This webpage contains all the information related to the European PhD Thesis titled "Dynamic reaction framework against cyber attacks", an original research work I conducted during my PhD career and supervised by Félix Gómez Mármol (University of Murcia, Spain)

To check the full document, please click here

Description

The digital revolution is happening in front of our eyes, and it is changing our lives. Indeed, individuals rely more and more on the services offered by modern network infrastructures, willing to enhance their quality of life. The outstanding hyperconnectivity of the devices and the way humans can communicate among themselves were unbelievable only some years ago.

Nonetheless, the wide range of opportunities and the significant economic growth offered by such a revolution also carries along adverse outgrowths. In fact, we are also witnessing the rise of ill-motivated organizations whose main objective is to hit network infrastructures for economic and strategic purposes. No one is excluded from this endless battle: from citizens to governments, cybercriminals are threatening entities worldwide ruthlessly.

In such a dangerous scenario, security mechanisms to protect cyberspace represent a need more than ever. That is, cybersecurity and cyber defense are essential to defend ICT systems from cyber assaults. Among the four principal phases of cyber defense (prevention, detection, reaction, and forensics), the reaction against cyberattacks can be depicted as crucial to dynamically eradicate potential threats within the monitored system and, subsequently, heal related assets. Surprisingly, the reaction phase has received considerably less attention compared to the other cybersecurity ones, mainly due to the difficulties that it faces.

In such a dangerous scenario, security mechanisms to protect cyberspace represent a need more than ever. That is, cybersecurity and cyber defense are essential to defend ICT systems from cyber assaults. Among the four principal phases of cyber defense (prevention, detection, reaction, and forensics), the reaction against cyberattacks can be depicted as crucial to dynamically eradicate potential threats within the monitored system and, subsequently, heal related assets. Surprisingly, the reaction phase has received considerably less attention compared to the other cybersecurity ones, mainly due to the difficulties that it faces.

Aiming to contribute to the reactions ecosystem, this PhD Thesis focuses on analyzing the challenges of the field and proposing effective solutions. In this direction, the following leading contributions have been achieved:

1. Firstly, the in-depth study of the state-of-the-art reaction frameworks. Those response strategies have been compared side-by-side based on seven common criteria, highlighting the challenges that this field still poses.
2. Secondly, the proposal of a standard countermeasure representation, aiming to boost the reactions knowledge sharing between security teams and to build robust response plans.
3. Thirdly, the design and implementation of a novel reaction framework that leverages the outstanding features of the AIS. The proposed methodology is able to cherry-pick the optimal set of atomic countermeasures to be fired against identified threats within the protected system in an effective and efficient manner.

Those contributions have been published in top-tier journals to disseminate the findings and possibly impact the research community as an ultimate goal. Additionally, the outcomes have been supervised and shared with Indra, an international enterprise that integrated some of the research outcomes of this work into their portfolio of products and solutions for cyber defense. Consequently, the PhD Thesis objectives described in the previous section have been agreed upon between the University of Murcia and Indra to ensure complete alignment between the scientific goals and the company's needs.

Advisor

• Dr. Félix Gómez Mármol

Date

• September, 7^th 2021

Place

• Faculty of Computer Science, University of Murcia

International experts supporting the PhD Thesis:

• Dr. Jose María Alcaraz Calero, University of the West of Scotland, UK

• Dr. Daniel Orlando Díaz López, Universidad del Rosario, Colombia

Examining board:

• Dr. Joaquín García Alfaro, Telecom SudParis, France

• Dr. Gregorio Martínez Pérez, University of Murcia, Spain

• Dr. Víctor A. Villagrá González, Polytechnic University of Madrid, Spain