Checking Network Security Policy Violations via Natural Language Questions

Network security policies provide high-level directives regarding acceptable and unacceptable use of the network. Organizations specify these high-level directives in policy documents written using human-readable natural language. The challenge is to convert these natural language policies to the network configurations/specifications needed to enforce the policy. Network administrators, who are responsible for enforcing the policies, typically translate the policies manually, which is a challenging and error-prone process. As a result, network operators (as well as the policy authors) often want to verify that network policies are being correctly enforced. In this paper, we propose Network Policy Conversation Engine (NPCE), a system designed to help network operators (or policy writers) interact with the network using natural language (similar to the language used in the network policy statements themselves) to understand whether policies are being correctly enforced. The system leverages emerging big data collection and analysis techniques to record flow and packet level activity throughout the network that can be used to answer users policy questions. The system also takes advantage of recent advances in Natural Language Processing (NLP) to translate natural language policy questions into the corresponding network queries. To evaluate our system, we demonstrate a wide range of policy questions - inspired by actual networks policies posted on university websites - that can be asked of the system to determine if a policy violation has occurred.