A Study of Gaps in Cyber Defense Automation
Abstract
Cyber defense automation (CDA) refers to automated response and recovery from cyber attacks while still preserving a certain level of mission functionality. The vision of CDA research is to build self-healing, self-immunizing systems. Seven major components are necessary to achieve this vision: attack/vulnerability detection, attack/vulnerability analysis, impact blocking, recovery, vulnerability patching, system cleansing, and an optional active response component (e.g., deception or counterattack). In this report, by reviewing the state of the art for each of these components, we identify high-priority, short-term research objectives for CDA components, which includes designing low false positive vulnerability detection techniques, developing scalable and fast-impact blocking mechanisms, accurately identifying the location of vulnerabilities, developing new roll-back techniques, evaluating various deception options, and using sanitization techniques for improved cleansing of compromised systems. These efforts will constitute the basic blocks of an effective and automated CDA system.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 13, 2016
- Accession Number
- AD1021685
Entities
People
- George K. Baah
- Hamad Okhravi
- S. C. Roberts
- Sophia C. Yuditskaya
- T. Hobson
- William W. Streilein
Organizations
- MIT Lincoln Laboratory