The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Center for Cybersecurity Analytics and Automation (CCAA)

The opinions, findings, and conclusions or recommendations expressed are those of the Center author(s) and do not necessarily reflect the views of the National Science Foundation.

Center Overview

The Center for Cybersecurity Analytics and Automation (CCAA) focuses on analytics and automation capabilities for efficient, accurate, and timely cyber-defense operations for complex enterprise information technology (IT), cloud and cyber-physical systems. CCAA's mission is to advance the science and state of the art of analytics and automation by developing innovative sense-making and decision-making techniques for automated adaptive cyber defense that offers minimal human involvement and with provable and measurable properties.

Today's growing use of technology is driving an exponential increase in the complexity of IT operations. The cyber-system complexity pushes the limits of manual infrastructure management and places a heavy burden on organizations and experienced enterprise administrators, and dramatically reduces overall system agility to provide protect network services. There is a great need to automate cyber defense to provide predictive analytics and proactive mitigation against sophisticated advanced persistent threats and malware attacks. As the U.S. Department of Homeland Security wrote in 2011, "Automation is one of the three interdependent building blocks of a healthy cyber ecosystem, along with interoperability and authentication."

Assuring that the configuration of devices can be known, analyzed, and managed is fundamental to emerging concepts of automated and agile defense, and such a defense is viewed as an essential mechanism for future systems. Analytics that are adaptive and robust to achieve this objective is one challenge the research community must address. CCAA's research objectives are focused on advancing cyber defense by integrating robust sense-making and adaptive decision-making for automating risk and threat mitigation and supporting proactive cybersecurity.

Universities

Colorado State University
George Mason University
University of North Carolina, Charlotte

View Center Website

Center Personnel

Sushil Jajodia
Center Staff
+1 703 993 2295
jajodia@gmu.edu

Indrakshi Ray
Center Staff
+1 970 491 6355
iray@cs.colostate.edu

Heather Richter Lipford
Center Staff
+1 704 687 8376
Heather.Lipford@uncc.edu

Massimiliano Albanese
Center Staff
+1 703 993 1629
malbanes@gmu.edu

Bruce Anderson
Center Staff

Research Focus

CCAA research covers a wide range of application domains including critical infrastructure (such as financial systems, industrial control systems, and power grids), large-scale enterprise IT systems and data centers, cloud and software-defined networking, cyber-physical systems, and "internet of things" systems. CCAA research focus areas include:

Predictive analytics with the ability to learn risks and threats to the enterprise IT environment without manually inputting data. The fusion of a broad range of enterprise-related data automatically in machine-readable form supports a variety of analytics that can direct automated defensive actions.
Automating the cybersecurity architecture design and configuration based on measured properties and metrics to determine the cost-effective and resilient counter-measure deployment and course of action mitigation to minimize residual risk and time to response
Holistic systems of security and resiliency evaluation using metric-driven formal methods for quantifying the protection of security configuration and cyber-defense systems.
Formal (provable) analytics techniques for defining, verifying, and validating system requirements, such as security policies for large-scale complex systems (for example cloud data centers, software-defined networks, and smart-grid environments), and determining the effectiveness of various analytic methods.

Awards

1822118

IUCRC Phase II Colorado State University: Center for Cybersecurity Analytics and Automation CCAA

Failure to protect systems from cyberattacks in an increasingly interconnected world has severe consequences. The Center for Cybersecurity Analytics and Automation (CCAA) with its universities, government and commercial partners will embark on the development of science and technology to protect, defend, and survive such attacks that are launched by advanced, persistent, and evolving adversaries. The multi-disciplinary and collaborative approach will provide research and technological solutions that will improve sense-making, decision making, and resiliency to sustain cyber missions in the event of cyber warfare and sophisticated cyberattacks.

CCAA with its experts in cybersecurity, formal modeling, and data-driven analytics will advance cybersecurity in multiple ways including (a) robust and scalable sense-making for dynamic and predictive cyber risk analytics using large-scale heterogeneous cyber artifacts, (b) adaptive and autonomic decision-making for creating defense strategies and courses of action that are provably correct and operationally safe using mission requirements, security policies and guidelines, and system configurations, (c) making resilience and agility inherent properties of cyber and cyber physical systems to enable real-time deterrence, deception, and mitigation. The Colorado State University (CSU) site will contribute in formal methods, cyber physical systems, machine learning, and networking.

The Center's research will advance the field of cyber security through its research in preventing, detecting, recovering, and surviving cyberattacks in a connected world and make systems safe, secure, and resilient. Technology transfer will occur through start-ups, student and faculty internships at the member organizations. Students at all levels, high-school, undergraduates, and graduates will be involved in the projects. Minority students, especially first generation, will be actively recruited. Efforts will be made to have students do internships at the industrial organizations and the partner universities.

The Center will make all the artifacts developed in this project in a central repository that will be accessible to all its members. The repository will be accessible through the Center's website (http://www.ccaa-nsf.org/). The artifacts include manuscripts, code, datasets, and experimental results. Some of these materials will also be disseminated to the public, selected external organizations conforming to the bylaws of the Center, the NSF policies, and the individual universities requirements. The repository will be available for the duration of the Phase II project, and an earnest attempt will be made to maintain the repository after the project ends.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria. Read More >

1822150

Phase II IUCRC University of North Carolina Charlotte: Center for Cybersecurity Analytics and Automation CCAA

With the increasing magnitude and sophistication of cyber attacks, cyber warfare has become a major threat to national security. However, the cybersecurity state of the art is still far from providing sufficient protection, not only for Internet enterprise services but also for critical infrastructure services, such as in the financial and energy sectors. With the exponential increase of attack surface and the complete reliance on human analysis and response, the time for detection and mitigation of cyber attacks have been significantly increasing (e.g., can take up to several months). In addition, the cost of deploying cybersecurity has been tremendously increasing as it is becoming very resource and labor intensive.

The University of North Carolina Charlotte (UNC Charlotte) is leading the research and industry community in NSF IUCRC Center on Cybersecurity Analytics and Automation (CCAA) to address these challenges. Our goal is to build the critical mass of inter-disciplinary academic researchers, industry partners, and government agencies for advancing the science and state-of-the-art of cybersecurity analytics and automation by developing innovative sense-making and decision-making capabilities for autonomous and adaptive cyber defense that requires minimal human involvement with provable and measurable security and resiliency properties. We consider both formal- and data-driven analytics of cybersecurity artifacts for seamlessly integrating sense-making and decision-making for adaptive and autonomous cyber defense.

CCAA brings together experts in formal and data-driven cybersecurity to advance cyber defense on multiple fronts, namely, (a) developing dynamic and predictive cyber risk analytics using heterogeneous cyber artifacts, (b) developing adaptive and autonomic decision-making for provably correct and safe defense strategies according to the mission requirements, and system configurations and (c) integrating cyber resilience and agility as inherent properties of cyber and cyber-physical system security. The UNC Charlotte site will lead the research and management activities and provides profound technical contributions to CCAA in formal methods for configuration verification, automated risk quantification and mitigation, adaptive learning, cyber threat analytics, and cyber agility.

The Center will create and maintain a center-wide repository to make all products of the research ? datasets, code, tools, experimental results, draft manuscripts, etc. ? available to all Center?s members. The repository will be accessible through the Center?s website (http://www.ccaa-nsf.org/). Consistently with the Center?s bylaws and with any applicable NSF or individual universities? requirements, several of these products will be made available to the broader research and industry community. The repository will be actively maintained during the duration of the Phase II effort, and it can be accessed online.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria. Read More >

1822094

Phase II IUCRC George Mason University: Center for Cybersecurity Analytics and Automation CCAA

Cyber warfare has become a major threat to national security, and the increasing sophistication of cyber attacks calls for innovative analytical and automation capabilities to face advanced, persistent, and evolving adversaries. The Center for Cybersecurity Analytics and Automation (CCAA) will develop a range of such new capabilities through a collaborative and multidisciplinary approach involving three university sites and a broad range of industry and government sponsors. At the core of the Center's strategy is the goal to advance the state of art in sense-making, decision making, and resilience in order to enable systems to sustain cyber missions against sophisticated attacks.

CCAA brings together experts in cybersecurity, formal modeling, and data-driven analytics to advance cyber defense on multiple fronts, namely, (a) robust and scalable sense-making for dynamic and predictive cyber analytics using large-scale heterogeneous cyber artifacts, (b) adaptive and autonomic decision-making for creating defense strategies and courses of action that are provably correct and operationally safe using mission requirements, security policies, guidelines, and system configurations, and (c) making resilience and agility inherent properties of cyber and cyber physical systems to enable real-time deterrence, deception, and mitigation. The George Mason University site will provide expertise in attack modeling, software security, and stochastic optimization.

The Center's research will advance the state of the art in cyber defense against the most sophisticated threats. Through an increased focus on technology transfer, CCAA will enable organizations to deploy new tools and analytical capabilities to effectively and efficiently secure their systems against advanced threats capable of circumventing traditional defenses. Students at all levels will be actively involved in the research and will have ample opportunities to engage with industry sponsors and other university sites trough internships and extended cross-site visits. Participation of undergraduate and high school students, female students, and underrepresented minorities will also be actively promoted.

The Center will create and maintain a center-wide repository to make research products such as datasets, code, tools, experimental results, and draft manuscripts available to all of the Center's members. The repository will be accessible through the Center's website (http://www.ccaa-nsf.org/ ). Consistent with the Center's bylaws and with any applicable requirements of individual universities or NSF, several of these products will be made available to the broader research and industry communities. The repository will be actively maintained during the entire duration of the Phase II effort, and it will remain online beyond the end of the project.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria. Read More >

Member Organizations

IUCRC affiliated member organizations are displayed as submitted by the Center. Non-federal organizations are not selected, approved, or otherwise endorsed by the National Science Foundation.