A Study of Gaps in Cyber Defense Automation
Abstract:
Cyber defense automation CDA refers to automated response and recovery from cyber attacks while still preserving a certain level of mission functionality. The vision of CDA research is to build self-healing, self-immunizing systems. Seven major components are necessary to achieve this vision attackvulnerability detection, attackvulnerability analysis, impact blocking, recovery, vulnerability patching, system cleansing, and an optional active response component e.g., deception or counterattack. In this report, by reviewing the state of the art for each of these components, we identify high-priority, short-term research objectives for CDA components, which includes designing low false positive vulnerability detection techniques, developing scalable and fast-impact blocking mechanisms, accurately identifying the location of vulnerabilities, developing new roll-back techniques, evaluating various deception options, and using sanitization techniques for improved cleansing of compromised systems. These efforts will constitute the basic blocks of an effective and automated CDA system.