CyberMix: A roadmap of SDN-based intelligent cybersecurity immune system

Abstract

Cybersecurity is a prerequisite to ongoing developments concerning the interaction of a myriad of networked components ranging from PCs and portable devices through to households white goods. The resulting ecosystem in many ways resembles the human immune or biological ecosystem. However, the cybersecurity community lacks insights into the stability, controllability and observability of the ecosystem, as well as being able to dynamically protect it so that it is immune to unknown vulnerabilities. Today’s approach relies on security experts to identify new flaws and threats and remediate these issues by hand. This process takes time and provides advantage for malicious users to breach and compromise critical systems. Hence this slow reaction cycle has created a permanent offensive advantage. CyberMix seeks to automate this cyber defence process, by fielding a system that discover, prove and fix threats and flaws in real-time with or without any assistance. The paper proposed CyberMix, an architecture that will provide an immune cybersecurity ecosystem by utilising two main principles: Software-Defined Networking (SDN) and an immune agent based on how the Human Immune System (HIS) works against unknown viruses and disease like the current Zika disease. This will be complemented by a dynamic automated cause of action (ACoA), allowing human input to enhance threat signature detection leading to a more secure ecosystem. The cyber research community especially lacks insight into networks that are very large and complex multi-genre in nature. It can also be stated that little is understood about the impact of social-cognitive links and information-element links on the overall network complexity and the various elements that make-up the complex network. Hence, it is of paramount importance to have a solution that enables dynamic, on-demand segmentation of a potentially unstable network into subnets with limited and strictly controlled connectivity between subnets. To facilitate these new and future challenges, there is a need for a system that is self-evolving with the capabilities of the HIS, along with means to predict systems security properties and create self-signatures from known and unknown patterns and behaviours within individual network element within the ecosystem. The paper investigates and identifies suitable methods for creating self-learning/organisation/healing rules that lead to the desired emergent properties.