Article (Scientific journals)
An integrated security hardening optimization for dynamic networks using security and availability modeling with multi-objective algorithm
Y. Enoch, Simon; Rodrigues de Mendonça Neto, Júlio; B. Hong, Jin et al.
2022In Computer Networks
Peer Reviewed verified by ORBi
 

Files


Full Text
compnw108864.pdf
Publisher postprint (1.6 MB)
Request a copy

All documents in ORBilu are protected by a user license.

Send to



Details



Abstract :
[en] The dynamicity of today’s networks has created uncertainties for security administrators about the defense options to deploy. In this paper, we consider the administrator’s challenge of selecting and deploying the best set of heterogeneous security hardening solutions for dynamic networks given multiple constraints (such as fixed budget, availability of hardening measures, performance degradation, non-patchable vulnerabilities, etc). The current state of the art does not focus on the dynamic characteristic of modern networks, where the effectiveness of defenses is affected by changes in the networks. Hence, we approach this challenge by developing an integrated method to effectively compute optimal defense solutions for dynamic networks given multiple objectives and constraints. The proposed approach works in the following five phases: (1) input/data collection, (2) model construction (using temporal-graph-based security model and Generalized Stochastic Petri Nets), (3) defense evaluator (based on security metrics), (4) Pareto optimal set evaluator (using Non dominated Sorting Genetic Algorithm), and (5) optimal solution evaluator (based on Weighted Sum Model). To demonstrate the feasibility of the proposed approach, we use a real-world case study while taking into account both the vulnerabilities that are patchable and non-patchable. We investigated the sensitivity of the model parameters based on the dynamic network, and the result showed a good result for values from 0.1–0.4 for the mutation probability while the crossover did not change for all the values. Furthermore, we compared the dynamic network optimization results to a static network and the evaluation shows that our proposed approach could aid a security administrator in selecting the best defense options to deploy for modern networks that are dynamic, with at least 75% and 62.50% of the defense Pareto points appearing in consecutive and in all network states, respectively. Moreover, it also provides an insight into the benefit of each defense option before the deployment.
Disciplines :
Computer science
Author, co-author :
Y. Enoch, Simon;  University of Queensland > School of Information Technology and Electrical Engineering
Rodrigues de Mendonça Neto, Júlio ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > CritiX
B. Hong, Jin;  University of Western Australia > Department of Computer Science and Software Engineering
Ge, Mengmeng;  RMIT University > School of Computing Technologies
Kim, Dong Seong;  University of Queensland > School of Information Technology and Electrical Engineering
External co-authors :
yes
Language :
English
Title :
An integrated security hardening optimization for dynamic networks using security and availability modeling with multi-objective algorithm
Publication date :
March 2022
Journal title :
Computer Networks
ISSN :
1389-1286
Publisher :
Elsevier, Amsterdam, Netherlands
Peer reviewed :
Peer Reviewed verified by ORBi
Focus Area :
Security, Reliability and Trust
Available on ORBilu :
since 14 June 2022

Statistics


Number of views
71 (3 by Unilu)
Number of downloads
0 (0 by Unilu)

Scopus citations®
 
2
Scopus citations®
without self-citations
1
OpenCitations
 
0
WoS citations
 
1

Bibliography


Similar publications



Contact ORBilu