Self-Configuration of Network Security

The proliferation of networked systems and services along with their exponential growth in complexity and size has increased the control and management complexity of such systems and services by several orders of magnitude. As a result, management tools have failed to cope with and handle the complexity, dynamism, and coordination among network attacks. In this paper, we present a self-configuration approach to control and manage the security mechanisms of large scale networks. Self-configuration enables the system to automatically configure security system and change the configuration of its resources and their operational policies at runtime in order to manage the system security. Our self-configuration approach is implemented using two software modules: component management interface (CMI) to specify the configuration and operational policies associated with each component that can be a hardware resource or a software component; and component runtime manager (CRM) that manages the component operations using the policies defined in CMI. We have used the self-configuration framework to experiment with and evaluate different mechanisms and strategies to detect and protect against a wide range of network attacks.