Towards automated threat-informed cyberspace defense

To attain their goals, attackers have developed highly automated intelligence-driven attack capabilities. In contrast, defenders are still challenged by prolonged detection and response times due to their insufficient threat situational awareness and the fact that they heavily rely on manually executed defense operations. This thesis introduced and enhanced foundational technology in support of accomplishing automated threat-informed cyberspace defense. The research direction was influenced by the Integrated Adaptive Cyber Defense (IACD) framework that defines three fundamental capability requirements to realize autonomous defense environments that can detect, respond to, or outmaneuver cyber attacks in cyber-relevant time. In particular, the main contributions of this Ph.D. work are: - To enhance defenders' knowledge about adversaries, we introduced an ontological approach for representing and modeling their personas based on their defining characteristics. - We introduced a playbook standard for creating, documenting, and sharing security processes and procedures. Defenders can exchange such playbooks and utilize them to automate segments of their defense operations. - We supported the development of a machine-readable language that standardizes the way we command and control cyber defense systems.