Diversifying Network Services Under Cost Constraints for Better Resilience Against Unknown Attacks

Abstract : Diversity as a security mechanism has received revived interest recently due to its potential for improving the resilience of software and networks against unknown attacks. Recent work show diversity can be modeled and quantified as a security metric at the network level. However, such an effort does not directly provide a solution for improving the network diversity, and existing network hardening approaches are largely limited to handling previously known vulnerabilities by disabling existing services. In this paper, we take the first step towards an automated approach to diversifying network services under various cost constraints in order to improve the network’s resilience against unknown attacks. Specifically, we provide a model of network services and formulate the diversification requirements as an optimization problem. We devise optimization and heuristic algorithms for efficiently diversifying relatively large networks under different cost constraints. We also evaluate our approach through simulations.
Type de document :
Communication dans un congrès
Silvio Ranise; Vipin Swarup. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9766, pp.295-312, 2016, Data and Applications Security and Privacy XXX. 〈10.1007/978-3-319-41483-6_21〉
Liste complète des métadonnées

Littérature citée [26 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01633677
Contributeur : Hal Ifip <>
Soumis le : lundi 13 novembre 2017 - 11:46:22
Dernière modification le : lundi 13 novembre 2017 - 11:48:27
Document(s) archivé(s) le : mercredi 14 février 2018 - 13:25:23

Fichier

 Accès restreint
Fichier visible le : 2019-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Daniel Borbor, Lingyu Wang, Sushil Jajodia, Anoop Singhal. Diversifying Network Services Under Cost Constraints for Better Resilience Against Unknown Attacks. Silvio Ranise; Vipin Swarup. 30th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2016, Trento, Italy. Springer International Publishing, Lecture Notes in Computer Science, LNCS-9766, pp.295-312, 2016, Data and Applications Security and Privacy XXX. 〈10.1007/978-3-319-41483-6_21〉. 〈hal-01633677〉

Partager

Métriques

Consultations de la notice

20