An adaptive cross-layer design approach for network security management

In traditional Open Systems Interconnection (OSI) layered model, many security protocols in layers are proposed to provide network security. Because security protocols among layers are lack of cooperation, system performance degrades due to security redundancy and furthermore causes system overloading. Therefore, the paper proposes a cross-layer design network security management (CLDNSM) to protect system security while improve system performance, such as CPU utilization. First, the multiple security-dimension quantification (MSDQ) metric is proposed to evaluate holistic system security. Then, the proposed CLDNSM aggregates system information from layers and uses it to obtain the optimal security settings of layers according to the MSDQ metric. The simulation results show that system performance will be improved without sacrificing security protect compared to OSI layered model by using CLDNSM. Finally, to adapt to dynamic environments, security constraints will be modified automatically in a limited range to avoid system overloads, the simulation results show that the system overloads are under control.