Towards Trustworthy Autonomous Cyber Defense for Dynamic Intrusion Response
Lead PI:
Ehab Al-Shaer
Abstract

This project proposes transformative research approaches to provide a significant leap toward genuine autonomous cyber defense by enabling playbooks to be dynamically adaptive, predictive, adversary-aware, and trustworthy. Our proposed techniques address the above challenges and enable advancing the science and engineering of the state-of-the-art of intrusion response automation by ambitiously seeking to develop autonomous cyber defense systems that require no or minimal human involvement in the decision-making loop while maximizing effectiveness (i.e., system convergence to a good state) and minimizing the time-to-respond or mitigate. We propose to make cybersecurity autonomous by designing formal models and techniques that can automatically observe, reason, predict, adapt, and act to respond to attacks proactively, providing provable guarantees of safety and convergence.

Ehab Al-Shaer

Ehab Al-Shaer is a distinguished career professor at the Information Networking Institute (INI) and faculty member at Carnegie Mellon CyLab Security and Privacy Institute. Before joining CMU, Al-Shaer was professor and the founding director of the CyberDNA and NSF Cybersecurity Analytics and Automation (CCAA) centers at the University of North Carolina, Charlotte, from 2009 to 2020.

Al-Shaer has spent more than 22 years as a researcher and educator in the field of cybersecurity. His primary research areas are network security, cybersecurity analytics and automation, intrusion and fault diagnosis, and network resilience. Throughout his career, he has received significant research funding from both government agencies and industry, as well as published 10 books and more than 200 refereed publications, many of which are well-cited works in the fields of data-driven and formal-driven cybersecurity. Al-Shaer has also led several technology transfer projects and served as an advisory board member for leading companies in cybersecurity automation. He has two accepted patents and several others submitted.

In 2011, he was designated by the Department of Defense (DoD) as a Subject Matter Expert (SME) on security analytics and automation, and was awarded the IBM Faculty Award in 2012, and the UNC Charlotte Faculty Research Award in 2013.

Al-Shaer has served as Program Chair of ARO Autonomous Cyber Deception Workshop in 2018, ACM/IEEE SafeConfig 2013-2015, IEEE Integrated Management (IM) 2007, and IEEE POLICY 2008. He also served as General Chair of the ACM Computer and Communications Security (CCS) in 2009 and 2010, and the NSF Workshop in Assurable and Usable Security Configuration in 2008.

Institution: Carnegie Mellon University