The Center for Cybersecurity Analytics and Automation (CCAA) focuses on analytics and automation capabilities for efficient, accurate, and timely cyber-defense operations for complex enterprise information technology (IT), cloud and cyber-physical systems. CCAA's mission is to advance the science and state of the art of analytics and automation by developing innovative sense-making and decision-making techniques for automated adaptive cyber defense that offers minimal human involvement and with provable and measurable properties.
Today's growing use of technology is driving an exponential increase in the complexity of IT operations. The cyber-system complexity pushes the limits of manual infrastructure management and places a heavy burden on organizations and experienced enterprise administrators, and dramatically reduces overall system agility to provide protect network services. There is a great need to automate cyber defense to provide predictive analytics and proactive mitigation against sophisticated advanced persistent threats and malware attacks. As the U.S. Department of Homeland Security wrote in 2011, "Automation is one of the three interdependent building blocks of a healthy cyber ecosystem, along with interoperability and authentication."
Assuring that the configuration of devices can be known, analyzed, and managed is fundamental to emerging concepts of automated and agile defense, and such a defense is viewed as an essential mechanism for future systems. Analytics that are adaptive and robust to achieve this objective is one challenge the research community must address. CCAA's research objectives are focused on advancing cyber defense by integrating robust sense-making and adaptive decision-making for automating risk and threat mitigation and supporting proactive cybersecurity.
CCAA research covers a wide range of application domains including critical infrastructure (such as financial systems, industrial control systems, and power grids), large-scale enterprise IT systems and data centers, cloud and software-defined networking, cyber-physical systems, and "internet of things" systems. CCAA research focus areas include: