Analysis of vulnerability assessment results based on CAOS

Information system security must battle regularly with new threats that jeopardize the protection of those systems. Security tests have to be run periodically not only to identify vulnerabilities but also to control information systems, network devices, services and communications. Vulnerability assessments gather large amounts of data to be further analyzed by security experts, who recently have started using data analysis techniques to extract useful knowledge from these data. With the aim of assisting this process, this work presents CAOS, an evolutionary multiobjective approach to be used to cluster information of security tests. The process enables the clustering of the tested devices with similar vulnerabilities to detect hidden patterns, rogue or risky devices. Two different types of metrics have been selected to guide the discovery process in order to get the best clustering solution: general-purpose and specific-domain objectives. The results of both approaches are compared with the state-of-the-art single-objective clustering techniques to corroborate the benefits of the clustering results to security analysts. (C) 2010 Elsevier B. V. All rights reserved.