Measuring the efficiency of SDN mitigations against attacks on computer infrastructures
R. Koning, B. de Graaff, G. Polevoy, R. Meijer, C. de Laat, P. Grosso, Future Generation Computer Systems (2018).
Download
No fulltext has been uploaded.
Journal Article
| English
Author
Koning, R.;
de Graaff, B.;
Polevoy, GlebLibreCat;
Meijer, R.;
de Laat, C.;
Grosso, P.
Department
Abstract
Software Defined Networks (SDN) and Network Function Virtualisation (NFV) provide the basis for autonomous response and mitigation against attacks on networked computer infrastructures. We propose a new framework that uses SDNs and NFV to achieve this goal: Secure Autonomous Response Network (SARNET). In a SARNET, an agent running a control loop constantly assesses the security state of the network by means of observables. The agent reacts to and resolves security problems, while learning from its previous decisions. Two main metrics govern the decision process in a SARNET: impact and efficiency; these metrics can be used to compare and evaluate countermeasures and are the building blocks for self-learning SARNETs that exhibit autonomous response. In this paper we present the software implementation of the SARNET framework, evaluate it in a real-life network and discuss the tradeoffs between parameters used by the SARNET agent and the efficiency of its actions.
Keywords
Publishing Year
Journal Title
Future Generation Computer Systems
ISSN
LibreCat-ID
Cite this
Koning R, de Graaff B, Polevoy G, Meijer R, de Laat C, Grosso P. Measuring the efficiency of SDN mitigations against attacks on computer infrastructures. Future Generation Computer Systems. 2018. doi:https://doi.org/10.1016/j.future.2018.08.011
Koning, R., de Graaff, B., Polevoy, G., Meijer, R., de Laat, C., & Grosso, P. (2018). Measuring the efficiency of SDN mitigations against attacks on computer infrastructures. Future Generation Computer Systems. https://doi.org/10.1016/j.future.2018.08.011
@article{Koning_de Graaff_Polevoy_Meijer_de Laat_Grosso_2018, title={Measuring the efficiency of SDN mitigations against attacks on computer infrastructures}, DOI={https://doi.org/10.1016/j.future.2018.08.011}, journal={Future Generation Computer Systems}, author={Koning, R. and de Graaff, B. and Polevoy, Gleb and Meijer, R. and de Laat, C. and Grosso, P.}, year={2018} }
Koning, R., B. de Graaff, Gleb Polevoy, R. Meijer, C. de Laat, and P. Grosso. “Measuring the Efficiency of SDN Mitigations against Attacks on Computer Infrastructures.” Future Generation Computer Systems, 2018. https://doi.org/10.1016/j.future.2018.08.011.
R. Koning, B. de Graaff, G. Polevoy, R. Meijer, C. de Laat, and P. Grosso, “Measuring the efficiency of SDN mitigations against attacks on computer infrastructures,” Future Generation Computer Systems, 2018.
Koning, R., et al. “Measuring the Efficiency of SDN Mitigations against Attacks on Computer Infrastructures.” Future Generation Computer Systems, 2018, doi:https://doi.org/10.1016/j.future.2018.08.011.