Despite the advances of cybersecurity over the past years, the gap between security risk and defense capabilities is ever increasing. This can be attributed to fundamental standing challenges in cyber security. Firstly, the growing complexity of cyber and cyber-physical systems configurations that usually contain millions of highly inter-dependent rules and variables significantly increases the potential mischaracterizing of the system risk and security threats. Secondly, the asymmetry of cyber warfare, which allows adversaries to plan, launch and propagate attacks while defense strategies exhibit high uncertainty due to unknown attack strategies, increases the potential of attack evasion and success. Thirdly, key system artifacts (e.g., logs and traces) important for estimating the system state become are high-volume and semantically unstructured, which imposes real challenges in reasoning about failures or attacks.

In this talk, I will give an overview of our current and future research to address these challenges and enable next-generation secure and resilient cyber and cyber-physical systems. I will present our research work in data-driven analytics and automation using formal methods, statistical analysis and probabilistic reasoning for improving the trustworthiness, resiliency and assurability of large-scale complex systems. In particular, I will present three main thrusts of my research: (1) our formal analytics for modeling and verification of cyber and cyber-physical system behavior based on configuration and log data, (2) cyber agility using data- and model-driven techniques, and (if the time allows) (3) evidential reasoning and formal analytics combined approach for network diagnosis and prognostication of networks. My research application domains include security analytics of large-scale enterprises and data centers, smart grid, health diagnosis of critical infrastructure, and Software Defined Networking security.

Ehab Al-Shaer is a Professor in Computer Science, the director of Cyber Defense and Network Assurability (CyberDNA) Center, and the director of NSF IUCRC Center on Security Configuration Analytics and Automation in UNC Charlotte. His area of research is security analytics and automation, configuration verification and optimization, firewalls and intrusion detection, smart grid security, security metrics and cyber agility. Dr. Al-Shaer has edited/co-edited more than 12 books and book chapters, and published about 170 refereed journals and conferences papers in his area. He was designated as a Subject Matter Expert(SME) in the area of security configuration analytics and automation in Information Assurance Newsletter published by DoD in 2011I was the General Chair of ACM Computer and Communication in 2009 and 2010 and NSF Workshop in Assurable and Usable Security Configuration in 2008. Dr. Al-Shaer was also the PC chair for many other conferences and workshops including ACM/IEEE SafeConfig 2009 and 2013, IEEE Integrated Management 2007, IEEE POLICY 2008, and others. In the past four years, Dr. Al-Shaer has received a total research funding of more than $6M during the past four years from various government and industry sources including NSF, AFRL, ARO, NSA, Duke, IBM, Telcordia, Bank of America, BB&T, DTCC, RTI and others.