DCAFE: A Distributed Cyber Security Automation Framework for Experiments

Cyber security has quickly become an overwhelming challenge for governments, businesses, private organizations, and individuals. In an increasingly connected world, the trend is for resources to be accessible from anywhere at any time. Greater access to resources implies more targets and potentially a larger surface area for attacks, which makes securing systems more difficult. Automated and semi-automated solutions are needed to keep up with the deluge of modern threats, but designing such systems requires a distributed architecture to support development and testing. Several such architectures exist, but most only focus on providing a platform for running cyber security experiments as opposed to automating experiment processes. In response to this need, we have built a distributed framework based on software agents which can manage system roles, automate data collection, analyze results, and run new experiments without human intervention. The contribution of this work is the creation of a model for experiment automation and control in a distributed system environment, and this paper provides a detailed description of our framework based on that model.