Process-oriented security assessment of network services

Abstract

With the development of information technology, more and more business processes and critical missions are delivered and implemented in the form of network services. Such networked processes have become the prime targets of intrusions and the focal point of cyber attack and defense. In analyzing the risk faced by these tasks and operations, existing process-oriented network service security assessment solutions fail to be accurate as they are still centered around system assets in nature. To fill this gap, in this paper, we propose a new process-oriented security assessment method of network services. First, we construct the mathematical model of network processes, which can be described as curves on Riemannian manifolds. We show that the geometry of the manifolds can be characterized through the pullbacks of Riemannian metrics by Neural Networks. Then, from the viewpoint of data, behavior, and objective, we propose consistency, reachability, and robustness, respectively, as the essential attributes in process-oriented security assessment. We also illustrate the detailed quantification of these attributes and the model of assessment. The proposed method is verified using a publicly available OpenStack dataset, and in a simulated distributed system. Experiment results validate the effectiveness of our approach and its superiority over current solutions.