Vision
Internationally recognized leader in collaborative research activity focused on cybersecurity analytics and automation for complex information, communications and technology environment.
Mission
Protecting large systems from security breaches arising from misconfiguration, human errors, vulnerabilities and cyber-attacks is challenging. The Center for Cybersecurity Analytics and Automation’s (CCAA) mission is to build a critical mass of inter-disciplinary academic researchers and industry partners to undertake pre-competitive research that addresses the current and future challenges of analytics and automation in cybersecurity. The research objectives are focused on improving device and enterprise IT system management, security, resiliency, service assurability and performance and the application of innovative analytics and automation to complex networked systems. The applicable domains for this research include, device firmware, complex enterprise IT environments, ‘Cloud’ and data centers, hybrid cyber-physical systems, smart critical infrastructures, named data networks, mission-oriented networks (sensor-actuator networks), software defined networks, social networks and mobile systems. CCAA will emphasize, encourage and develop top-quality graduates with knowledge and experience in the field.
Research Directions
Predictive analytics that focus on the ability to learn potential risk and threat to an IT environment without requiring manual analysis. Fusion of a broad range of enterprise related data automatically in machine readable forms to support a variety of analytics that can direct automated defensive actions.
Automating the configuration design process objectively (using measurable metrics) to determine cost-effective security, agility and resiliency counter-measure pattern for each flow to address the issue of identifying residual risk due to incomplete requirements by using hypothesis generation and evaluation and interactive analytics.
Formal (provable) analytics techniques for defining, verifying and validating system requirements such as service level agreement for large-scale complex system of systems such as Internet of Things, cyber-physical systems, cloud data centers, smart grid environments.
A holistic evaluation of the system security and resiliency using formal quantifiable metrics to measure and improve the interconnected configuration of information.
Research Thrusts
Analytics
This research includes the entire configuration (polices, rules, variables or interfaces) cycle including defining, abstraction, synthesis, refinement, verification, validation, testing, debugging, optimization, tuning, and evaluation of configurations parameters in order to prove, measure, assess and improve the system assurability; i.e. availability and Quality of Service (QoS), security (trustworthiness), and sustainability (resiliency) of current and future IT services and infrastructures.
Automation
This research is to develop cohesive, inter-connected, and context-aware configuration management operations to improve and automate decision making by improving system abstraction, semantics unification, distributed monitoring and correlation, configuration tuning and optimization, health-inspired 0-configuration, context-aware adaptation, machine-based configuration synthesis and enforcement, moving target defense and polymorphic networks, and configuration economics.
Integration
This research is to develop (a) interfaces to integrate heterogeneous information contents/assets about the network configuration or behavior, and (b) frameworks to integrate various formal analytics techniques or tools in a single a system to enable comprehensive and novel analytics capabilities. This will include Open interfaces, standardization and management such as Security Content Automation Protocol (SCAP)-based solutions, configuration sharing, human factors and cognitive science for usable configuration, protecting the privacy and integrity of security configuration, configuration management APIs.