Automated Orchestration of Security Chains Driven by Process Learning

Nicolas Schnepf, Rémi Badonnel, Abdelkader Lahmadi, and Stephan Merz

Abstract

Connected devices, such as smartphones and tablets, are exposed to a large variety of attacks. Their protection is often challenged by their resource constraints in terms of CPU, memory and energy. Security chains, composed of security functions such as firewalls, intrusion detection systems and data leakage prevention mechanisms, offer new perspectives to protect these devices using software-defined networking and network function virtualization. However, the complexity and dynamics of these chains require new automation techniques to orchestrate them. This chapter describes an automated orchestration methodology for security chains in order to secure connected devices and their applications. This methodology exploits process learning to establish behavioral models and infer security constraints represented as logical predicates. It then generates and merges a set of chains of security functions on the basis of these predicates. These chains are finally compiled into low-level configuration rules and deployed into the network, optimizing for the underlying topology. The benefits and limits of such a methodology combining machine learning and verification techniques are evaluated by a set of experimental results.

Available as: PDF

Reference

@InCollection{schnepf:learning,
  author =       {Nicolas Schnepf and R{\'e}mi Badonnel and Abdelkader Lahmadi and Stephan Merz},
  title =        {Automated Orchestration of Security Chains Driven by Process Learning},
  booktitle =    {Communication Networks and Service Management in the Era of Artificial
  Intelligence and Machine Learning},
  publisher = {Wiley},
  year =      2021,
  editor =    {Nur Zincir-Heywood and Marco Mellia and Yixin Diao},
  pages =     {289--320},
}