Automated synthesis of resiliency configurations for cyber networks

机译：自动综合网络的弹性配置

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Enterprise networks deploy security devices to control access and limit potential threats. Due to the emergence of zero-day attacks, security device based isolation measures like access denial, trusted communication, and payload inspection are often not adequate for the resilient execution of an organization's mission. Diversity between two hosts in terms of operating systems and services running on these hosts is crucial for limiting the attack propagation. Since different software systems have different vulnerabilities, it is important to have the hosts diversified considering the isolation among the hosts as well as the mission requirements. In this paper, we present a formal model for synthesizing network resiliency configurations. The resiliency design integrates isolation and diversity measures. We take the network topology, resiliency requirements, and business constraints as inputs. Then, our proposed model synthesizes cost-effective resiliency configurations satisfying the constraints. The output of the model provides necessary placements of different security devices in the topology and necessary installments of operating systems and services on the hosts. We demonstrate the execution of the proposed model as well as their scalability using simulated experiments.

机译：企业网络部署安全设备以控制访问并限制潜在威胁。由于零日攻击的出现，基于安全设备的隔离措施（例如访问拒绝，可信通信和有效负载检查）通常不足以弹性执行组织的任务。就限制这些主机上运行的操作系统和服务而言，两台主机之间的多样性至关重要。由于不同的软件系统具有不同的漏洞，因此考虑到主机之间的隔离性和任务要求，使主机多样化是很重要的。在本文中，我们提出了用于综合网络弹性配置的正式模型。弹性设计集成了隔离和多样性措施。我们将网络拓扑，弹性需求和业务约束作为输入。然后，我们提出的模型综合了满足约束条件的具有成本效益的弹性配置。该模型的输出提供了拓扑中不同安全设备的必要位置，以及主机上操作系统和服务的必要位置。我们使用模拟实验演示了所提出模型的执行及其可伸缩性。

著录项

来源
《IEEE Conference on Communications and Network Security》|2016年|243-251|共9页
会议地点
作者
Mohammad Ashiqur Rahman; Abdullah Farooq; Amarjit Datta; Ehab Al-Shaer;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Security; Usability; Operating systems; Silicon; Network topology; Business;

机译：安全性;可用性;操作系统;硅;网络拓扑;业务;

相似文献

外文文献
中文文献
专利

1. Automated synthesis of control configurations for process networks based on structural coupling [J] . Heo Seongmin, Marvin W. Alex, Daoutidis Prodromos Chemical Engineering Science . 2015,第Null期

机译：基于结构耦合的过程网络控制配置自动综合
2. Automated synthesis of control configurations for process networks based on structural coupling [J] . Heo Seongmin, Marvin W. Alex, Daoutidis Prodromos Chemical Engineering Science . 2015,第Null期

机译：基于结构耦合的过程网络控制配置自动综合
3. Resilient Tracking Control of Networked Control Systems Under Cyber Attacks [J] . Mousavinejad Eman, Ge Xiaohua, Han Qing-Long, Cybernetics, IEEE Transactions on . 2021,第4期

机译：网络攻击下网络控制系统的弹性跟踪控制
4. Automated synthesis of resiliency configurations for cyber networks [C] . Mohammad Ashiqur Rahman, Abdullah Farooq, Amarjit Datta, IEEE Conference on Communications and Network Security . 2016

机译：网络网络的自动合成弹性配置
5. Automated synthesis and optimization of robot configurations: An evolutionary approach. [D] . Leger, Patrick Christopher. 1999

机译：机器人配置的自动综合和优化：一种进化方法。
6. Named-Entity-Recognition-Based Automated System for Diagnosing Cybersecurity Situations in IoT Networks [O] . Tiberiu-Marian Georgescu, Bogdan Iancu, Madalina Zurini 2019

机译：基于命名实体识别的物联网网络安全状况自动诊断系统
7. Cyber-physical Robotics – Automated Analysis, Programming and Configuration of Robot Cells based on Cyber-physical-systems [O] . Michniewicz Joachim, Reinhart Gunther 2014

机译：网络物理机器人技术–基于网络物理系统的机器人单元的自动分析，编程和配置
8. Enabling Distributed Security in Cyberspace. Building a Health and Resilient Cyber Ecosystem with Automated Collective Action. [R] . 2011

机译：在网络空间中启用分布式安全性。利用自动集体行动建立健康，有弹性的网络生态系统。

Automated synthesis of resiliency configurations for cyber networks

摘要

著录项

相似文献

相关主题

期刊订阅