A case study in tailoring a bio-inspired cyber-security algorithm: Designing anomaly detection for multilayer networks

Gonzalo P. Suárez, Lazaros Gallos, Nina H. Fefferman

Research output: Contribution to journalArticle

Abstract

Although bio-inspired designs for cybersecurity have yielded many elegant solutions to challenging problems, the vast majority of these efforts have been ad hoc analogies between the natural and human-designed systems.We propose to improve on the current approach of searching through the vast diversity of existing natural algorithms for one most closely resembling each new cybersecurity challenge, and then trying to replicate it in a designed cyber setting. Instead, we suggest that researchers should follow a protocol of functional abstraction, considering which features of the natural algorithm provide the efficiency/effectiveness in the real world, and then use those abstracted features as design components to build purposeful, tailored (perhaps even optimized) solutions. Here, we demonstrate how this can work by considering a case study employing this method. We design an extension of an existing (and ad hoc-created) algorithm, DIAMoND, for application beyond its originally intended solution space (detection of Distributed Denial of Service attacks in simple networks) to function on multilayer networks.We show how this protocol provides insights that might be harder or take longer to discover by direct analogy-building alone; in this case, we see that differential weighting of shared information by the providing network layer, and dynamic individual thresholds for independent analysis are likely to be effective.

Original languageEnglish (US)
Pages (from-to)113-132
Number of pages20
JournalJournal of Cyber Security and Mobility
Volume8
Issue number1
DOIs
StatePublished - Jan 1 2019

Fingerprint

Multilayers
Network protocols
Network layers
Denial-of-service attack

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

@article{b893ed72f5334bf79e3b2da12a9f96cd,
title = "A case study in tailoring a bio-inspired cyber-security algorithm: Designing anomaly detection for multilayer networks",
abstract = "Although bio-inspired designs for cybersecurity have yielded many elegant solutions to challenging problems, the vast majority of these efforts have been ad hoc analogies between the natural and human-designed systems.We propose to improve on the current approach of searching through the vast diversity of existing natural algorithms for one most closely resembling each new cybersecurity challenge, and then trying to replicate it in a designed cyber setting. Instead, we suggest that researchers should follow a protocol of functional abstraction, considering which features of the natural algorithm provide the efficiency/effectiveness in the real world, and then use those abstracted features as design components to build purposeful, tailored (perhaps even optimized) solutions. Here, we demonstrate how this can work by considering a case study employing this method. We design an extension of an existing (and ad hoc-created) algorithm, DIAMoND, for application beyond its originally intended solution space (detection of Distributed Denial of Service attacks in simple networks) to function on multilayer networks.We show how this protocol provides insights that might be harder or take longer to discover by direct analogy-building alone; in this case, we see that differential weighting of shared information by the providing network layer, and dynamic individual thresholds for independent analysis are likely to be effective.",
author = "Su{\'a}rez, {Gonzalo P.} and Lazaros Gallos and Fefferman, {Nina H.}",
year = "2019",
month = "1",
day = "1",
doi = "https://doi.org/10.13052/jcsm2245-1439.815",
language = "English (US)",
volume = "8",
pages = "113--132",
journal = "Journal of Cyber Security and Mobility",
issn = "2245-1439",
publisher = "River Publishers",
number = "1",

}

A case study in tailoring a bio-inspired cyber-security algorithm : Designing anomaly detection for multilayer networks. / Suárez, Gonzalo P.; Gallos, Lazaros; Fefferman, Nina H.

In: Journal of Cyber Security and Mobility, Vol. 8, No. 1, 01.01.2019, p. 113-132.

Research output: Contribution to journalArticle

TY - JOUR

T1 - A case study in tailoring a bio-inspired cyber-security algorithm

T2 - Designing anomaly detection for multilayer networks

AU - Suárez, Gonzalo P.

AU - Gallos, Lazaros

AU - Fefferman, Nina H.

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Although bio-inspired designs for cybersecurity have yielded many elegant solutions to challenging problems, the vast majority of these efforts have been ad hoc analogies between the natural and human-designed systems.We propose to improve on the current approach of searching through the vast diversity of existing natural algorithms for one most closely resembling each new cybersecurity challenge, and then trying to replicate it in a designed cyber setting. Instead, we suggest that researchers should follow a protocol of functional abstraction, considering which features of the natural algorithm provide the efficiency/effectiveness in the real world, and then use those abstracted features as design components to build purposeful, tailored (perhaps even optimized) solutions. Here, we demonstrate how this can work by considering a case study employing this method. We design an extension of an existing (and ad hoc-created) algorithm, DIAMoND, for application beyond its originally intended solution space (detection of Distributed Denial of Service attacks in simple networks) to function on multilayer networks.We show how this protocol provides insights that might be harder or take longer to discover by direct analogy-building alone; in this case, we see that differential weighting of shared information by the providing network layer, and dynamic individual thresholds for independent analysis are likely to be effective.

AB - Although bio-inspired designs for cybersecurity have yielded many elegant solutions to challenging problems, the vast majority of these efforts have been ad hoc analogies between the natural and human-designed systems.We propose to improve on the current approach of searching through the vast diversity of existing natural algorithms for one most closely resembling each new cybersecurity challenge, and then trying to replicate it in a designed cyber setting. Instead, we suggest that researchers should follow a protocol of functional abstraction, considering which features of the natural algorithm provide the efficiency/effectiveness in the real world, and then use those abstracted features as design components to build purposeful, tailored (perhaps even optimized) solutions. Here, we demonstrate how this can work by considering a case study employing this method. We design an extension of an existing (and ad hoc-created) algorithm, DIAMoND, for application beyond its originally intended solution space (detection of Distributed Denial of Service attacks in simple networks) to function on multilayer networks.We show how this protocol provides insights that might be harder or take longer to discover by direct analogy-building alone; in this case, we see that differential weighting of shared information by the providing network layer, and dynamic individual thresholds for independent analysis are likely to be effective.

UR - http://www.scopus.com/inward/record.url?scp=85056522369&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85056522369&partnerID=8YFLogxK

U2 - https://doi.org/10.13052/jcsm2245-1439.815

DO - https://doi.org/10.13052/jcsm2245-1439.815

M3 - Article

VL - 8

SP - 113

EP - 132

JO - Journal of Cyber Security and Mobility

JF - Journal of Cyber Security and Mobility

SN - 2245-1439

IS - 1

ER -