Abstract

Modern digital infrastructure is fundamentally built upon robust networks, which underpin seamless communication, data exchange, and the operation of critical systems. These networks facilitate everything from internet access and real-time patient vital sign transfers in healthcare to the management and control of industrial processes. As demands on networks have surged, their complexity and functionality have evolved significantly, continuously adapting to diverse sectoral needs. However, this rapid evolution has also amplified security challenges. The escalating scale and intricacy of contemporary networks have exposed vulnerabilities that traditional perimeter-based security models are often insufficient to counter. Static defenses prove inadequate in dynamic environments characterized by fluid traffic patterns, interconnected devices, and the prevalence of cloud-based and virtualized infrastructures. To mitigate these escalating risks, innovative network security approaches are imperative. Microsegmentation has emerged as a particularly effective solution, significantly enhancing protection and reducing the internal attack surface by dividing networks into smaller, isolated segments. This strategic partitioning inherently restricts lateral movement, limits unauthorized access, and effectively contains the impact of potential breaches. Microsegmentation is especially well-suited for cloud and virtualized environments, offering granular control over traffic flows and enabling the enforcement of security policies precisely tailored to specific applications, workloads, and users. This thesis presents a comprehensive study on microsegmentation for networks, thoroughly examining lateral movement techniques and corresponding defense measures. Crucially, a novel framework featuring an open-source implementation of dynamic microsegmentation for incident response, powered by Software-Defined Networking, has been developed and evaluated. Our rigorous testing demonstrates that the proposed framework offers a robust foundational security layer against lateral movement, proving particularly effective against known ransomware threats. Furthermore, testing conclusively shows that dynamic microsegmentation does not adversely affect network performance, establishing its suitability as an effective defense measure for east-west traffic. Finally, future research directions are offered to further develop on this proposed framework.

Library of Congress Subject Headings

Software-defined networking (Computer network technology)--Security measures; Computer networks--Security measures; Mathematical optimization

Publication Date

8-2025

Document Type

Thesis

Student Type

Graduate

Degree Name

Cybersecurity (MS)

Advisor

Wesam Almobaideen

Advisor/Committee Member

Mohammed M. Al Ani

Advisor/Committee Member

Kevser Akpinar

Comments

This thesis has been embargoed. The full-text will be available on or around 5/30/2026.

Campus

RIT Dubai

Plan Codes

COMPSEC-MS

Download

Available for download on Tuesday, May 26, 2026

Share

COinS