Am 8-9. Oktober wurde in Würzburg das zweite KuVS Fachgespräch zum Thema “Machine Learning and Networking” ausgetragen. Das Konsortium von Wintermute konnte an dem zweitägigen Workshop ebenfalls ein Beitrag platzieren. Unter dem Titel “A Usability-driven Approach towards Situational Awareness in Enterprise Networks” stellte das Team die Kernproblemstellung, sowie das Projekt Wintermute vor und erörterte erste Ergebnisse der Usability-Analyse, in der die Hauptaktuere von Sicherheitssystemen identifiziert und definiert wurden.

Anbei der Abstract der Einreichung: Enterprise Networks are complex and administrators have to cope with continuous change in the application and infrastructure landscape. It is especially challenging to understand network behavior for creating and maintaining suitable security policies and firewall rules. These policies must not obstruct legitimate application usage and provide a high security level at the same time.

We propose Machine Learning (ML)-based approaches that provide situational awareness to administrators for understanding the network, creating policies for gaining control, and adjusting the policies to changing needs. We do not plan to automate this process, but provide insights to administrators that empower them to quickly take suitable decisions. This demands for understandable and usable functionality that provides appropriate user interfaces and visualizations to potential users. Therefore, we start by characterizing potential users as personas and outline the system usage in different scenarios before heading into the solution space. In this work, we want to present our first results as input for discussion with the community.