We initiate the study on the problem of automated and robust Cyber Security Management (CSM). We exemplify the problem by investigating how CSM should respond to the discovery of cyber intelligence that identifies new attackers, victims, or defense capabilities. Given the complexity of CSM, we divide it into three classes, referred to as Network-centric (N-CSM), Tools-centric (T-CSM) and Application-centric (A-CSM). These lead to a range of functions for examining whether, and to what extent, a network has been compromised. Moreover, we propose to incorporate blockchain (via Hyperledger Fabric) to build a decentralized CSM system, dubbed B2CSM, that ensures the retrieval of valid invocation results for CSM purposes. We also integrate B2CSM with a decentralized storage network (DSN), instantiated by InterPlanetary File System (IPFS), to reduce on-chain storage costs without hindering its robustness. We present the design and implementation of the prototype B2CSM system. Experiments with real-world datasets show that the CSM solutions and system are effective and efficient.
All Science Journal Classification (ASJC) codes
- Theoretical Computer Science
- Hardware and Architecture
- Computer Networks and Communications
- Artificial Intelligence
- Cyber security management
- Hyperledger fabric