Lopata Hall, Room 101
Towards Autonomous Cyber Defense for Effective Attack Mitigating
With the increasing frequency and impact of cyber attacks, cyber warfare has become a major threat to national security. Despite the progress made in cybersecurity, the state of the art is still far from providing sufficient protection not only for enterprises but also for critical infrastructure services. Cyber risk has been growing faster than cyber defense capabilities due to many reasons including the following: (1) the exponential increase of a system's attack surface as a result of the proliferation of connected devices, such as IoT devices; (2) the reliance on human in the cyber defense sense-making and decision-making processes creates bottleneck in security analysis; (3) the asymmetric cyberwarfare due to static cyber configurations that allows adversaries to discover, plan, launch and propagate their attacks effectively and timely; (4) the lack of metrics to assess the effectiveness of cybersecurity analytics and defenses; and (5) the lack of automated decision-support techniques and tools that can dynamically characterize cyber risk posture, and create mitigation strategies.
This talk will present an overview of our research contributions to address these challenges by developing various techniques for automated cyber defense with provable and measurable security and resiliency properties, and minimal human involvement. This talk will cover our work in cyber defense automation in four key areas of our research including: (1) optimization of risk mitigation planning for security hardening, (2) cyber mutation for attack deterrence, deception, and (3) extracting adversary actions and inferring attack patterns from unstructured text of cyber threat intelligence reports, and (4) policy specification and verification for automated course-of-actions generation. At the end of the talk, I will present my on-going work and future research vision to enable cyber to observe, understand, investigate, act, and evolve in order to mitigate cyber-attacks at real-time.
Ehab Al-Shaer is a Professor in Computer Science, the Director of the Cyber Defense and Network Assurability (CyberDNA) Center, and the director of NSF IUCRC Center on Configuration Analytics and Automation in the University of North Carolina Charlotte. Prof. Al-Shaer's research area expertise includes formal verification and synthesis of security configuration, data-driven analytics of cyber threat intelligence, automated adaptive cyber defense, cyber agility (deterrence and deception), and resilience of cyber and cyber-physical (smart grids and IoT) systems. He was designated by the Department of Defense (DoD) as a Subject Matter Expert (SME) on cybersecurity analytics and automation in 2011, and he was awarded the IBM Faculty Award in 2012, and UNC Charlotte Faculty Research Award in 2013. He is a lead researcher in the cyber resilience of NSA Science of Security (SOS) Lablet. Prof. Al-Shaer has edited/co-edited more than 10 books and published more than 200 refereed journals and conference papers in this area. He has a number of patents and he has lead several technology transfer projects. He is also an advisory board member for a leading company in cybersecurity automation. Prof. Al-Shaer received funding from many government agencies including NSF, NSA, ARO, AFRL, and many industry partners including Cisco, Intel, IBM, Bank of America, Duke Energy, BB&T, Depository Trust & Clearing Corporation, RTI International, CIS, and others.