Adaptation Is Key to Determining Network Resilience in Cyberattacks, Study Finds

January 6, 2020

A new study shows that traditional markers of a computer network's resilience are not solely effective in determining its ability to accomplish missions.

Researchers from the U.S. Army Combat Capabilities Development Command's Army Research Laboratory (ARL) partnered with Virginia Tech to develop a suite of network adaptation strategies designed to maintain services in a resource-constrained environment: networks under cyberattacks.

"Simply having network connectivity does not imply that a network can provide the services it needs," said Dr. Terry Moore, Army researcher. "A key result of this work is showing that typical measures of performance for network resilience do not apply to mission-oriented or task-service networks. We mathematically prove that without consideration of the resources or task priority, network connectivity is not a sufficient measure for determining mission success."

A new approach could lead to stronger Army computer networks that are tougher when facing a cyberattack, researchers said. Studies on network resilience typically focus on fault tolerance, determining what happens when components of a network fail or defending those components from failure, such as using security measures or redundancy with replacement components. This new study examines network adaptability: changing the network structure or topology to enable functionality amid component failure. This research, Network Adaptations Under Cascading Failures for Mission-Oriented Networks, published in the September 2019 volume of the Institute of Electrical and Electronics Engineers Transactions on Network and Service Management.

This fundamental research provides an initial step toward the vision of a network strategy that dynamically changes the network topology to prioritize critical mission completion, Moore said, and could contribute significantly to advances in Army modernization priorities.

According to the ARL, for this study, researchers focused on a tactical, mission-oriented network supporting several tasks, each with a different priority. "For network resilience, the traditional focus is on the survivability of the network--the fraction of how many components of the network do not fail compared to before the failures. This research considered the survivability of the tasks the network components and parts were assigned to and therefore focused on how many tasks could continue to be serviced even after components fail--a more appropriate measure of their resilience, Moore said."

ARL notes that the team conducted a computational simulation and considered a scenario in which there were limited resources for nodes, which could be anything from a cell phone to a robot. These nodes were collaboratively assigned to various tasks of different levels of priority. The tasks were designed to be abstract, but could be surveillance, search and rescue, distributed processing, communication support, etc., Moore said.

Nodes could be assigned to multiple tasks but with no inherent dependency between the tasks, such as a required order of completion. However, cascading effects occur between tasks, when a node is maliciously attacked or mechanically fails, the workload shifts to remaining nodes assigned to the task. If the remaining nodes lack the resources to support the additional workload, they may fail or drop out of the task to preserve the ability to remain active in other tasks.

This domino effect, where nodes sequentially fail, can be combated with new strategies for tasks to recruit new nodes based on the consideration of their resources and task priority, says ARL. In this study, the team added the importance or priority of the task to the particular strategy used to recruit or select a new node. A new approach for these scenarios is adapting, or merging, a task assignment problem solutions and a resource allocation problem solutions for a mission-oriented network problem, says the ARL.

The ARL notes that continued initiatives in network security include researching the use of software-defined networking to implement moving target defense in service-aware networks--a strategy to dynamically change the attack surface of the network or system to limit or remove the attacker's asymmetric advantage, thereby rendering the information collected by the attacker no longer true, Moore said.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Adaptation Is Key to Determining Network Resilience in Cyberattacks, Study Finds

Related Articles

Related Products

Report Abusive Comment