Self-Adaptation Metrics for Active Cybersecurity

FUZZBUSTER is a host-based adaptive security system that automatically discovers, refines, and repairs vulnerabilities in hosted applications in order to prevent cyberattacks. FUZZBUSTER must decide when to adapt its applications, when to revoke its previous adaptations, and when to sacrifice functionality to improve security. This requires an adaptation quality metric that captures (1) an application’s susceptibility to cyberattacks and (2) an application’s functionality, since adapting an application affects both of these factors. FUZZBUSTER uses different types of test cases to measure security and functionality. In this paper, we describe FUZZBUSTER’s adaptation metrics and we present two different policies for balancing security and functionality. We provide empirical results comparing these policies, and we also demonstrate how FUZZBUSTER can temporarily sacrifice the functionality of hosted applications to increase host security, and then restore functionality when more favorable adaptations are found.

David J. Musliner, Scott E. Friedman, Tom Marble, Jeffrey M. Rye, Michael W. Boldt, Michael Pelican. (2013). Self-Adaptation Metrics for Active Cybersecurity. Second annual SASO workshop on Adaptive Host and Network Security. Philadelphia, PA. - [PDF]