Malware Filtering for Network Security Using Weighted Optimality Measures

AutorMichael Bloem, Tansu Alpcan, Stephan Schmidt, Tamer Basar
QuelleIEEE Multi-conference on Systems and Control 2007 

We study the deployment and configuration of the next generation of network traffic filters within a quantitative framework where we utilize graph-theoretic and optimization methods to find optimal network traffic filtering strategies that achieve various security or cost objectives subject to hardware or security level constraints. We rely on graph-theoretic concepts such as centrality measures to assess the importance of individual routers within the network, given a traffic pattern. In addition, we consider several possible objectives, such as (a) minimizing a convex function that captures the cost of failing to filter traffic, (b) minimizing the sum of this cost function and the cost associated with the filtering action, (c) minimizing the sum of a filter deployment cost and a per-packet or per-session filtering cost, and (d) minimizing the sum of a filter deployment cost and a perpacket or per-session filtering cost less an effective sampling ratebased utility function. These optimization problems are solved taking into account constraints on network-wide filtering capabilities, individual filter capabilities, and also lower and upper bounds on the effective sampling rate for source-destination pairs. Centralized but dynamic solutions of the resulting problems are obtained under varying network traffic flows. The resulting optimal filtering strategies are simulated in MATLAB using real traffic data obtained from the Abilene project. Simulations comparing these strategies with some heuristic approaches demonstrate that they are more effective in achieving network traffic filtering objectives.