Vertaisarvioitu alkuperäisartikkeli tai data-artikkeli tieteellisessä aikakauslehdessä (A1)

A method for endpoint aware inspection in a Network Security Solution




Julkaisun tekijät: Heino Jenny, Jalio Christian, Hakkala Antti, Virtanen Seppo

Kustantaja: Institute of Electrical and Electronics Engineers

Julkaisuvuosi: 2022

Journal: IEEE Access

eISSN: 2169-3536

DOI: http://dx.doi.org/10.1109/ACCESS.2022.3170456

Verkko-osoite: https://ieeexplore.ieee.org/document/9762961

Rinnakkaistallenteen osoite: https://research.utu.fi/converis/portal/detail/Publication/174870268


Tiivistelmä

Due to the surge in remote work after the outbreak of COVID-19, network security has gained an enormous focus. The issue of erroneous inspection decisions in network security solutions has long been criticised, but the importance of the decision accuracy has never been as important as today. In this paper we provide a solution for improving the inspection decision accuracy by specifying a method for endpoint aware inspection in a network security solution capable of performing deep packet inspection. The method utilises a subset of the protected network to gather hash fingerprints from the endpoint application network traffic patterns. The information gathered from this subset is then utilised for gaining endpoint awareness for the rest of the protected network. We use methods that work on the application layer of the protocol stack. This makes the method applicable not only for local implementations, such as NGFWs and IPSs, but also for SaaS and SASE solutions. The method is, however, easily utilised with lower layer information, such as network and transport layer information, for operating system awareness as well. We also present a proof-of-concept case study where we observe that, of the applicable network connections, 100% could be identified when the operating system and endpoint application were present in the source group. To our knowledge, this is the first method to enhance the inspection process accuracy by leveraging a subset of the protected network to gain endpoint awareness.


Ladattava julkaisu

This is an electronic reprint of the original article.
This reprint may differ from the original in pagination and typographic detail. Please cite the original version.




Last updated on 2022-26-04 at 08:55