Application of Data Collected by Endpoint Detection and Response Systems for Implementation of a Network Security System based on Zero Trust Principles and the EigenTrust Algorithm

Author:

Kumar Nitesh1,Kasbekar Gaurav S.1,Manjunath D.1

Affiliation:

1. Indian Institute of Technology Bombay, Mumbai, India

Abstract

Traditionally, security systems for enterprises have implicit access based on strong cryptography, authentication and key sharing, wherein access control is based on Role Based Access Control (RBAC), in which roles such as manager, accountant and so on provide a way of deciding a subject's authority. However, years of post-attack analysis on enterprise networks has shown that a majority of times, security breaches occur intentionally or accidently due to implicitly trusted people of an enterprise itself. Zero Trust Architecture works on the principle of never granting trust implicitly, but rather continuously evaluating the trust parameters for each resource access request and has a strict, but not rigid, set of protocols for access control of a subject to resources. Endpoint Detection and Response (EDR) systems are tools that collect a large number of attributes in and around machines within an enterprise network to have close visibility into sophisticated intrusion. In our work, we seek to deploy EDR systems and build trust algorithms using tactical provenance analysis, threshold cryptography and reputation management to continuously record data, evaluate trust of a subject, and simultaneously analyze them against a database of known threat vectors to provide conditional access control. However, EDR tools generate a high volume of data that leads to false alarms, misdetections and correspondingly a high backlog of tasks that makes it infeasible, which is addressed using tactical provenance analysis and information theory.

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Hardware and Architecture,Software

Reference22 articles.

1. Hassan, W.U. , Bates , A. and Marino , D ., 2020, May. "Tactical provenance analysis for endpoint detection and response systems ", In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 1172--1189) . IEEE. Hassan, W.U., Bates, A. and Marino, D., 2020, May. "Tactical provenance analysis for endpoint detection and response systems", In 2020 IEEE Symposium on Security and Privacy (SP) (pp. 1172--1189). IEEE.

2. Rose, Scott W., Oliver Borchert , Stuart Mitchell , and Sean Connelly , " Zero Trust Architecture ." ( 2020 ). NIST Special Publication 800--207 . Rose, Scott W., Oliver Borchert, Stuart Mitchell, and Sean Connelly, "Zero Trust Architecture." (2020). NIST Special Publication 800--207.

3. Kamvar, S.D. , Schlosser , M.T. and Garcia-Molina , H ., 2003, May. "The eigentrust algorithm for reputation management in p2p networks ", 12th international conference on World Wide Web (pp. 640--651) . Kamvar, S.D., Schlosser, M.T. and Garcia-Molina, H., 2003, May. "The eigentrust algorithm for reputation management in p2p networks", 12th international conference on World Wide Web (pp. 640--651).

4. Securing ad hoc networks

5. T.M. Cover J.A. Thomas "Elements of Information Theory" John Wiley & Sons Inc. 2004. T.M. Cover J.A. Thomas "Elements of Information Theory" John Wiley & Sons Inc. 2004.

Cited by 6 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3