DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1085984
Title:
Automatic Generation of Cyber Architectures Optimized for Security, Cost, and Mission Performance: A Nature-inspired Approach
Corporate Author:
MIT Lincoln Laboratory Lexington United States
Report Date:
2018-08-29
Abstract:
Network segmentation refers to the practice of partitioning a computer network into multiple segments and restricting communications between segments to inhibit a cyber attackers ability to move and spread infection. While segmentation is widely recommended by cyber security experts, there is no clear guidance on what segmentation architectures are best to maximize a networks security posture. Additionally, the security gained by segmentation does not come without cost. Segmentation architectures require resources to implement and may also cause degradation of mission performance. Network administrators currently rely on judgment to construct segmentation architectures that maximize security while minimizing resource cost and mission degradation. This paper proposes an automated method for generating segmentation architectures optimized for security, cost, and mission performance. The method employs a hybrid approach that combines nature-inspired optimization with cyber risk modeling and simulation to construct candidate architectures, evaluate them, and intelligently search the space of possible architectures to hone in on effective ones. We implement the method in a prototype decision system and demonstrate the system via a case study on a representative network environment under cyber attack.
Descriptive Note:
Conference Paper
Supplementary Note:
Advances in Nature-Inspired Computing and Applications, 01 Jan 0001, 01 Jan 0001, Part of the EAI/Springer Innovations in Communication and Computingbook series (EAISICC)
Pages:
0012
Distribution Statement:
Approved For Public Release;
Contract Number 2:
FA8702-15-D-0002, FA8702-15-D-0001
File Size:
1.85MB
