Mitigating cyberattacks in fast times has become a strong requirement for the security management of modern virtual computer networks, where attacks are highly mutable and short-term. Firewalls would still represent an effective defense line, but the traditional manual approaches for their configuration are no longer applicable. Besides, even if automatic approaches for firewall configuration have been recently proposed in literature, they still require excessive interaction with human administrators, thus delaying the attack mitigation. Therefore, this paper proposes a looping autonomous process that mitigates ongoing attacks by reconfiguring distributed firewalls in a provably correct and optimized way. This continuously active process includes a policy extraction engine to extract information from the alerts produced by monitoring agents and to produce security policies whose enforcement would stop the detected attack. An implementation of this multi-step process has been validated in realistic use cases to assess its efficacy and efficiency in stopping cyberattacks.
A looping process for cyberattack mitigation / Bringhenti, Daniele; Pizzato, Francesco; Sisto, Riccardo; Valenza, Fulvio. - ELETTRONICO. - (In corso di stampa). (Intervento presentato al convegno 2024 IEEE International Conference on Cyber Security and Resilience tenutosi a London (UK) nel 2-4 September 2024).
A looping process for cyberattack mitigation
Daniele Bringhenti;Francesco Pizzato;Sisto Riccardo;Valenza Fulvio
In corso di stampa
Abstract
Mitigating cyberattacks in fast times has become a strong requirement for the security management of modern virtual computer networks, where attacks are highly mutable and short-term. Firewalls would still represent an effective defense line, but the traditional manual approaches for their configuration are no longer applicable. Besides, even if automatic approaches for firewall configuration have been recently proposed in literature, they still require excessive interaction with human administrators, thus delaying the attack mitigation. Therefore, this paper proposes a looping autonomous process that mitigates ongoing attacks by reconfiguring distributed firewalls in a provably correct and optimized way. This continuously active process includes a policy extraction engine to extract information from the alerts produced by monitoring agents and to produce security policies whose enforcement would stop the detected attack. An implementation of this multi-step process has been validated in realistic use cases to assess its efficacy and efficiency in stopping cyberattacks.File | Dimensione | Formato | |
---|---|---|---|
CSR2024_accepted.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
356.41 kB
Formato
Adobe PDF
|
356.41 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2992167