Network Security Toolkit Including Heuristic Solutions for Trust System Placement and Network Obfuscation

Abstract

For Part I, a supervisory control and data acquisition (SCADA) network consists of a group stations and substations in a portion of the power grid. The use of Internet technology in SCADA communications as well as other factors has caused vulnerabilities. One idea to help mitigate this risk is to strategically place trust nodes to compartmentalize and secure the SCADA systems without disturbing its finely honed processes. The trust nodes combine firewall and intrusion detection technology to provide more secure communication. An optimal solution to this problem has already been developed using a mixed-integer linear programming model. Because the problem is provably NP-Hard, a heuristic solution is presented in this part. The heuristic can find good, but not optimal, solutions. Experiments are promising that the proposed heuristic technique is close to optimal while arriving at results much quicker. For Part II, dynamically modifying the defense structure could be used to prevent adversaries from gathering intelligence, seriously inhibiting their ability to conduct attacks successfully. Work has already been done using a mixed-integer linear programming model (MILPM) to solve the multi-commodity capacitated network design problem (MCNDP) to create dynamically change routes and possibly topologies within a network. Information flows in the network can be periodically routed on different paths through the network so that traffic patterns change and adversaries have to work much harder to map the network. The MILPM solution offers a good baseline for caparison of any heuristic trying to solve the same problem. In this part, a heuristic approach to network obfuscation is proposed. The heuristic shows favorable results when compared to the MILPM solution

    Similar works