Published: July 20, 2016
Author(s)
Daniel Borbor (Concordia University), Lingyu Wang (Concordia University), Sushil Jajodia (GMU), Anoop Singhal (NIST)
Conference
Name: 30th IFIP Conference on Data and Application Security and Privacy (DBSEC 2016)
Dates: 07/18/2016 - 07/21/2016
Location: Trento, Italy
Citation: Data and Applications Security and Privacy XXX, vol. 9766, pp. 295-312
Diversity as a security mechanism has received revived interest recently due to its potential for improving the resilience of software and networks against unknown attacks. Recent work shows diversity can be modeled and quantified as a security metric at the network level. However, such an effort does not directly provide a solution for improving the network diversity. Also, existing network hardening approaches are largely limited to handling previously known vulnerabilities by disabling existing services. In this paper, we take the first step towards an automated approach to diversifying network services under various cost constraints in order to improve the network’s resilience against unknown attacks. Specifically, we provide a model of network services and formulate the diversification requirements as an optimization problem.We devise optimization and heuristic algorithms for efficiently diversifying relatively large networks under different cost constraints.We also evaluate our approach through simulations.
Diversity as a security mechanism has received revived interest recently due to its potential for improving the resilience of software and networks against unknown attacks. Recent work shows diversity can be modeled and quantified as a security metric at the network level. However, such an effort...
See full abstract
Diversity as a security mechanism has received revived interest recently due to its potential for improving the resilience of software and networks against unknown attacks. Recent work shows diversity can be modeled and quantified as a security metric at the network level. However, such an effort does not directly provide a solution for improving the network diversity. Also, existing network hardening approaches are largely limited to handling previously known vulnerabilities by disabling existing services. In this paper, we take the first step towards an automated approach to diversifying network services under various cost constraints in order to improve the network’s resilience against unknown attacks. Specifically, we provide a model of network services and formulate the diversification requirements as an optimization problem.We devise optimization and heuristic algorithms for efficiently diversifying relatively large networks under different cost constraints.We also evaluate our approach through simulations.
Hide full abstract
Keywords
diversity, network security; zero day attack; security metrics; network resilience
Control Families
None selected