Integrated Decision Engine for Evolving Defenses (InDEED)

Selecting appropriate cyber defense mechanisms for an enterprise network and correctly configuring them is a challenging problem. Identifying the set of defenses and their configurations in a way that maximizes security without exhausting system resources or causing unintended interference (a situation known as cyber friendly-fire) is a multi-criteria decision problem, which is difficult for humans to solve effectively and efficiently. Proactive defenses are especially difficult to configure due to their temporal nature. This effort aims to develop a decision engine that (1) intelligently searches for optimal cyber defense configurations in a way that leads to continuously improving solutions; (2) uses compute clusters to scale computation to realistic enterprise-level networks; and (3) presents meaningful choices to operators and incorporates their feedback to improve the suggested solutions.