Network Architecture Defense: Holistic Security Pattern-Based Model
Abstract/ Overview
Network security experts face numerous challenges in protecting networks despite implementing defense strategies. The complexity of networks, coupled with a scattered approach to security implementation, adds to the difficulties. Currently, different security solutions employ distinct mechanisms without a cohesive approach to the entire system. Although similar problems exist at each level of security, a holistic strategy is lacking, resulting in different models being applied in various parts of the network architecture. To effectively secure a network, a coordinated and holistic approach is essential. The study's primary goal was to develop a holistic security pattern-based model for defending network architecture. To achieve this the study looked at the techniques and threats employed in attacking the network architecture, assessed the models, frameworks and artifacts that guide in the design and development of a secure network architecture. Overall, the study was guided by pattern theory, the constructs employed in the development of the model included the OSI network architecture model, the cisco three-layer hierarchical model, CAPEC attack pattern Repository, STRIDE threat Model and Risk Management Framework. The study adopted Simulation research design approach to design and conduct experiments to obtain results. To test the model the study utilized a secondary dataset UNSW-NB15 which was subjected to Kaggle machine learning platform. For ease of testing, the model was split into three stages with their respective input, process and output component, with each output serving as an input to the subsequent stage. The first stage was to determine the attacks per surface of the network architecture this involved classifying and clustering attacks according to the layers, for classification a stacking ensemble approach composed of select KBest feature selection algorithm, a KNeighbors, RandomForest and GaussianNB classifiers and Logistic regression Meta learner was utilized, for clustering KMeans clustering algorithm was utilized. The second stage was to identify relevant attacks while third was to generate defense patterns. The findings reveal that a significant percentage of attacks targeted the Host layer (50.5%), followed by the User layer (30.5%) and the Media layer (19%). The distribution of attacks is categorized by types, with exploits constituting the majority (48%), followed by generic attacks (22.7%), fuzzers (12.2%), reconnaissance (7.69%), DoS (Denial of Service) (5.02%), backdoor (3.01%), analysis (0.6%), shellcode (0.33%), and worms (0.11%). Additionally, the study identified and evaluated two attack patterns (worms and backdoors) not present in the CAPEC repository. The evaluation was based on their forces and the STRIDE model. Overall, the research emphasizes the importance of a holistic approach to network security and presents a model that integrates various frameworks and constructs to enhance defense against cyber threats.