优化网络微分段策略的网络弹性

IF 16.4 1区化学 Q1 CHEMISTRY, MULTIDISCIPLINARY

Accounts of Chemical Research Pub Date : 2021-10-08 DOI:10.1177/15485129211051386

S. Noel, Vipin Swarup, K. Johnsgard

{"title":"优化网络微分段策略的网络弹性","authors":"S. Noel, Vipin Swarup, K. Johnsgard","doi":"10.1177/15485129211051386","DOIUrl":null,"url":null,"abstract":"This paper describes an approach for improving cyber resilience through the synthesis of optimal microsegmentation policy for a network. By leveraging microsegmentation security architecture, we can reason about fine-grained policy rules that enforce access for given combinations of source address, destination address, destination port, and protocol. Our approach determines microsegmentation policy rules that limit adversarial movement within a network according to assumed attack scenarios and mission availability needs. For this problem, we formulate a novel optimization objective function that balances cyberattack risks against accessibility to critical network resources. Given the application of a particular set of policy rules as a candidate optimal solution, this objective function estimates the adversary effort for carrying out a particular attack scenario, which it balances against the extent to which the solution restricts access to mission-critical services. We then apply artificial intelligence techniques (evolutionary programming) to learn microsegmentation policy rules that optimize this objective function.","PeriodicalId":1,"journal":{"name":"Accounts of Chemical Research","volume":null,"pages":null},"PeriodicalIF":16.4000,"publicationDate":"2021-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Optimizing network microsegmentation policy for cyber resilience\",\"authors\":\"S. Noel, Vipin Swarup, K. Johnsgard\",\"doi\":\"10.1177/15485129211051386\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper describes an approach for improving cyber resilience through the synthesis of optimal microsegmentation policy for a network. By leveraging microsegmentation security architecture, we can reason about fine-grained policy rules that enforce access for given combinations of source address, destination address, destination port, and protocol. Our approach determines microsegmentation policy rules that limit adversarial movement within a network according to assumed attack scenarios and mission availability needs. For this problem, we formulate a novel optimization objective function that balances cyberattack risks against accessibility to critical network resources. Given the application of a particular set of policy rules as a candidate optimal solution, this objective function estimates the adversary effort for carrying out a particular attack scenario, which it balances against the extent to which the solution restricts access to mission-critical services. We then apply artificial intelligence techniques (evolutionary programming) to learn microsegmentation policy rules that optimize this objective function.\",\"PeriodicalId\":1,\"journal\":{\"name\":\"Accounts of Chemical Research\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":16.4000,\"publicationDate\":\"2021-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Accounts of Chemical Research\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1177/15485129211051386\",\"RegionNum\":1,\"RegionCategory\":\"化学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"CHEMISTRY, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Accounts of Chemical Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1177/15485129211051386","RegionNum":1,"RegionCategory":"化学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CHEMISTRY, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 3

摘要

本文描述了一种通过综合网络最优微分段策略来提高网络弹性的方法。通过利用微段安全体系结构，我们可以推断出对源地址、目标地址、目标端口和协议的给定组合强制访问的细粒度策略规则。我们的方法确定了微分段策略规则，根据假设的攻击场景和任务可用性需求，限制网络内的对抗运动。针对这个问题，我们制定了一个新的优化目标函数，以平衡网络攻击风险与关键网络资源的可访问性。给定一组特定策略规则的应用程序作为候选最优解决方案，此目标函数估计对手执行特定攻击场景的努力，并将其与解决方案限制访问关键任务服务的程度进行平衡。然后，我们应用人工智能技术(进化编程)来学习优化该目标函数的微分割策略规则。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Optimizing network microsegmentation policy for cyber resilience

This paper describes an approach for improving cyber resilience through the synthesis of optimal microsegmentation policy for a network. By leveraging microsegmentation security architecture, we can reason about fine-grained policy rules that enforce access for given combinations of source address, destination address, destination port, and protocol. Our approach determines microsegmentation policy rules that limit adversarial movement within a network according to assumed attack scenarios and mission availability needs. For this problem, we formulate a novel optimization objective function that balances cyberattack risks against accessibility to critical network resources. Given the application of a particular set of policy rules as a candidate optimal solution, this objective function estimates the adversary effort for carrying out a particular attack scenario, which it balances against the extent to which the solution restricts access to mission-critical services. We then apply artificial intelligence techniques (evolutionary programming) to learn microsegmentation policy rules that optimize this objective function.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Accounts of Chemical Research 化学-化学综合

CiteScore

31.40

自引率

1.10%

发文量

312

审稿时长

2 months

期刊介绍： Accounts of Chemical Research presents short, concise and critical articles offering easy-to-read overviews of basic research and applications in all areas of chemistry and biochemistry. These short reviews focus on research from the author’s own laboratory and are designed to teach the reader about a research project. In addition, Accounts of Chemical Research publishes commentaries that give an informed opinion on a current research problem. Special Issues online are devoted to a single topic of unusual activity and significance. Accounts of Chemical Research replaces the traditional article abstract with an article "Conspectus." These entries synopsize the research affording the reader a closer look at the content and significance of an article. Through this provision of a more detailed description of the article contents, the Conspectus enhances the article's discoverability by search engines and the exposure for the research.