A Study of Gaps in Cyber Defense Automation

2015 
Abstract : Cyber defense automation (CDA) refers to automated response and recovery from cyber at-tacks while still preserving a certain level of mission functionality. The vision of CDA research is to build self-healing, self-immunizing systems. Seven major components are necessary to achieve this vision: attack/vulnerability detection, attack/vulnerability analysis, impact blocking, recovery, vulnerability patching, system cleansing, and an optional active response component (e.g., deception or counter-attack). In this report, by reviewing the state of the art for each of these components, we identify high-priority, short-term research objectives for CDA components, which include: designing low false positive vulnerability detection techniques, developing scalable and fast-impact blocking mechanisms, accurately identifying the location of vulnerabilities, developing new roll-back techniques, evaluating various deception options, and using sanitization techniques for improved cleansing of compromised systems. These eorts will constitute the basic blocks of an effective and automated CDA system.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    26
    References
    1
    Citations
    NaN
    KQI
    []