Many abstract security measurements are based on characteristics of a graph that represents the network. These are typically simple and quick to compute but are often of little practical use in making real-world predictions. Practical network security is often measured using simulation or real-world exercises. These approaches better represent realistic outcomes but can be costly and time-consuming. This work aims to combine the strengths of these two approaches, developing efficient heuristics that accurately predict attack success. Hyper-heuristic machine learning techniques, trained on network attack simulation training data, are used to produce novel graph-based security metrics. These low-cost metrics serve as an approximation for simulation when measuring network security in real time. The approach is tested and verified using a simulation based on activity from an actual large enterprise network. The results demonstrate the potential of using hyper-heuristic techniques to rapidly evolve and react to emerging cybersecurity threats.
A. S. Pope et al., "Automated Design of Network Security Metrics," Proceedings of the 2018 Genetic and Evolutionary Computation Conference Companion, pp. 1680-1687, Association for Computing Machinery (ACM), Jul 2018.
The definitive version is available at https://doi.org/10.1145/3205651.3208266
2018 Genetic and Evolutionary Computation Conference, GECCO 2018 (2018: Jul. 15-19, Kyoto, Japan)
Keywords and Phrases
Genetic programming; Network security
International Standard Book Number (ISBN)
Article - Conference proceedings
© 2018 The Authors, All rights reserved.