected as objectives to guide the discovery process. The results of this contribution are compared with other single-objective clustering approaches to confirm the value of the obtained clustering structures.


Multiobjective Optimization Evolutionary Algorithm Unsupervised Learning Clustering Network Security AI applications 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anchor, K., Zydallis, J., Gunsch, G.: Extending the computer defense immune system: Network intrusion detection with a multiobjective evolutionary programming approach. In: 1st Conf. on Artificial Immune Systems, pp. 12–21 (2002)Google Scholar
  2. 2.
    Bloedorn, E., Talbot, L., DeBarr, D.: Data Mining Applied to Intrusion Detection: MITRE Experiences. In: Maloof, M.A. (ed.). Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Corral, G., Armengol, E., Fornells, A., Golobardes, E.: Data security analysis using unsupervised learning and explanations. In: Innovations in Hybrid Intelligent Systems. Advances in Soft Computing, vol. 44, pp. 112–119. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Corral, G., Fornells, A., Golobardes, E., Abella, J.: Cohesion factors: improving the clustering capabilities of consensus. In: Corchado, E., Yin, H., Botti, V., Fyfe, C. (eds.) IDEAL 2006. LNCS, vol. 4224, pp. 488–495. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Corral, G., Zaballos, A., Cadenas, X., Grane, A.: A distributed vulnerability detection system for an intranet. In: Proceedings of the 39th IEEE International Carnahan Conference on Security Technology (ICCST 2005), pp. 291–295 (2005)Google Scholar
  6. 6.
    Davies, D.L., Bouldin, D.W.: A cluster separation measure. IEEE Transactions on Pattern Analysis and Machine Learning 4, 224–227 (1979)CrossRefGoogle Scholar
  7. 7.
    Dawkins, J., Dale, J.: A systematic approach to multi-stage network attack analysis. In: 2nd. IEEE Int. Information Assurance Workshop (IWIA 2004) (2004)Google Scholar
  8. 8.
    DeLooze, L.: Classification of computer attacks using a self-organizing map. In: Proc. of the 2004 IEEE Workshop on Information Assurance, pp. 365–369 (2004)Google Scholar
  9. 9.
    Depren, M.O., Topallar, M., Anarim, E., Ciliz, K.: Network-based anomaly intrusion detection system using soms. In: Proc. of the IEEE 12th Signal Processing and Communications Applications Conference, pp. 76–79 (2004)Google Scholar
  10. 10.
    Dunn, J.C.: Well separated clusters and optimal fuzzy partitions. Journal of Cybernetics 4, 95–104 (1974)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Gupta, M., Rees, J., Chaturvedi, A., Chi, J.: Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach. Decision Support Systems 41(3), 592–603 (2006)CrossRefGoogle Scholar
  12. 12.
    Handl, J., Knowles, J.: An evolutionary approach to multiobjective clustering. IEEE Transactions on Evolutionary Computation 11(1), 56–76 (2007)CrossRefGoogle Scholar
  13. 13.
    Hartigan, J.A.: Clustering Algorithms. John Wiley and Sons, New York (1975)zbMATHGoogle Scholar
  14. 14.
    Kohonen, T.: Self-Organizing Maps, 3rd edn. Springer, Heidelberg (2000)zbMATHGoogle Scholar
  15. 15.
    Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proc. 28th Australasian CS Conf., vol. 38 (2005)Google Scholar
  16. 16.
    Peltier, T.R., Peltier, J., Blackley, J.: Managing a Network Vulnerability Assessment. Auerbach Publishers Inc. (2003)Google Scholar
  17. 17.
    Ramadas, M., Ostermann, S., Tjaden, B.C.: Detecting anomalous network traffic with self-organizing maps. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Rousseeuw, P.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. of Comp. Applic. in Math 20, 53–65 (1987)CrossRefzbMATHGoogle Scholar
  19. 19.
    Yang, E., Erdogan, A., Arslan, T., Barton, N.: Multi-objective evolutionary optimizations of a space-based reconfigurable sensor network under hard constraints. In: Symp. on Bioinspired, Learning, and Int. Syst. for Security, pp. 72–75 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • G. Corral
    • 1
  • A. Garcia-Piquer
    • 1
  • A. Orriols-Puig
    • 1
  • A. Fornells
    • 1
  • E. Golobardes
    • 1
  1. 1.Grup de Recerca en Sistemes Intel·ligents La SalleUniversitat Ramon LlullBarcelonaSpain

Personalised recommendations