Recommendations for Model-Driven Paradigms for Integrated Approaches to Cyber Defense

Report No. ARL-TR-7967
Authors: Mona Lange; Alexander Kott; Noam Ben-Asher; Wim Mees; Nazife Baykal; Cristian-Mihai Vidu; Matteo Merialdo; Marek Malowidzki; Bhopinder K Madahar
Date/Pages: March 2017; 58 pages
Abstract: This report describes the findings of the North Atlantic Treaty Organization Exploratory Team investigating cyber defense. Many defensive activities in cyber warfare and information assurance rely on ad hoc techniques. The cyber community recognizes that comprehensive, systematic, principle-based modeling and simulation are more likely to produce long-term, reusable approaches. A model-driven paradigm is predicated on mechanisms of modeling the organization whose mission is under cyber attack, the mission itself, and the systems that support it. The level of detail of this class of problems ranges from the level of host and network events to systems assets and up to business functions. Solving this class of problems is of significant difficulty. Such modeling could be used to explore multiple alternative mitigation strategies and select optimal mitigating actions. The paradigm applied to cyber operations is likely to benefit traditional disciplines of cyber defense. The team identified challenges for model-driven paradigms for cyber defense and reviews 2 in detail: 1) modeling adversarial aspects, including wargaming, of the cyber warfare, and 2) modeling of human cognitive processes in relation to cyber activities. Based on its discussions, the team makes recommendations on modeling and simulation for a broad range of cyber defense disciplines.
Distribution: Approved for public release
  Download Report ( 0.506 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.

Last Update / Reviewed: March 1, 2017