Research Summaries

Back Adapting to Dynamic Cyber Threats through Continuous Deployment of Firewall Rules

Fiscal Year 2021
Division Graduate School of Operational & Information Sciences
Department Computer Science
Investigator(s) Monaco, John V.
Singh, Gurminder
Sponsor Army Network Enterprise Technology Command (Army)
Summary This project will quantify the dynamic threats that exist on a live network and address the need to continuously deploy firewall rules that aim to mitigate moving targets. This work will not replace the network administrator, but rather provide the administrator with a curated shortlist of recommendations consisting of firewall rule additions and deletions. These recommendations will be formed by modeling the ingress and egress filters specified by domain experts, analyzing the traffic on a live network, and recommending new rules with a machine learning model. The project will deliver 1) a dataset that contains known benign and malicious traffic labeled through domain expertise and used to facilitate model specification; 2) an analysis of the dataset summarizing known threats; 3) a firewall rule recommendation system which facilitates continuous rule deployment, providing capabilities beyond current generation firewalls; 4) a technical report summarizing work performed; 5) documentation summarizing data processing workflow.
Keywords
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal