High-Assurance Active Cyber Defense Policies for Auto-Resiliency - April 2017

Submitted by drwright on Mon, 03/20/2017 - 8:48pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Ehab Al-Shaer
Researchers: Abdullah Al Farooq (UNCC), Md Mazharul Islam (UNCC)

HARD PROBLEM(S) ADDRESSED

Resilient Architectures:

PUBLICATIONS

ACCOMPLISHMENT HIGHLIGHTS

We designed a policy language called CLIPS for defining adaptive cyber defense. CLIPS allow for expressively defining a course of action composed of investigation and reconfiguration actions. We developed as a case study a rule using CLIPS for defending against sophisticated, stealthy distributed denial of service attack to help test the agility of CLIPS to investigate the incident of a flooded link and select the most appropriate course of action for mitigation. Our preliminary evaluation shows that the maximum delay in response is a few (3-5) seconds from the detecting the change of the attacker's DDoS strategy.

Groups:

NCSU Science of Security Lablet Research Initiative