Computer and network security is currently challenged by the need to secure diverse network environments including clouds and data-centers, PCs and enterprise infrastructures. This diversity of environments is coupled to increased attack sophistication. Today's tools for securing network and computing infrastructures can be painstakingly composed and configured using available components, but fail to automatically learn from their environment and actively protect it. This research introduces Active Security, which is an architectural approach with fundamental advantages for network defenders; Active Security continuously senses threats and adapts defenses to those threats, including those previously unseen.
Active Security prototyping and applications incorporate a novel high-rate decision procedure that avoids manual intervention. The project addresses: (1) the characteristics of network 'sensors' most useful to an observe-orient-decide-act (OODA) loop; (2) decision and control algorithms for determining appropriate actions based on sensed events; (3) the infrastructure required for robust and trustworthy systems requiring minimal human-in-the-loop interaction; (4) automated defense approaches viable in diverse network settings that do no harm and are recoverable; and (5) metrics for performance assessment of an Active Security system such as responsiveness and accuracy.
Active Security's central themes of network security, network sensing, and automated defenses integrate naturally into both graduate and undergraduate education at participating institutions, including both midshipmen at the United States Naval Academy and cadets at the United States Military Academy. Network security is an increasing concern for society at large, and an Active Security implementation is straightforward to deploy on networks equipped with programmable software defined networking (SDN) controllers, a technology increasingly present in data center, carrier and enterprise networks.
