Automatic Generation of Cyber Architectures Optimized for Security, Cost, and Mission Performance: A Nature-inspired Approach
Abstract
Network segmentation refers to the practice of partitioning a computer network into multiple segments and restricting communications between segments to inhibit a cyber attackers ability to move and spread infection. While segmentation is widely recommended by cyber security experts, there is no clear guidance on what segmentation architectures are best to maximize a networks security posture. Additionally, the security gained by segmentation does not come without cost. Segmentation architectures require resources to implement and may also cause degradation of mission performance. Network administrators currently rely on judgment to construct segmentation architectures that maximize security while minimizing resource cost and mission degradation. This paper proposes an automated method for generating segmentation architectures optimized for security, cost, and mission performance. The method employs a hybrid approach that combines nature-inspired optimization with cyber risk modeling and simulation to construct candidate architectures, evaluate them, and intelligently search the space of possible architectures to hone in on effective ones. We implement the method in a prototype decision system and demonstrate the system via a case study on a representative network environment under cyber attack.
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 29, 2018
- Accession Number
- AD1085984
Entities
People
- Cem S. Sahin
- Jaime Pena
- Neal Wagner
- William W. Streilein
Organizations
- MIT Lincoln Laboratory