An automated closed-loop framework to enforce security policies from anomaly detection

Detalhes bibliográficos
Autor(a) principal: Henriques, João
Data de Publicação: 2022
Outros Autores: Caldeira, Filipe, Cruz, Tiago, Simões, Paulo
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10400.19/7411
Resumo: Due to the growing complexity and scale of IT systems, there is an increasing need to automate and streamline routine maintenance and security management procedures, to reduce costs and improve productivity. In the case of security incidents, the implementation and application of response actions require significant efforts from operators and developers in translating policies to code. Even if Machine Learning (ML) models are used to find anomalies, they need to be regularly trained/updated to avoid becoming outdated. In an evolving environment, a ML model with outdated training might put at risk the organization it was supposed to defend. To overcome those issues, in this paper we propose an automated closed-loop process with three stages. The first stage focuses on obtaining the Decision Trees (DT) that classify anomalies. In the second stage, DTs are translated into security Policies as Code based on languages recognized by the Policy Engine (PE). In the last stage, the translated security policies feed the Policy Engines that enforce them by converting them into specific instruction sets. We also demonstrate the feasibility of the proposed framework, by presenting an example that encompasses the three stages of the closed-loop process. The proposed framework may integrate a broad spectrum of domains and use cases, being able for instance to support the decide and the act stages of the ETSI Zero-touch Network & Service Management (ZSM) framework.
id RCAP_e27b2f8610f8e66ce9475a7363a7b3d4
oai_identifier_str oai:repositorio.ipv.pt:10400.19/7411
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling An automated closed-loop framework to enforce security policies from anomaly detectionAutomationPolicy as codeDecision treesMachine learningZero-touch network and service management (ZSM)Due to the growing complexity and scale of IT systems, there is an increasing need to automate and streamline routine maintenance and security management procedures, to reduce costs and improve productivity. In the case of security incidents, the implementation and application of response actions require significant efforts from operators and developers in translating policies to code. Even if Machine Learning (ML) models are used to find anomalies, they need to be regularly trained/updated to avoid becoming outdated. In an evolving environment, a ML model with outdated training might put at risk the organization it was supposed to defend. To overcome those issues, in this paper we propose an automated closed-loop process with three stages. The first stage focuses on obtaining the Decision Trees (DT) that classify anomalies. In the second stage, DTs are translated into security Policies as Code based on languages recognized by the Policy Engine (PE). In the last stage, the translated security policies feed the Policy Engines that enforce them by converting them into specific instruction sets. We also demonstrate the feasibility of the proposed framework, by presenting an example that encompasses the three stages of the closed-loop process. The proposed framework may integrate a broad spectrum of domains and use cases, being able for instance to support the decide and the act stages of the ETSI Zero-touch Network & Service Management (ZSM) framework.Repositório Científico do Instituto Politécnico de ViseuHenriques, JoãoCaldeira, FilipeCruz, TiagoSimões, Paulo2022-11-18T11:49:28Z2022-122022-11-15T18:43:30Z2022-12-01T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articleapplication/pdfhttp://hdl.handle.net/10400.19/7411engHenriques, J., Caldeira, F., Cruz, T., & Simões, P. (2022). An automated closed-loop framework to enforce security policies from anomaly detection. Computers & Security, 123, 102949. https://doi.org/10.1016/j.cose.2022.102949cv-prod-307593110.1016/j.cose.2022.102949info:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-07-08T02:30:36Zoai:repositorio.ipv.pt:10400.19/7411Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T16:45:08.349244Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv An automated closed-loop framework to enforce security policies from anomaly detection
title An automated closed-loop framework to enforce security policies from anomaly detection
spellingShingle An automated closed-loop framework to enforce security policies from anomaly detection
Henriques, João
Automation
Policy as code
Decision trees
Machine learning
Zero-touch network and service management (ZSM)
title_short An automated closed-loop framework to enforce security policies from anomaly detection
title_full An automated closed-loop framework to enforce security policies from anomaly detection
title_fullStr An automated closed-loop framework to enforce security policies from anomaly detection
title_full_unstemmed An automated closed-loop framework to enforce security policies from anomaly detection
title_sort An automated closed-loop framework to enforce security policies from anomaly detection
author Henriques, João
author_facet Henriques, João
Caldeira, Filipe
Cruz, Tiago
Simões, Paulo
author_role author
author2 Caldeira, Filipe
Cruz, Tiago
Simões, Paulo
author2_role author
author
author
dc.contributor.none.fl_str_mv Repositório Científico do Instituto Politécnico de Viseu
dc.contributor.author.fl_str_mv Henriques, João
Caldeira, Filipe
Cruz, Tiago
Simões, Paulo
dc.subject.por.fl_str_mv Automation
Policy as code
Decision trees
Machine learning
Zero-touch network and service management (ZSM)
topic Automation
Policy as code
Decision trees
Machine learning
Zero-touch network and service management (ZSM)
description Due to the growing complexity and scale of IT systems, there is an increasing need to automate and streamline routine maintenance and security management procedures, to reduce costs and improve productivity. In the case of security incidents, the implementation and application of response actions require significant efforts from operators and developers in translating policies to code. Even if Machine Learning (ML) models are used to find anomalies, they need to be regularly trained/updated to avoid becoming outdated. In an evolving environment, a ML model with outdated training might put at risk the organization it was supposed to defend. To overcome those issues, in this paper we propose an automated closed-loop process with three stages. The first stage focuses on obtaining the Decision Trees (DT) that classify anomalies. In the second stage, DTs are translated into security Policies as Code based on languages recognized by the Policy Engine (PE). In the last stage, the translated security policies feed the Policy Engines that enforce them by converting them into specific instruction sets. We also demonstrate the feasibility of the proposed framework, by presenting an example that encompasses the three stages of the closed-loop process. The proposed framework may integrate a broad spectrum of domains and use cases, being able for instance to support the decide and the act stages of the ETSI Zero-touch Network & Service Management (ZSM) framework.
publishDate 2022
dc.date.none.fl_str_mv 2022-11-18T11:49:28Z
2022-12
2022-11-15T18:43:30Z
2022-12-01T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10400.19/7411
url http://hdl.handle.net/10400.19/7411
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Henriques, J., Caldeira, F., Cruz, T., & Simões, P. (2022). An automated closed-loop framework to enforce security policies from anomaly detection. Computers & Security, 123, 102949. https://doi.org/10.1016/j.cose.2022.102949
cv-prod-3075931
10.1016/j.cose.2022.102949
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799130922771021824

Registros relacionados