Advanced Networks Colloquium: Marinos Dimolianis, "Mitigation of Multi-Vector Network Attacks"
Friday, April 12, 2019
1146 A.V. Williams Building
Advanced Networks Colloquium
Mitigation of Multi-Vector Network Attacks via Orchestration of Distributed Rule Placeme
National and Technical University of Athens
In this paper we propose a framework for mitigating detected multi-vector anomalies in typical enterprise networks via the distribution of Access Control Rules. Our distributed, non-proprietary approach takes advantage of the capabilities offered by all devices along an attack path enhancing their mitigation potential. These devices are organized into distinct defense stages and network operators express their defense preferences for specific attack types. Our mechanism automatically assigns generic mitigation rules to each stage. Subsequently, device-specific access control rules are generated and seamlessly distributed to the corresponding defense stages of the network substrate via commonly used protocols. The proposed mitigation schema models the rule assignment to defense stages as a Generalized Assignment Problem. Items, i.e. generic mitigation rules, are assigned to bins, i.e. defense stages, based on capacity constraints and reward values guided by operator policies. Our approach considers reducing the GAP input size to enable reasonable execution of the resulting integer programming formulation. This is accomplished by aggregating malicious IP sources into prefixes and organizing rules into groups. The proposed mechanism is validated in a proof of concept prototype, used to mitigate realistic multi-vector attack scenarios.
Marinos Dimolianis is a passionate researcher currently pursuing a PhD Degree in Network Management and Network Security at National and Technical University of Athens (NTUA). He possesses a Master's degree, is a Cisco Certified Network Associate and has proven experience in research industry. He has worked for Nokia in the past and has participated / participates in many GÉANT (pan European data network) projects. He is always keen on learning new things and adores the way that Internet operates.