Enterprise Security: A Community of Interest Based Approach

Patrick McDaniel, Subhabrata Sen, Oliver Spatscheck, Jacobus Van der Merwe, Bill Aiello, Charles Kalmanek

Research output: Chapter in Book/Report/Conference proceedingConference contribution

40 Scopus citations

Abstract

Enterprise networks today carry a range of mission critical communications. A successful worm attack within an enterprise network can be substantially more devastating to most companies than attacks on the larger Internet. In this paper we explore a brownfield approach to hardening an enterprise network against active malware such as worms. The premise of our approach is that if future communication patterns are constrained to historical “normal” communication patterns, then the ability of malware to exploit vulnerabilities in the enterprise can be severely curtailed. We present techniques for automatically deriving individual host profiles that capture historical communication patterns (i.e., community of interest (COI)) of end hosts within an enterprise network. Using traces from a large enterprise network, we investigate how a range of different security policies based on these profiles impact usability (as valid communications may get restricted) and security (how well the policies contain malware). Our evaluations indicate that a simple security policy comprised of our Extended COI-based profile and Relaxed Throttling Discipline can effectively contain worm behavior within an enterprise without significantly impairing normal network operation.

Original languageEnglish (US)
Title of host publicationProceedings of the Symposium on Network and Distributed System Security, NDSS 2006
PublisherThe Internet Society
ISBN (Electronic)1891562223, 9781891562228
StatePublished - 2006
Event13th Symposium on Network and Distributed System Security, NDSS 2006 - San Diego, United States
Duration: Feb 2 2006 → …

Publication series

NameProceedings of the Symposium on Network and Distributed System Security, NDSS 2006

Conference

Conference13th Symposium on Network and Distributed System Security, NDSS 2006
Country/TerritoryUnited States
CitySan Diego
Period2/2/06 → …

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Enterprise Security: A Community of Interest Based Approach'. Together they form a unique fingerprint.

Cite this