Designing Scalable and Effective Decision Support for Mitigating Attacks in Large Enterprise Networks

Managing numerous security vulnerabilities has long been a difficult and daunting task especially due to the complexity, heterogeneity, and various operational constraints of the network. In this paper, we focus on the task of mitigating and managing network-device-specific vulnerabilities automatically and intelligently. We achieve the goal by a scalable, interactive, topology-aware framework that can provide mitigation actions at selectively chosen devices. The intuition behind our work is that more and more network devices are becoming security-capable so that they can be collectively used to achieve security goals while satisfying certain network policies. The intelligence utilizes integer programming to optimize a quantifiable objective conforming to the policy of a given network. An example would be to find the minimum number of network devices to install filters to effectively protect the entire network against potential attacks from external untrusted sources. The constraints of the integer programming are mainly based on the network topology and settings of vulnerable devices and untrusted sources. Our novel implementation uses an iterative algorithm to scale to networks of tens of thousands of nodes, and we demonstrate the effectiveness of our framework using both synthetic and realistic network topologies. Besides scalability, our tool is also operationally easy to use by enabling interactivity to input additional constraints during runtime.