Diversifying Network Services Under Cost Constraints for Better Resilience Against Unknown Attacks

  • Daniel Borbor
  • Lingyu Wang
  • Sushil Jajodia
  • Anoop Singhal
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9766)

Abstract

Diversity as a security mechanism has received revived interest recently due to its potential for improving the resilience of software and networks against unknown attacks. Recent work show diversity can be modeled and quantified as a security metric at the network level. However, such an effort does not directly provide a solution for improving the network diversity, and existing network hardening approaches are largely limited to handling previously known vulnerabilities by disabling existing services. In this paper, we take the first step towards an automated approach to diversifying network services under various cost constraints in order to improve the network’s resilience against unknown attacks. Specifically, we provide a model of network services and formulate the diversification requirements as an optimization problem. We devise optimization and heuristic algorithms for efficiently diversifying relatively large networks under different cost constraints. We also evaluate our approach through simulations.

Copyright information

© IFIP International Federation for Information Processing 2016

Authors and Affiliations

  • Daniel Borbor
    • 1
  • Lingyu Wang
    • 1
  • Sushil Jajodia
    • 2
  • Anoop Singhal
    • 3
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontrealUSA
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA
  3. 3.Computer Security DivisionNational Institute of Standards and TechnologyGaithersburgUSA

Personalised recommendations