Reference : An integrated security hardening optimization for dynamic networks using security and...
Scientific journals : Article
Engineering, computing & technology : Computer science
Security, Reliability and Trust
An integrated security hardening optimization for dynamic networks using security and availability modeling with multi-objective algorithm
Y. Enoch, Simon mailto [University of Queensland > School of Information Technology and Electrical Engineering]
Rodrigues de Mendonça Neto, Júlio mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX >]
B. Hong, Jin mailto [University of Western Australia > Department of Computer Science and Software Engineering]
Ge, Mengmeng mailto [RMIT University > School of Computing Technologies]
Kim, Dong Seong mailto [University of Queensland > School of Information Technology and Electrical Engineering]
Computer Networks
Yes (verified by ORBilu)
[en] The dynamicity of today’s networks has created uncertainties for security administrators about the defense options to deploy. In this paper, we consider the administrator’s challenge of selecting and deploying the best set of heterogeneous security hardening solutions for dynamic networks given multiple constraints (such as fixed budget, availability of hardening measures, performance degradation, non-patchable vulnerabilities, etc). The current state of the art does not focus on the dynamic characteristic of modern networks, where the effectiveness of defenses is affected by changes in the networks. Hence, we approach this challenge by developing an integrated method to effectively compute optimal defense solutions for dynamic networks given multiple objectives and constraints. The proposed approach works in the following five phases: (1) input/data collection, (2) model construction (using temporal-graph-based security model and Generalized Stochastic Petri Nets), (3) defense evaluator (based on security metrics), (4) Pareto optimal set evaluator (using Non dominated Sorting Genetic Algorithm), and (5) optimal solution evaluator (based on Weighted Sum Model). To demonstrate the feasibility of the proposed approach, we use a real-world case study while taking into account both the vulnerabilities that are patchable and non-patchable. We investigated the sensitivity of the model parameters based on the dynamic network, and the result showed a good result for values from 0.1–0.4 for the mutation probability while the crossover did not change for all the values. Furthermore, we compared the dynamic network optimization results to a static network and the evaluation shows that our proposed approach could aid a security administrator in selecting the best defense options to deploy for modern networks that are dynamic, with at least 75% and 62.50% of the defense Pareto points appearing in consecutive and in all network states, respectively. Moreover, it also provides an insight into the benefit of each defense option before the deployment.

File(s) associated to this reference

Fulltext file(s):

Limited access
compnw108864.pdfPublisher postprint1.56 MBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.