@inproceedings{17667,
  abstract     = {{Resolving distributed attacks benefits from collaboration between networks. We present three approaches for the same multi-domain defensive action that can be applied in such an alliance: 1) Counteract Everywhere, 2) Minimize Countermeasures, and 3) Minimize Propagation. First, we provide a formula to compute efficiency of a defense; then we use this formula to compute the efficiency of the approaches under various circumstances. Finally, we discuss how task execution order and timing influence defense efficiency. Our results show that the Minimize Propagation approach is the most efficient method when defending against the chosen attack.}},
  author       = {{Koning, Ralph and Polevoy, Gleb and Meijer, Lydia and de Laat, Cees and Grosso, Paola}},
  booktitle    = {{2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom)}},
  issn         = {{null}},
  keywords     = {{computer network security, multinetwork environments, multidomain defensive action, task execution order, timing influence defense efficiency, distributed attacks, collaborative security defence approach, minimize propagation approach, minimize countermeasure approach, counteract everywhere approach, Conferences, Cloud computing, Computer crime, Edge computing, Security, Defense Approaches, Multi-Domain Defense, Collaborative Defense, Defense Algorithms, Computer Networks}},
  pages        = {{113--123}},
  title        = {{{Approaches for Collaborative Security Defences in Multi Network Environments}}},
  doi          = {{10.1109/CSCloud/EdgeCom.2019.000-9}},
  year         = {{2019}},
}

@article{17666,
  abstract     = {{Software Defined Networks (SDN) and Network Function Virtualisation (NFV) provide the basis for autonomous response and mitigation against attacks on networked computer infrastructures. We propose a new framework that uses SDNs and NFV to achieve this goal: Secure Autonomous Response Network (SARNET). In a SARNET, an agent running a control loop constantly assesses the security state of the network by means of observables. The agent reacts to and resolves security problems, while learning from its previous decisions. Two main metrics govern the decision process in a SARNET: impact and efficiency; these metrics can be used to compare and evaluate countermeasures and are the building blocks for self-learning SARNETs that exhibit autonomous response. In this paper we present the software implementation of the SARNET framework, evaluate it in a real-life network and discuss the tradeoffs between parameters used by the SARNET agent and the efficiency of its actions.}},
  author       = {{Koning, R. and de Graaff, B. and Polevoy, Gleb and Meijer, R. and de Laat, C. and Grosso, P.}},
  issn         = {{0167-739X}},
  journal      = {{Future Generation Computer Systems}},
  keywords     = {{Software defined networks, Network function virtualization, Cyber attacks, Cyber security, Defense efficiency, Overlay networks}},
  title        = {{{Measuring the efficiency of SDN mitigations against attacks on computer infrastructures}}},
  doi          = {{https://doi.org/10.1016/j.future.2018.08.011}},
  year         = {{2018}},
}