Efficient Non-Dominated Multi-Objective Genetic Algorithm (NDMGA) and network security policy enforcement for Policy Space Analysis (PSA)

Abstract

Computer network security is the first line of protection for guaranteeing information reliability. A computer network can be threatened when it does not have a well-designed or properly implemented network security policy. The major issue is that network operators cannot always support their network security strategy. Network operators often depend on security facilities to defend their Information Technology (IT) organizations. Different forms of security policies concerned with the network are distinct and circulated among various security middleboxes (MBs) organized into networks. Conversely, due to the inherent sophistication of security policies, it is not appropriate to use recent path-wise implementation algorithms. The present study solves the problem of policy implementation with MBs relatively faster compared to existing methods. In particular, this research models security policy implementation as a Weighted K Set Covering Problem (WKSCP) and employs a computational-geometry-based Policy Space Analysis (PSA) tool for a set of procedures as the security mechanism. Using the PSA tool leads to a Non-Dominated Multi-Objective Genetic Algorithm (NDMGA), which reveals the inherent complexities involved in a security policy and informs implementation of the policy enforcement algorithm. The resolution to this issue is to determine a collection of enforcement network nodes for an MB to execute on-datapath examination with globally distinct security policies. Therefore, the chosen policy enforcement nodes should be initially positioned on paths that are related to security strategies. Compared to the scope-wise strategy enforcement mechanism, where the procedures are executed over the objects of the network path, the scheme in this present work is implemented over the objects pertaining to the network nodes. A secure node may contain multiple paths, thus storing a large possible flow space that preserves the distribution and circumvents the ineffective usage of network bandwidth due to random traffic steering. Compared to current methodologies, the suggested NDMGA-based PSA tool yielded a 95% decrease in policy implemented nodes and a 93% decline in implemented rules.