Towards automated cyber decision support: A case study on network segmentation for security

  title={Towards automated cyber decision support: A case study on network segmentation for security},
  author={Neal Wagner and Cem Safak Sahin and Michael L. Winterrose and James Riordan and Jaime Pe{\~n}a and Diana Hanson and William W. Streilein},
  journal={2016 IEEE Symposium Series on Computational Intelligence (SSCI)},
Network segmentation is a security measure that partitions a network into sections or segments to restrict the movement of a cyber attacker and make it difficult for her to gain access to valuable network resources. This threat-mitigating practice has been recommended by several information security agencies. While it is clear that segmentation is a critical defensive mitigation against cyber threats, it is not clear how to properly apply it. Current standards only offer vague guidance on how… 
A nature-inspired decision system for secure cyber network architecture
A cyber decision support system that automatically generates security-optimized segmentation architectures for network environments subject to dynamically-changing cyber threats is proposed and demonstrated via a case study on a representative network environment under an evolving cyber attack.
Capturing the security effects of network segmentation via a continuous-time markov chain model
This study examines an alternative method for evaluating segmentation architectures utilizing a continuous-time Markov chain to model changes in network state based on relevant network parameters such as vulnerability arrival rate, patch rate, etc.
A Trilevel Model for Segmentation of the Power Transmission Grid Cyber Network
A novel trilevel programming model is developed to opti- mally segment a grid communication system, taking into account the actions of an information technolology (IT) administrator, attacker, and grid operator.
Deployment Decision Support for Mitigating Cyber Attacks on Wireless Sensor Networks
Results show that routing protocol and sensor placement have substantial impact on the behavior and lifetime of WSN during cyber attack; analyzing this behavior aids in deciding on a sensor deployment.
Network Segmentation and Zero Trust Architectures
While network segmentation shares similar goals with zero trust architecture, it has fundamental incompatibilities that prevent it from being a useful security enhancement within a ZTA.
Cyber-Physical Architecture for Automated Responses (CyPhAAR) Using SDN in Adversarial OT Environments
This paper presents a formulation of a novel tradeoff analysis and its use in advancing a cyber-physical architecture for automated responses (CyPhAAR), which should evaluate the mitigation benefits of responses versus the physical affects that result.
Learning Security Strategies through Game Play and Optimal Stopping
The interaction between an attacker and a defender is formulated as an optimal stopping game and let attack and defense strategies evolve through reinforcement learning and self-play to produce effective defender strategies for a practical IT infrastructure.
The Automation of Network Micro Segmentation Environment is used to configure the network and systems automatically and protects the sensitive data from hackers by allowing the data to be visible only to the selected users.
Development of Sectoral Intellectualized Expert Systems and Decision Making Support Systems in Cybersecurity
The paper considers the prerequisites for the integration of various expert and decision support systems for information security and cybersecurity. Analyzed the possibility of sectoral pooling and
Emerging Network Security Issues in Modern Tertiary Institutions
This work analyzes emerging network security issues at modern tertiary institutions and draws appropriate conclusions on remediation approaches, achieved through desktop reviews and qualitative analysis of collected data.


Quantifying the mission impact of network-level cyber defensive mitigations
This paper examine network-level cyber defensive mitigations and quantify their impact on network security and mission performance and introduces a novel, unified metric for mitigation effectiveness that takes into account both of these perspectives and provides a single measurement that is convenient and easily accessible to security practitioners.
Quantitative analysis of the mission impact for host-level cyber defensive mitigations
The goal is to investigate the network-scale effects of various host-level defensive mitigations both from the standpoint of cyber security and mission impact, and utilizes a hierarchical framework to model a complex cyber system at multiple, appropriate scales.
A hybrid dynamic decision making methodology for defensive information technology contingency measure selection in the presence of cyber threats
The application of a simulation-based hybrid analytic dynamic forecasting methodology that combines the techniques of analytic hierarchy process, factor analysis, and spanning tree to the problem of selecting among a set contingency measures following events which place the organizational mission at risk is presented.
Towards Net-Centric Cyber Survivability for Ballistic Missile Defense
This paper proposes a net-centric architecture for augmenting the survivability of critical DoDNet-centric systems, and presents an illustration-of-concept prototype implementation, and describes its role in a ballistic-missile exercise.
Cyber Situational Awareness - Issues and Research
This book seeks to establish state of the art in cyber situational awareness area to set course for future research and elaborate on the fundamental challenges facing the research community and identify promising solutions paths.
Case study: an intelligent decision support system
A software system that combines prediction, optimization, and adaptation techniques has generated impressive profits for a large auto manufacturer.
Malware Propagation in Large-Scale Networks
A rigorous two layer epidemic model for malware propagation from network to network is established, and analysis indicates that the distribution of a given malware follows exponential distribution, power law distribution with a short exponential tail, and powerLaw distribution at its early, late and final stages, respectively.
Security on the Internet.
  • B. Busby
  • Computer Science
    Health physics
  • 1997
The Internet is not a single network, but a worldwide collection of loosely connected networks that are accessible by individual computer hosts in a variety of ways, including gateways, routers, dialup connections, and Internet service providers.
Genetic Algorithms + Data Structures = Evolution Programs
  • Z. Michalewicz
  • Computer Science, Economics
    Springer Berlin Heidelberg
  • 1996
GAs and Evolution Programs for Various Discrete Problems, a Hierarchy of Evolution Programs and Heuristics, and Conclusions.