Using evolutionary algorithms and pareto ranking to identify secure virtual local area networks.

Interconnected devices require different types of network access to maintain functionality; however, access must also be limited to ensure security. Virtual Local Area Networks (VLANs) have become a core technology for securely interconnecting devices in a computer network since they can associate devices with various groups. Unfortunately, finding the smallest, most manageable number of VLANs to securely provide necessary interconnections becomes more difficult as the number of devices and security policy complexity increases. This paper investigates the use of Evolutionary Algorithms (EAs) to discover the minimum number of VLANs, and the associated memberships, necessary for network connectivity and security. Using this approach, VLAN configurations are modeled as chromosomes and a series of selection, recombination, and mutation operations are performed to find suitable VLAN configurations. Since the problem is a multi-objective search, a hybrid Pareto-based fitness measure is developed to rank possible VLAN solutions, where better solutions have fewer VLANs and better security. Simulation results indicate this approach is able to consistently find concise and secure VLAN groups under various conditions, including increasing number of interconnected devices and more restrictive number of required VLANs.