Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
Behavior-Driven Security Policy Enforcement on High Bandwidth Networks
Noferesti, Morteza | 2019
459
Viewed
- Type of Document: Ph.D. Dissertation
- Language: Farsi
- Document No: 52453 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Jalili, Rasool
- Abstract:
- High-bandwidth network analysis is challenging, resource consuming, and inaccurate due to the high volume, velocity, and variety characteristics of the network traffic. Today's high-bandwidth networks require adaptive analyzing approaches to recognize the network variable behaviors. The analyzing approaches should be robust against the lack of prior knowledge and provide data to impose more complex policies.This thesis introduces complex policy relation and proposes a two-layer framework to enforce complex policies, named HB2DS. The proposed framework is equipped with the mechanism and policy layers. The mechanism layer processes network packets header and payload to generate a flow stream. The flow stream is analyzed in the policy layer to detect user behaviors and enforce security policies. The proposed framework satisfies the main constraints existing in analyzing of high network bandwidth, namely online learning, noise handling, one-pass processing, delay, and memory limitation. Our evaluation through simulation and implimentation indicates significant improvement in developing high bandwidth security systems in terms of accuracy and efficiency.The main module of HB2DS is ACoPE, proposed as an adaptive semisupervised learning approach for complex-policy enforcement. ACoPE detects and maintains inter-ows relationships to impose complex-policies. It employs a statistical process control technique to monitor accuracy. Whenever the accuracy decreased, ACoPE considers it as a changed behavior and uses data from a deep packet inspection module to adapt itself with the change. The effectiveness of ACoPE to impose complex-policies are confirmed through three different scenarios. Efficiency and accuracy of ACoPE in real high-bandwidth networks are evaluated through a pilot study
- Keywords:
- Security Policy Enforcement ; High Band Width Analysis ; Data Stream Processing ; Complex Policy ; Semi-Supervised Learning
Digital Object List-
محتواي کتاب - view
Bookmark