Abstract
Security has become a main concern in corporate networks. Security tests are essential to identify vulnerabilities, but experts must analyze very large data and complex information. Unsupervised learning can help by clustering groups of devices with similar vulnerabilities. However an index to evaluate every solution should be calculated to demonstrate results validity. Also the value of the number of clusters should be tuned for every data set in order to find the best solution. This paper introduces SOM as a clustering method to evaluate complex and uncertain knowledge in Consensus, a distributed security system for vulnerability testing; it proposes new metrics to evaluate the cohesion of every cluster, and also the cohesion between clusters; it applies unsupervised algorithms and validity metrics to a security data set; and it presents a method to obtain the best number of clusters regarding these new cohesion metrics: Intracohesion and Intercohesion factors.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bloedorn, E., Christiansen, A.D., Hill, W., Skorupka, C.: Data mining for network intrusion detection: How to get started. In: The MITRE Corporation (2001)
Corral, G., Cadenas, X., Zaballos, A., Cadenas, M.: A distributed security system for wlans. In: 1st. IEEE International Conference on Wireless Internet (2005)
Corral, G., Golobardes, E., Andreu, O., Serra, I., Maluquer, E., Martínez, A.: Application of clustering techniques in a network security testing system. Artificial Intelligence Research and Devolopment 131, 157–164 (2005)
Corral, G., Zaballos, A., Cadenas, X., Grané, A.: A distributed security system for an intranet. In: 39th IEEE Int. Carnahan Conf. on Security Technology (2005)
Davies, D., Bouldin, D.: A cluster separation measure. IEEE Transactions on Pattern Analysis and Machine Intelligence 1(4), 224–227 (1979)
Dawkins, J., Hale, J.: A systematic approach to multi-stage network attack analysis. In: Second IEEE Int. Inf. Assurance Workshop (2004)
DeLooze, L.: Classification of Computer Attacks using a Self-Organizing Map. In: Proc. of the 2004 IEEE, Workshop on Information Assurance, pp. 365–369 (2004)
Dunn, J.C.: Well separated clusters and optimal fuzzy partitions. J. Cybernetics 4, 224–227 (1974)
Fornells, A., Golobardes, E., Vernet, D., Corral, G.: Unsupervised case memory organization: Analysing computational time and soft computing capabilities. In: 8th European Conference on Case-Based Reasoning (2006) (in press)
Hartigan, J., Wong, M.: A k-means clustering algorithm. Applied Statistics 28, 100–108 (1979)
Hartigan, J.A.: Clustering Algorithms. John Wiley and Sons, New York (1975)
Haykin, S.: Neural Networks: A Comprehensive Foundation. Prentice-Hall, Englewood Cliffs (1999)
Kohonen, T.: Self-Organization and Associative Memory. Springer Series in Information Sciences, vol. 8. Springer, Heidelberg (1984) 3rd ed. (1989)
Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Conf. in Research and Practice in Inf. Tech. (2005)
Martin, F.: Case-Based Sequence Analysis in Dynamic, Imprecise, and Adversarial Domains. PhD thesis, Universitat Politècnica de Catalunya (2004)
Nmap. Insecure, http://www.insecure.org/nmap
Rousseew, P.J.: Silhouttes: a graphical aid to the interpretation and validation of cluster analysis. J. of Computational Applications in Math 20, 53–65 (1987)
Internet Scanner, http://www.nessus.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Corral, G., Fornells, A., Golobardes, E., Abella, J. (2006). Cohesion Factors: Improving the Clustering Capabilities of Consensus. In: Corchado, E., Yin, H., Botti, V., Fyfe, C. (eds) Intelligent Data Engineering and Automated Learning – IDEAL 2006. IDEAL 2006. Lecture Notes in Computer Science, vol 4224. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11875581_59
Download citation
DOI: https://doi.org/10.1007/11875581_59
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-45485-4
Online ISBN: 978-3-540-45487-8
eBook Packages: Computer ScienceComputer Science (R0)