|
This goal of this project is development of a formal method to quantitatively assess the security posture of large networks and assign them a numeric score. Large networks are made up of a collection of individual machines, which exhibit more stable behavior and features as a group than at the IP level, where each host is inspected separately. Networks at an aggregate level thus carry more predictive power, enabling a more robust and accurate policy design.
A large-scale statistical analysis of network data forms the basis of two sets of metrics. The first concerns a network as a standalone entity irrespective of other networks in the same ecosystem. The second concerns a network as one of many inter-connected networks. This second set is crucial due to the fact that the actions of one network affect its neighbor networks. If a network tolerates malicious behavior, its network neighbors feel the impact.
This project enables network operators to design network security policies that can be meaningfully applied at a network or organizational level, for example peering arrangements between Internet Service Providers, traffic routing decisions, and incentive mechanisms (e.g., cyber insurance) aimed at encouraging better security practices and investment by organizations. The outcome of this project is thus expected to have significant impact on security and incentive policy design across the very core of the Internet.
|
TWC: Small: Understanding Network Level Malicious Activities: Classification, Community Detection and Inference of Security Interdependence