Towards automated cyber decision support: A case study on network segmentation for security

@article{Wagner2016TowardsAC,
  title={Towards automated cyber decision support: A case study on network segmentation for security},
  author={Neal Wagner and Cem Safak Sahin and Michael L. Winterrose and James Riordan and Jaime Pe{\~n}a and Diana Hanson and William W. Streilein},
  journal={2016 IEEE Symposium Series on Computational Intelligence (SSCI)},
  year={2016},
  pages={1-10}
}
Network segmentation is a security measure that partitions a network into sections or segments to restrict the movement of a cyber attacker and make it difficult for her to gain access to valuable network resources. This threat-mitigating practice has been recommended by several information security agencies. While it is clear that segmentation is a critical defensive mitigation against cyber threats, it is not clear how to properly apply it. Current standards only offer vague guidance on how… 
A nature-inspired decision system for secure cyber network architecture
TLDR
A cyber decision support system that automatically generates security-optimized segmentation architectures for network environments subject to dynamically-changing cyber threats is proposed and demonstrated via a case study on a representative network environment under an evolving cyber attack.
Capturing the security effects of network segmentation via a continuous-time markov chain model
TLDR
This study examines an alternative method for evaluating segmentation architectures utilizing a continuous-time Markov chain to model changes in network state based on relevant network parameters such as vulnerability arrival rate, patch rate, etc.
Automatic Generation of Cyber Architectures Optimized for Security, Cost, and Mission Performance: A Nature-Inspired Approach
TLDR
An automated method for generating segmentation architectures optimized for security, cost, and mission performance is proposed that employs a hybrid approach that combines nature-inspired optimization with cyber risk modeling and simulation to construct candidate architectures, evaluate them, and intelligently search the space of possible architectures to hone in on effective ones.
A Trilevel Model for Segmentation of the Power Transmission Grid Cyber Network
TLDR
A novel trilevel programming model is developed to optimally segment a grid communication system, taking into account the actions of an information technolology (IT) administrator, attacker, and grid operator.
Assessing security risk for wireless sensor networks under cyber attack
TLDR
A novel method for evaluating how a given sensor deployment pattern may withstand a DoS attack based on agent-based simulation is proposed and its feasibility is illustrated as part of a future decision support system.
Network Segmentation and Zero Trust Architectures
TLDR
While network segmentation shares similar goals with zero trust architecture, it has fundamental incompatibilities that prevent it from being a useful security enhancement within a ZTA.
Cyber-Physical Architecture for Automated Responses (CyPhAAR) Using SDN in Adversarial OT Environments
TLDR
This paper presents a formulation of a novel tradeoff analysis and its use in advancing a cyber-physical architecture for automated responses (CyPhAAR), which should evaluate the mitigation benefits of responses versus the physical affects that result.
AUTOMATION OF NETWORK MICRO SEGMENTATION
TLDR
The Automation of Network Micro Segmentation Environment is used to configure the network and systems automatically and protects the sensitive data from hackers by allowing the data to be visible only to the selected users.
Development of Sectoral Intellectualized Expert Systems and Decision Making Support Systems in Cybersecurity
The paper considers the prerequisites for the integration of various expert and decision support systems for information security and cybersecurity. Analyzed the possibility of sectoral pooling and
...
1
2
...

References

SHOWING 1-10 OF 35 REFERENCES
Quantifying the mission impact of network-level cyber defensive mitigations
TLDR
This paper examine network-level cyber defensive mitigations and quantify their impact on network security and mission performance and introduces a novel, unified metric for mitigation effectiveness that takes into account both of these perspectives and provides a single measurement that is convenient and easily accessible to security practitioners.
Quantitative analysis of the mission impact for host-level cyber defensive mitigations
TLDR
The goal is to investigate the network-scale effects of various host-level defensive mitigations both from the standpoint of cyber security and mission impact, and utilizes a hierarchical framework to model a complex cyber system at multiple, appropriate scales.
A hybrid dynamic decision making methodology for defensive information technology contingency measure selection in the presence of cyber threats
TLDR
The application of a simulation-based hybrid analytic dynamic forecasting methodology that combines the techniques of analytic hierarchy process, factor analysis, and spanning tree to the problem of selecting among a set contingency measures following events which place the organizational mission at risk is presented.
Towards Net-Centric Cyber Survivability for Ballistic Missile Defense
TLDR
This paper proposes a net-centric architecture for augmenting the survivability of critical DoDNet-centric systems, and presents an illustration-of-concept prototype implementation, and describes its role in a ballistic-missile exercise.
Cyber Situational Awareness - Issues and Research
TLDR
This book seeks to establish state of the art in cyber situational awareness area to set course for future research and elaborate on the fundamental challenges facing the research community and identify promising solutions paths.
Case study: an intelligent decision support system
TLDR
A software system that combines prediction, optimization, and adaptation techniques has generated impressive profits for a large auto manufacturer.
Malware Propagation in Large-Scale Networks
TLDR
A rigorous two layer epidemic model for malware propagation from network to network is established, and analysis indicates that the distribution of a given malware follows exponential distribution, power law distribution with a short exponential tail, and powerLaw distribution at its early, late and final stages, respectively.
BeyondCorp: A New Approach to Enterprise Security
TLDR
Google is taking a different approach to network security, removing the requirement for a privileged intranet and moving the authors' corporate applications to the Internet.
...
1
2
3
4
...