High-Assurance Active Cyber Defense Policies for Auto-Resiliency - July 2017

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Ehab Al-Shaer
Researchers: Abdullah Al Farooq (UNCC), Md Mazharul Islam (UNCC)

HARD PROBLEM(S) ADDRESSED

• Resilient Architectures: Our goal in this project is to develop a formal framework for automated active cyber defense system that consists of the following components: (1) CLIPS: a reactive control policy language (called CLIPS) to define proactive and reactive cyber resiliency strategies, (2) ActiveSDN: a controller synthesis engine to translate CLIPS to investigation and reconfiguration courses-of-actions (CoA) implemented on SDN using OpenDalylight and OpenFlow, and (3) ACD verifier and orchestrator to assure the consistency, correctness, and safety of automated CoA to enable assurable auto-resiliency.

PUBLICATIONS

ACCOMPLISHMENT HIGHLIGHTS

• In this quarter, we developed the basic implementation of CLIPS/ActiveSDN and provide various examples and case studies for automatic creation of active/adaptive cyber defense using CLIPS/ActiveSDN. These examples include real-time adaptive DDoS mitigation, IP and path mutation as moving target defense for deterrence and deception, and continuous monitoring for risk newcomers. Our case study implementation of real-time adaptive DDoS mitigation is being deployed in APL testbed for IACD demonstration next fall. Our case study will demonstrate the ability of ActiveSDN to learn, adapt, and respond to various infrastructure DDoS attack strategies effectively and timely.