Go to DBLP homepageVulnerability-Aware Resilient Networks: Software Diversity-Based Network Adaptation
Abstract: By leveraging the principle of software polyculture to ensure security in a network, we propose a vulnerability-based software diversity metric to determine how a network topology can be adapted to minimize security vulnerability while maintaining maximum network connectivity. Our proposed metric estimates the software diversity of the node using the vulnerabilities of software packages installed on nearby nodes on attack paths reachable to the node. Our software diversity-based adaptation (SDA) scheme employs the diversity of each node for edge adaptations. These adaptations include the removal of edges that expose high security vulnerability as well as the potential addition of edges between certain nodes with low vulnerabilities associated with them. To validate the proposed SDA scheme, we conduct extensive experiments comparing our approach with counterpart baseline schemes in real networks. Our simulation results demonstrate that SDA outperforms these existing counterparts. We discuss insights into these findings in terms of the effectiveness and efficiency of the proposed SDA scheme under three real network topologies with vastly different network densities.
External IDs:dblp:journals/tnsm/ZhangCMC21
Loading