Published: September 01, 2019
Citation: Computer Communications vol. 145, (September 2019) pp. 96-112
Author(s)
Daniel Borbor (Concordia University), Lingyu Wang (Concordia University), Sushil Jajodia (GMU), Anoop Singhal (NIST)
Diversity as a security mechanism is receiving renewed interest due to its potential for improving the resilience of software and networks against previously unknown attacks. Recent works show diversity can be modeled and quantified as a security metric at the network level. However, such efforts do not directly provide a solution for improving the network diversity. On the other hand, existing network hardening approaches largely focus on handling vulnerabilities and do not pay special attention to diversity. In this paper, we propose an automated approach to diversifying network services under various cost constraints in order to improve the network's resilience against unknown attacks. Specifically, we first define models for network services and their relationships, diversification options, and the costs. We then formulate the optimization problem of diversifying network services under given cost constraints. We devise optimization and heuristic algorithms for efficiently solving the problem, and we evaluate our approach through simulations.
Diversity as a security mechanism is receiving renewed interest due to its potential for improving the resilience of software and networks against previously unknown attacks. Recent works show diversity can be modeled and quantified as a security metric at the network level. However, such efforts do...
See full abstract
Diversity as a security mechanism is receiving renewed interest due to its potential for improving the resilience of software and networks against previously unknown attacks. Recent works show diversity can be modeled and quantified as a security metric at the network level. However, such efforts do not directly provide a solution for improving the network diversity. On the other hand, existing network hardening approaches largely focus on handling vulnerabilities and do not pay special attention to diversity. In this paper, we propose an automated approach to diversifying network services under various cost constraints in order to improve the network's resilience against unknown attacks. Specifically, we first define models for network services and their relationships, diversification options, and the costs. We then formulate the optimization problem of diversifying network services under given cost constraints. We devise optimization and heuristic algorithms for efficiently solving the problem, and we evaluate our approach through simulations.
Hide full abstract
Keywords
Diversity; Network security; Optimization; Zero day attack
Control Families
None selected