Center for Configuration Analytics and Automation

vision, mission & Capabilities

Vision The internationally recognized collaborative research activity focused on security and resiliency analytics and automation for complex cyber systems including information, communications and technologies.

Mission The NSF I/UCRC Center for Cybersecurity Analytics and Automation (CCAA) mission is to build the critical mass of inter-disciplinary academic researchers and partners from industry and government agencies to undertake pre-competitive research that advance the science and state-of-the-arts of security analytics and automation by developing innovative sense-making and decision-making for automated and adaptive cyber defense that offers minimal human involvement, with provable, and measurable cyber security and resiliency properties. CCAA was established in 2013 as a multi-University National Science Foundation Industry/University Cooperative Research (I/UCRC) center.

Cyber is a complex system of systems. It essentially requires salable, robust and adaptive analytics and automation to sustain its mission against evolving sophisticated attacked.​ CCAA research team includes experts in formal- and data-driven cybersecurity for advancing cyber defense in two fronts: (1) enabling robust and salable sense-making for dynamic and predictive cyber risk analytics using large-scale of heterogeneous cyber artifacts including logs, alerts, traffic traces, incident reports, malware analysis, STIX reports, and unstructured text from threat intelligence sources, and (2) enabling adaptive and autonomic decision-making for creating defense strategies and course of actions that are provably-correct and operationally safe using mission requirements, security policies and guidelines (e.g., CIS CSC), and system and cyber infrastructure configurations.

Domains CCAA projects cover wide range of application domains including the following:
  • Critical infrastructure (financial and power girds),
  • Large-scale data centers, Cloud and enterprise IT systems,
  • Software-Defined Networking,
  • Cyber-physical and Industry Control Systems, and
  • Internet-of-Things.

Broader Impact We CCAA will emphasize, encourage and develop high-quality and cost-effective applied research directed by industry and government partners to produce novel ideas and prototype tools accessible to members. The CCAA fabric of academic researchers, industry experts and government leaders enables advancing the science and frontier of cybersecurity significantly beyond the state of the art.

Team
​Expertise





​research thrusts
CCAA team core expertise includes formal methods (verification & synthesis), graph analytics, optimization theory, information theory, natural language processing, text and big data mining, reinforcement and statistical learning, active and deep learning, and probabilistic reasoning. 

Our objective is to use this expertise to advancing the science of security for sensing-making, decision-making and their integration to enable autonomous cyber defense. 
  •  Data-driven Predictive analytics that focus on the ability to learn of potential risk and threat to the enterprise IT environment without requiring manual analysis. Fusion of a broad range of enterprise related data automatically in machine readable forms to support a variety of analytics that can direct automated defensive actions. 
  • Adaptive cyber defense using dynamic configuration, response and orchestration  to enable cost-effective agility and resiliency capabilities  against unknown advanced persistent threats (incomplete adversary model).
  • Formal- and data-driven analytics techniques for defining, verifying and validating security policy requirements for large-scale complex system of systems such as cloud data centers, software defined networks, smart grid environments.
  • A holistic evaluation of the system security and resiliency using formal quantifiable metrics and science of security techniques to measure and improve the security and resiliency of cyber and cyber-physical systems .

research topics
  • Configuration & Vulnerability Analytics
    • Security policy verification
    • Security configuration synthesis and planning
    • Access control verification and optimization
    • Salable attack graphs analytics
  • Software Analytics
    • Software verification
    • Malware (binary code) dynamic analysis  
    • In-line reference monitoring
    • Privacy Preservation
  • Network traffic/traces/incidents Analytics
    • Intrusion detection of low & slow cyber-attacks (APT, DDoS, etc)
    • Large-scale event correlation and classification
    • Data-provenance verification and enforcement
    • Alarm filtering and prioritization
  • Cyber Risk Analytics & Mitigation  
    • Quantitative risk metrics
    • Optimizing cybersecurity RoI  
    • Automated security hardening for risk apatite
    • Automated identification and measurement of Key Risk Indicators (KRI) and Key Performance Indicators KPI for Cyber Risk Apatite
  • Cyber Threat Intelligence Analytics
    • Text mining of unstructured cyber threat sources
    • Cybersecurity Ontology and dictionary creation
    • Predictive analytics using threat information sharing
    • Automated STIX generation and analytics
    • Securing threat information sharing
  •  Cyber-Physical Systems and Industry Control System Analytics
    • Security and resiliency of Energy Management Systems
    • Securing AMI
    • Resilient controllers for ICS
    • Automotive Security
    • Risk measurement of complex and interdependent system of systems.
  • Cyber Agility & Autonomic Decision Making 
    • Adaptive cyber defense
    • Cyber Mutation and moving target Defense
    • Active Cyber deception
    • Cyber Resilience
    • Autonomous cyber defense
    • Automatic generation of Course of Action)
    • Automated intelligent response, planning and orchestration