PORTO @ Archivio Istituzionale della Ricerca

Mitigating cyberattacks in fast times has become a strong requirement for the security management of modern virtual computer networks, where attacks are highly mutable and short-term. Firewalls would still represent an effective defense line, but the traditional manual approaches for their configuration are no longer applicable. Besides, even if automatic approaches for firewall configuration have been recently proposed in literature, they still require excessive interaction with human administrators, thus delaying the attack mitigation. Therefore, this paper proposes a looping autonomous process that mitigates ongoing attacks by reconfiguring distributed firewalls in a provably correct and optimized way. This continuously active process includes a policy extraction engine to extract information from the alerts produced by monitoring agents and to produce security policies whose enforcement would stop the detected attack. An implementation of this multi-step process has been validated in realistic use cases to assess its efficacy and efficiency in stopping cyberattacks.

A looping process for cyberattack mitigation / Bringhenti, Daniele; Pizzato, Francesco; Sisto, Riccardo; Valenza, Fulvio. - ELETTRONICO. - (2024), pp. 276-281. (Intervento presentato al convegno 2024 IEEE International Conference on Cyber Security and Resilience tenutosi a London (UK) nel 2-4 September 2024) [10.1109/CSR61664.2024.10679501].

A looping process for cyberattack mitigation

Daniele Bringhenti;Francesco Pizzato;Sisto Riccardo;Valenza Fulvio
2024

Abstract

Mitigating cyberattacks in fast times has become a strong requirement for the security management of modern virtual computer networks, where attacks are highly mutable and short-term. Firewalls would still represent an effective defense line, but the traditional manual approaches for their configuration are no longer applicable. Besides, even if automatic approaches for firewall configuration have been recently proposed in literature, they still require excessive interaction with human administrators, thus delaying the attack mitigation. Therefore, this paper proposes a looping autonomous process that mitigates ongoing attacks by reconfiguring distributed firewalls in a provably correct and optimized way. This continuously active process includes a policy extraction engine to extract information from the alerts produced by monitoring agents and to produce security policies whose enforcement would stop the detected attack. An implementation of this multi-step process has been validated in realistic use cases to assess its efficacy and efficiency in stopping cyberattacks.
2024
979-8-3503-7536-7
4.1 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
CSR2024_accepted.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 356.41 kB
Formato Adobe PDF
Visualizza/Apri
356.41 kB Adobe PDF Visualizza/Apri
CSR2024_vor.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 418.08 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
418.08 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2992167