Literature Review on Active Cyber Defense

Dorothy E. Denning in his essay 'Framework and principles for active cyber defense' brings out a broad view of active cyber defense taken from the concept of active air and missile defense. It gives away a variety of cyber defenses, many of which are comprehensively deployed and considered at present day threatening environment.

The computer security community has had sore point for the concept of active cyber defense. Gary McGraw, Chief Technology officer of Citadel, has called it "irresponsible", recipe for disaster, he further added "The last thing we need in computer security is a bunch of yoo-hoos and lynch mobs". Though his remarks are based on concept of active defense based on "hacking back" or "attacking the attacker" If the security of innocent people is on stake, then it should be standstill. This essay has raised many legal and ethical issues that the writer has reviewed the concepts of active and passive air and missile defenses, has described a framework for differentiate variety of cyber defense and finally suggested legal and ethical principal principles for conducting active cyber defense.

Active and passive air and missile defense has been distinguished by US military doctrine and has defined it Active Air and Missile Defenses (AMD) Dorothy E. Denning has cited, surface- to- air and missile defense system that uses an advanced aerial interceptor missile and high performance radar system to detect and shoot down hostile aircraft and tactical ballistic missiles.

He has suggested active and passive air defense can be applied to the cyber domain by replacing the term "air and Missile" with "cyber" that can be understood Active Cyber Defense. Active cyber defense are direct actions taken against specific threats whereas passive cyber defense comprises cryptography and steganography. Framework for active cyber defenses has been characterized by four features like scope of effects, degree of cooperation, types of effects, and degree of automation. Dorothy has also laid emphasis on Ethical and legal principles for active cyber defense. He has advised that active cyber defenses should be deployed ethically and legally. Six different principal has been suggested aims at to promote that Authority, third party immunity, necessity proportionality, human involvement and civil liberties.

Wake Forest University have also shared in their research paper named "Defense on the Move-Ant Based Cyber Defense" that conventional cyber defenses like firewalls and intrusion detection system has been static that is giving attackers feasibility but moving target defense like Ant Based Cyber Defense proves to be resilient defense that removes the defender. It has been revealed that ant based cyber defense is not a new concept but it is being applied in cyber security. It is a complex system with many inputs and sources of variability it comprises Sergeants, Sentinels and Sensors are software agents, currently implemented as a new mobile agent framework written in Python. It has also been suggested that ant based cyber defense employees' hierarchy of agents between the human supervisor and the resource being protected. Putting defense in motion ABCD enables a moving target capability the defense moves from machine to machine and is very hard to subvert.

The MITRE Corporation has imparted information on Denial and Deception in Cyber Defense. Basically, these are attacking techniques that evolve cyber systems and provide the best continuous defense. It is leveraged with classical denial and deception techniques to understand the specifics of adversary attacks. It also enables an organization to build an active and threat-based cyber defense. Research paper talks on two dimensional frameworks to apply D&D techniques that seem to be complicated as D&D methods matrix are incapable to induce proper implementation. The writers should have made it more clear and compact. It has been now widely recognized that traditional approaches to cyber defense have been inadequate. Boundary controllers and filters such as firewalls and guards, virus scanners, and intrusion detection and prevention technologies have all been deployed over the last decade. However, sophisticated adversaries using zero-day exploits are still able to enter. They can establish a persistent presence. We ought to assume that an adversary will breach border controls and establish footholds within the defender's network, so we need to study and engage the adversary on the defender's turf in order to influence any future moves. In this new paradigm, a key component is cyber denial and deception (cyber D&D).

The aim of D&D is to influence another to behave in a way that gives the deceiver an advantage, creating a causal relationship between psychological state and physical behavior. Denial actively prevents the target from perceiving information and stimuli; deception provides misleading information and stimuli to actively create and reinforce the target's perceptions, cognitions, and beliefs. Both methods generate a mistaken certainty in the target's mind about what is and is not real, making the target erroneously confident and ready to act. As adversaries' attack techniques evolve, defenders' cyber systems must also evolve to provide the best continuous defense. Engineering cyber systems to better detect and counter adversarial D&D tactics and to actively apply D&D against advanced persistent threats will force adversaries to move more slowly, expend more resources, and take greater risks. In doing so, defenders may possibly avoid, or at least better fight through, cyber degradation.