Accession Number:

AD1034028

Title:

A Study of Gaps in Cyber Defense Automation

Descriptive Note:

Technical Report

Corporate Author:

MIT Lincoln Laboratory Lexington United States

Report Date:

2015-10-18

Pagination or Media Count:

60.0

Abstract:

Cyber defense automation CDA refers to automated response and recovery from cyber at-tacks while still preserving a certain level of mission functionality. The vision of CDA research is to build self-healing, self-immunizing systems. Seven major components are necessary to achieve this vision attackvulnerability detection, attackvulnerability analysis, impact blocking, recovery, vulnerability patching, system cleansing, and an optional active response component e.g., deception or counter-attack. In this report, by reviewing the state of the art for each of these components, we identify high-priority, short-term research objectives for CDA components, which include designing low false positive vulnerability detection techniques, developing scalable and fast-impact blocking mechanisms, accurately identifying the location of vulnerabilities, developing new roll-back techniques, evaluating various deception options, and using sanitization techniques for improved cleansing of compromised systems. These eorts will constitute the basic blocks of an effective and automated CDA system.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE