A comprehensive approach to enterprise network security management

Homer, John

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / Xinming (Simon) Ou / Enterprise network security management is a vitally important task, more so now than ever before. Networks grow ever larger and more complex, and corporations, universities, government agencies, etc. rely heavily on the availability of these networks. Security in enterprise networks is constantly threatened by thousands of known software vulnerabilities, with thousands more discovered annually in a wide variety of applications. An overwhelming amount of data is relevant to the ongoing protection of an enterprise network. Previous works have addressed the identification of vulnerabilities in a given network and the aggregated collection of these vulnerabilities in an attack graph, clearly showing how an attacker might gain access to or control over network resources. These works, however, do little to address how to evaluate or properly utilize this information. I have developed a comprehensive approach to enterprise network security management. Compared with previous methods, my approach realizes these issues as a uniform desire for provable mitigation of risk within an enterprise network. Attack graph simplification is used to improve user comprehension of the graph data and to enable more efficient use of the data in risk assessment. A sound and effective quantification of risk within the network produces values that can form a basis for valuation policies necessary for the application of a SAT solving technique. SAT solving resolves policy conflicts and produces an optimal reconfiguration, based on the provided values, which can be verified by a knowledgeable human user for accuracy and applicability within the context of the enterprise network. Empirical study shows the effectiveness and efficiency of these approaches, and also indicates promising directions for improvements to be explored in future works. Overall, this research comprises an important step toward a more automated security management initiative.

Enterprise network security analysis

Risk assessment

Attack Graph

Security metric

Computer Science (0984)

Ontology mapping: a logic-based approach with applications in selected domains

Wong, Alfred Ka Yiu, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2008

In advent of the Semantic Web and recent standardization efforts, Ontology has quickly become a popular and core semantic technology. Ontology is seen as a solution provider to knowledge based systems. It facilitates tasks such as knowledge sharing, reuse and intelligent processing by computer agents. A key problem addressed by Ontology is the semantic interoperability problem. Interoperability in general is a common problem in different domain applications and semantic interoperability is the hardest and an ongoing research problem. It is required for systems to exchange knowledge and having the meaning of the knowledge accurately and automatically interpreted by the receiving systems. The innovation is to allow knowledge to be consumed and used accurately in a way that is not foreseen by the original creator. While Ontology promotes semantic interoperability across systems by unifying their knowledge bases through consensual understanding, common engineering and processing practices, it does not solve the semantic interoperability problem at the global level. As individuals are increasingly empowered with tools, ontologies will eventually be created more easily and rapidly at a near individual scale. Global semantic interoperability between heterogeneous ontologies created by small groups of individuals will then be required. Ontology mapping is a mechanism for providing semantic bridges between ontologies. While ontology mapping promotes semantic interoperability across ontologies, it is seen as the solution provider to the global semantic interoperability problem. However, there is no single ontology mapping solution that caters for all problem scenarios. Different applications would require different mapping techniques. In this thesis, we analyze the relations between ontology, semantic interoperability and ontology mapping, and promote an ontology-based semantic interoperability solution. We propose a novel ontology mapping approach namely, OntoMogic. It is based on first order logic and model theory. OntoMogic supports approximate mapping and produces structures (approximate entity correspondence) that represent alignment results between concepts. OntoMogic has been implemented as a coherent system and is applied in different application scenarios. We present case studies in the network configuration, security intrusion detection and IT governance & compliance management domain. The full process of ontology engineering to mapping has been demonstrated to promote ontology-based semantic interoperability.

semantic interoperability

ontology

ontology mapping

compliance management

network management

network security intrusion detection

network configuration management

integrated network management

Mappings (Mathematics)

Ontology mapping: a logic-based approach with applications in selected domains

Wong, Alfred Ka Yiu, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2008

In advent of the Semantic Web and recent standardization efforts, Ontology has quickly become a popular and core semantic technology. Ontology is seen as a solution provider to knowledge based systems. It facilitates tasks such as knowledge sharing, reuse and intelligent processing by computer agents. A key problem addressed by Ontology is the semantic interoperability problem. Interoperability in general is a common problem in different domain applications and semantic interoperability is the hardest and an ongoing research problem. It is required for systems to exchange knowledge and having the meaning of the knowledge accurately and automatically interpreted by the receiving systems. The innovation is to allow knowledge to be consumed and used accurately in a way that is not foreseen by the original creator. While Ontology promotes semantic interoperability across systems by unifying their knowledge bases through consensual understanding, common engineering and processing practices, it does not solve the semantic interoperability problem at the global level. As individuals are increasingly empowered with tools, ontologies will eventually be created more easily and rapidly at a near individual scale. Global semantic interoperability between heterogeneous ontologies created by small groups of individuals will then be required. Ontology mapping is a mechanism for providing semantic bridges between ontologies. While ontology mapping promotes semantic interoperability across ontologies, it is seen as the solution provider to the global semantic interoperability problem. However, there is no single ontology mapping solution that caters for all problem scenarios. Different applications would require different mapping techniques. In this thesis, we analyze the relations between ontology, semantic interoperability and ontology mapping, and promote an ontology-based semantic interoperability solution. We propose a novel ontology mapping approach namely, OntoMogic. It is based on first order logic and model theory. OntoMogic supports approximate mapping and produces structures (approximate entity correspondence) that represent alignment results between concepts. OntoMogic has been implemented as a coherent system and is applied in different application scenarios. We present case studies in the network configuration, security intrusion detection and IT governance & compliance management domain. The full process of ontology engineering to mapping has been demonstrated to promote ontology-based semantic interoperability.

semantic interoperability

ontology

ontology mapping

compliance management

network management

network security intrusion detection

network configuration management

integrated network management

Mappings (Mathematics)