@inproceedings{0b7bba60c4664687866bf9a8213ac130,
title = "Enterprise Security: A Community of Interest Based Approach",
abstract = "Enterprise networks today carry a range of mission critical communications. A successful worm attack within an enterprise network can be substantially more devastating to most companies than attacks on the larger Internet. In this paper we explore a brownfield approach to hardening an enterprise network against active malware such as worms. The premise of our approach is that if future communication patterns are constrained to historical “normal” communication patterns, then the ability of malware to exploit vulnerabilities in the enterprise can be severely curtailed. We present techniques for automatically deriving individual host profiles that capture historical communication patterns (i.e., community of interest (COI)) of end hosts within an enterprise network. Using traces from a large enterprise network, we investigate how a range of different security policies based on these profiles impact usability (as valid communications may get restricted) and security (how well the policies contain malware). Our evaluations indicate that a simple security policy comprised of our Extended COI-based profile and Relaxed Throttling Discipline can effectively contain worm behavior within an enterprise without significantly impairing normal network operation.",
author = "Patrick McDaniel and Subhabrata Sen and Oliver Spatscheck and {Van der Merwe}, Jacobus and Bill Aiello and Charles Kalmanek",
note = "Publisher Copyright: {\textcopyright} 2006 Proceedings of the Symposium on Network and Distributed System Security, NDSS 2006. All Rights Reserved.; 13th Symposium on Network and Distributed System Security, NDSS 2006 ; Conference date: 02-02-2006",
year = "2006",
language = "English (US)",
series = "Proceedings of the Symposium on Network and Distributed System Security, NDSS 2006",
publisher = "The Internet Society",
booktitle = "Proceedings of the Symposium on Network and Distributed System Security, NDSS 2006",
}