Devon Callahan

Paulo Shakarian, Gerardo I. Simari, Devon Callahan

Reasoning about complex networks has in recent years become an important topic of study due to its many applications: the adoption of commercial products, spread of disease, the diffusion of an idea, etc. In this paper, we present the MANCaLog language, a formalism based on logic programming that satisfies a set of desiderata proposed in previous work as recommendations for the development of approaches to reasoning in complex networks. To the best of our knowledge, this is the first formalism that satisfies all such criteria. We first focus on algorithms for finding minimal models (on which multi-attribute analysis can be done), and then on how this formalism can be applied in certain real world scenarios. Towards this end, we study the problem of deciding group membership in social networks: given a social network and a set of groups where group membership of only some of the individuals in the network is known, we wish to determine a degree of membership for the remaining group-individual pairs. We develop a prototype implementation that we use to obtain experimental results on two real world datasets, including a current social network of criminal gangs in a major U.S.\ city. We then show how the assignment of degree of membership to nodes in this case allows for a better understanding of the criminal gang problem when combined with other social network mining techniques -- including detection of sub-groups and identification of core group members -- which would not be possible without further identification of additional group members.

Devon Callahan, Timothy Curry, Hazel Davidson et al.

Maintaining a resilient computer network is a delicate task with conflicting priorities. Flows should be served while controlling risk due to attackers. Upon publication of a vulnerability, administrators scramble to manually mitigate risk while waiting for a patch. We introduce FASHION: a linear optimizer that balances routing flows with the security risk posed by these flows. FASHION formalizes routing as a multi-commodity flow problem with side constraints. FASHION formulates security using two approximations of risk in a probabilistic attack graph (Frigault et al., Network Security Metrics 2017). FASHION's output is a set of software-defined networking rules consumable by Frenetic (Foster et al., ICFP 2011). We introduce a topology generation tool that creates data center network instances including flows and vulnerabilities. FASHION is executed on instances of up to 600 devices, thousands of flows, and million edge attack graphs. Solve time averages 30 minutes on the largest instances (seconds on the smallest instances). To ensure the security objective is accurate, the output solution is assessed using risk as defined by Frigault et al. FASHION allows enterprises to reconfigure their network in response to changes in functionality or security requirements.

Timothy Curry, Devon Callahan, Benjamin Fuller et al.

Networks are designed with functionality, security, performance, and cost in mind. Tools exist to check or optimize individual properties of a network. These properties may conflict, so it is not always possible to run these tools in series to find a configuration that meets all requirements. This leads to network administrators manually searching for a configuration. This need not be the case. In this paper, we introduce a layered framework for optimizing network configuration for functional and security requirements. Our framework is able to output configurations that meet reachability, bandwidth, and risk requirements. Each layer of our framework optimizes over a single property. A lower layer can constrain the search problem of a higher layer allowing the framework to converge on a joint solution. Our approach has the most promise for software-defined networks which can easily reconfigure their logical configuration. Our approach is validated with experiments over the fat tree topology, which is commonly used in data center networks. Search terminates in between 1-5 minutes in experiments. Thus, our solution can propose new configurations for short term events such as defending against a focused network attack.