PivotWall
| Autor: | W. Michael Petullo, William Enck, Akash Verma, Tj OConnor |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Computer science
Network security business.industry 020206 networking & telecommunications Context (language use) 02 engineering and technology Adversary Computer security computer.software_genre 020204 information systems 0202 electrical engineering electronic engineering information engineering Enterprise private network Overhead (computing) Information flow (information theory) business Software-defined networking computer Host (network) |
| Zdroj: | SOSR |
| DOI: | 10.1145/3185467.3185474 |
| Popis: | Advanced Persistent Threats (APTs) commonly use stepping stone attacks that allow the adversary to move laterally undetected within an enterprise network towards a target. Existing network security techniques provide limited protection against such attacks, because they lack intra-network mediation and the context of information semantics. We propose PivotWall, a network security defense that extends information flow tracking on each host into network-level defenses. PivotWall uses a novel combination of information-flow tracking and Software Defined Networking (SDN) to detect a wide range of attacks used by advanced adversaries, including those that abuse both application- and network-layer protocols. It further enables a variety of attack responses including traffic steering, as well as advanced mechanisms for forensic analysis. We show that PivotWall incurs minimal impact on network throughput and latency for untainted traffic and less than 58% overhead for tainted traffic. As such, we demonstrate the utility of information flow tracking as a defense against advanced network-level attacks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|