Sciweavers

NDSS
2006
IEEE

Enterprise Security: A Community of Interest Based Approach

14 years 6 months ago
Enterprise Security: A Community of Interest Based Approach
Enterprise networks today carry a range of mission critical communications. A successful worm attack within an enterprise network can be substantially more devastating to most companies than attacks on the larger Internet. In this paper we explore a brownfield approach to hardening an enterprise network against active malware such as worms. The premise of our approach is that if future communication patterns are constrained to historical “normal” communication patterns, then the ability of malware to exploit vulnerabilities in the enterprise can be severely curtailed. We present techniques for automatically deriving individual host profiles that capture historical communication patterns (i.e., community of interest (COI)) of end hosts within an enterprise network. Using traces from a large enterprise network, we investigate how a range of different security policies based on these profiles impact usability (as valid communications may get restricted) and security (how well the ...
Patrick Drew McDaniel, Subhabrata Sen, Oliver Spat
Added 12 Jun 2010
Updated 12 Jun 2010
Type Conference
Year 2006
Where NDSS
Authors Patrick Drew McDaniel, Subhabrata Sen, Oliver Spatscheck, Jacobus E. van der Merwe, William Aiello, Charles R. Kalmanek
Comments (0)