Cross-Network Behavioral Clustering for Managed Security Service Providers

Managed Security Service Providers (MSSP) oversee and protect customer networks often varying in the level of pre-installed security defense appliances and capabilities. This imbalance makes it challenging to offer a consistent level of service across clients. This paper presents an approach for rai...

Full description

Saved in:
Bibliographic Details
Main Authors: Gkroumas, Georgios, Kotinas, Ilias, Giotis, Kostas, Tsigkritis, Theocharis, Mermigkas, Paris
Format: Conference Proceeding
Language:English
Subjects:
clustering
MSSP
network security
risk assessment
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Managed Security Service Providers (MSSP) oversee and protect customer networks often varying in the level of pre-installed security defense appliances and capabilities. This imbalance makes it challenging to offer a consistent level of service across clients. This paper presents an approach for raising the level of defense by indirectly utilizing the threat detection capabilities of secure networks based on behavioral similarity among cross-network entities. Initially, we present a holistic architectural view of the components we have deployed in order to efficiently ingest, process and analyze massive amounts of raw data from various perimeter network devices of MSSP customers. Our data analysis approach is based on entities clustering and a risk estimation routine leveraging on noisy labeling derived from advanced security appliances. Specifically, entities are clustered according to a list of aggregated metrics, characterizing the communication between local and remote network devices. Finally, we present the rationale behind the adoption of specific clustering approaches, as well as an optimization routine implemented to appropriately select the free parameters of the clustering sub-process.
ISSN:2165-963X