Related papers: Towards a Zero-Trust Micro-segmentation Network Se…
Micro-segmentation is a network security technique that requires delivering services for each unique segment. To do so, the first stage is defining these unique segments (a.k.a security groups) and then initializing policy-driven security…
Network segmentation is a popular security practice for limiting lateral movement, yet practitioners lack a metric to measure how segmented a network actually is. We define segmentedness as the fraction of potential node-pair communications…
Network segmentation is a foundational enterprise security control. Despite its recognized benefits, segmentation initiatives frequently fail in practice, and the field lacks a systematic empirical explanation for why these projects do not…
Network detection is an important capability in many areas of applied research in which data can be represented as a graph of entities and relationships. Oftentimes the object of interest is a relatively small subgraph in an enormous,…
The goal of this note is to assess whether simple machine learning algorithms can be used to determine whether and how a given network has been attacked. The procedure is based on the $k$-Nearest Neighbor and the Random Forest…
Network slicing in 5G and the future 6G networks will enable the creation of multiple virtualized networks on a shared physical infrastructure. This innovative approach enables the provision of tailored networks to accommodate specific…
This article reveals an adequate comprehension of basic defense, security challenges, 2 and attack vectors in deploying multi-network slicing. Network slicing is a revolutionary concept 3 of providing mobile network on-demand and expanding…
The pivotal quality of proximity graphs is connectivity, i.e. all nodes in the graph are connected to one another either directly or via intermediate nodes. These types of graphs are robust, i.e., they are able to function well even if they…
Network controllability robustness reflects how well a networked dynamical system can maintain its controllability against destructive attacks. This paper investigates the network controllability robustness from the perspective of a…
Complex systems are large collections of entities that organize themselves into non-trivial structures that can be represented by networks. A key emergent property of such systems is robustness against random failures or targeted attacks…
From transportation networks to complex infrastructures, and to social and economic networks, a large variety of systems can be described in terms of multiplex networks formed by a set of nodes interacting through different network layers.…
Network dismantling is a relevant research area in network science, gathering attention both from a theoretical and an operational point of view. Here, we propose a general framework for dismantling that prioritizes the removal of nodes…
The study of network robustness is a critical tool in the characterization and sense making of complex interconnected systems such as infrastructure, communication and social networks. While significant research has been conducted in all of…
This paper presents a multi-cloud networking architecture built on zero trust principles and micro-segmentation to provide secure connectivity with authentication, authorization, and encryption in transit. The proposed design includes the…
Network segmentation of a power grid's communication system is one way to make the grid more resilient to cyber attacks. We develop a novel trilevel programming model to optimally segment a grid communication system, taking into account the…
Early detection of network intrusions and cyber threats is one of the main pillars of cybersecurity. One of the most effective approaches for this purpose is to analyze network traffic with the help of artificial intelligence algorithms,…
Segment Routing is a recent network technology that helps optimizing network throughput by providing finer control over the routing paths. Instead of routing directly from a source to a target, packets are routed via intermediate waypoints.…
Micro-segmentation as a core requirement of zero trust architecture (ZTA) divides networks into small security zones, called micro-segments, thereby minimizing impact of security breaches and restricting lateral movement of attackers.…
The increasing virtualization of fifth generation (5G) networks expands the attack surface of the user plane, making spoofing a persistent threat to slice integrity and service reliability. This study presents a slice-aware lightweight…
Large networked systems are constantly exposed to local damages and failures that can alter their functionality. The knowledge of the structure of these systems is however often derived through sampling strategies whose effectiveness at…