Cyber Security Decision Support for Remediation in Automated Computer Network Defence

In making important cyber security course of action (COA) decisions, experts mostly use their knowledge and experience to collate and synthesise information from multiple and sometimes conflicting sources such as the continually evolving cyber security tools. Such a decision making process is resource intensive and could result in inconsistencies from experts’ subjective interpretations of how to address the network’s security risks. The push towards automated computer network defence (CND) systems requires autonomous decision making and recommendation approaches for network security remediation. In this work, we present such a novel approach through a TOPSIS-based multi-attribute decision making COA selection technique. Our model uses a survey of experts to show that human experts’ decisions are indeed inconsistent, even when they are provided with the same information. We then present our decision making approach that is based on considering multiple COA selection factors in an operational environment and implementing a multi-objective selection method that provides network defenders with the best actionable COAs for an automated CND system. Our results show consistency that is unmatched by human experts.