Share Email Print
cover

Proceedings Paper

Semantic policy and adversarial modeling for cyber threat identification and avoidance
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

Paper Details

Date Published: 29 April 2009
PDF: 9 pages
Proc. SPIE 7350, Defense Transformation and Net-Centric Systems 2009, 735006 (29 April 2009); doi: 10.1117/12.818601
Show Author Affiliations
Anton DeFrancesco, Securboration Inc. (United States)
Bruce McQueary, Securboration Inc. (United States)


Published in SPIE Proceedings Vol. 7350:
Defense Transformation and Net-Centric Systems 2009
Raja Suresh, Editor(s)

© SPIE. Terms of Use
Back to Top