Cohesion factors: improving the clustering capabilities of Consensus

G. Corral, A. Fornells, E. Golobardes and J. Abella
Publisher
Lecture Notes in Computer Science, Springer-Verlag
Year
2006
First page
488
Tipus Publicació
Proceedings
Research Group
Research Line

INTRODUCTION

Security has become a main concern in corporate networks. Security tests are essential to identify vulnerabilities, but experts must analyze very large data and complex information. Unsupervised learning can help by clustering groups of devices with similar vulnerabilities. However an index to evaluate every solution should be calculated to demonstrate results validity. Also the value of the number of clusters should be tuned for every data set in order to find the best solution. This paper introduces SOM as a clustering method to evaluate complex and uncertain knowledge in Consensus, a distributed security system for vulnerability testing; it proposes new metrics to evaluate the cohesion of every cluster, and also the cohesion between clusters; it applies unsupervised algorithms and validity metrics to a security data set; and it presents a method to obtain the best number of clusters regarding these new cohesion metrics: Intracohesion and Intercohesion factors.