CLIPS/ActiveSDN for automated and safe cybersecurity course-of-actions orchestration
Published in Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, 2019
Continuous attack reports such as data breach, malware, phishing and spamming attack published daily indicate that cyber attack is inevitable in our daily life. Sometimes it takes days, even month to detect and mitigate such stealthy attacks. These require to make network systems resilient against attacks with a high assurance of defense mechanisms that can go beyond attack detection with safe mitigation. That's why we developed a flexible yet expressive policy specification language called CLIPS for Active Cyber Defence, and provably-correct policy refinement engine, ActiveSDN to enable a safe, efficient construction and execution of Course-of-Action workflow composed of investigating for analysis and mitigating for reconfiguration actions to support cyber resilience automation.