Malware Filtering for Network Security Using Weighted Optimality Measures

We study the deployment and configuration of the next generation of network traffic filters within a quantitative framework. Graph-theoretic and optimization methods are utilized to find optimal network traffic filtering strategies that achieve various security or cost objectives subject to hardware or security level constraints. We rely on graph-theoretic concepts such as centrality measures to assess the importance of individual routers within the network, given a traffic pattern. In addition, we consider several possible objectives involving financial costs associated with traffic filtering, the cost of failing to filter traffic, a utility associated with filtering traffic, and combinations of these costs and this utility. These optimization problems are solved taking into account constraints on network-wide filtering capabilities, individual filter capabilities, and also lower and upper bounds on the effective sampling rate for source-destination pairs. Centralized but dynamic solutions of the resulting problems are obtained under varying network traffic flows. The resulting optimal filtering strategies are simulated in MATLAB using real traffic data obtained from the Abilene project. Simulations comparing these strategies with some heuristic approaches demonstrate that they are more effective in achieving network traffic filtering objectives.