摘要 |
A method and apparatus is disclosed herein for security risk-based admission control. In one embodiment, the method comprises: receiving a request from the user device to access the network; determining whether to admit the user device based on a security-based admission control policy that admits user devices based on a constraint optimization that attempts to maximize the sum utility of the currently admitted user devices in view of a security assessment of the user device and security risk imposed on the network and already admitted user devices if the user device is admitted to the network, wherein the constraint optimization is based on a utility associated with admitting the user device to the network, a reputation value associated with the user device, and a botnet damage estimation on the network associated with the user device; and admitting the user device to the network based on results of determining whether to admit the user device.
|