A Study of Gaps in Cyber Defense Automation
MIT Lincoln Laboratory Lexington United States
Pagination or Media Count:
Cyber defense automation CDA refers to automated response and recovery from cyber at-tacks while still preserving a certain level of mission functionality. The vision of CDA research is to build self-healing, self-immunizing systems. Seven major components are necessary to achieve this vision attackvulnerability detection, attackvulnerability analysis, impact blocking, recovery, vulnerability patching, system cleansing, and an optional active response component e.g., deception or counter-attack. In this report, by reviewing the state of the art for each of these components, we identify high-priority, short-term research objectives for CDA components, which include designing low false positive vulnerability detection techniques, developing scalable and fast-impact blocking mechanisms, accurately identifying the location of vulnerabilities, developing new roll-back techniques, evaluating various deception options, and using sanitization techniques for improved cleansing of compromised systems. These eorts will constitute the basic blocks of an effective and automated CDA system.
- Computer Systems Management and Standards