Integrated Decision Engine for Evolving Defenses (InDEED)
Selecting appropriate cyber defense mechanisms for an
enterprise network and correctly configuring them is a challenging
problem. Identifying the set of defenses and their configurations in
a way that maximizes security without exhausting system resources
or causing unintended interference (a situation known as
cyber friendly-fire) is a multi-criteria decision problem, which is
difficult for humans to solve effectively and efficiently. Proactive
defenses are especially difficult to configure due to their temporal
nature. This effort aims to develop a decision engine that (1) intelligently searches for optimal
cyber defense configurations in a way that leads to continuously
improving solutions; (2) uses compute clusters to scale computation
to realistic enterprise-level networks; and (3) presents meaningful
choices to operators and incorporates their feedback to improve
the suggested solutions.