Abstract | ||
---|---|---|
System administrators frequently use Intrusion Detection and Prevention Systems (IDPS) and host security mechanisms, such as firewalls and mandatory access control, to protect their hosts from remote adversaries. The usual techniques for placing network monitoring and intrusion prevention apparatuses in the network do not account for host flows and fail to defend against vulnerabilities resulting from minor modifications to host configurations. Therefore, despite widespread use of these methods, the task of security remains largely reactive. In this paper, we propose an approach to automate a minimal mediation placement for network and host flows. We use Intrusion Prevention System (IPS) as a replacement for certain host mediations. Due to the large number of flows at the host level, we summarize information flows at the composite network level, using a conservative estimate of the host mediation. Our summary technique reduces the number of relevant network nodes in our example network by 80% and improves mediation placement speed by 87.5%. In this way, we effectively and efficiently compute network-wide defense placement for comprehensive security enforcement. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1007/978-3-642-36563-8_2 | ESSoS |
Keywords | DocType | Citations |
host level,comprehensive security enforcement,host security mechanism,host mediation,certain host mediation,network monitoring,composite network level,security policy,network intrusion prevention,relevant network node,example network,host flow | Conference | 4 |
PageRank | References | Authors |
0.42 | 16 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Nirupama Talele | 1 | 30 | 3.02 |
Jason Teutsch | 2 | 120 | 16.84 |
T Jaeger | 3 | 2635 | 255.67 |
Robert F. Erbacher | 4 | 202 | 27.65 |