Center for Cybersecurity Analytics and Automation

National Science Foundation (NSF) Industry/University Cooperative Research Program (I/UCRC)

Aerial View of the George Mason Fairfax Campus

About the Center


The internationally recognized collaborative research activity focused on cybersecurity analytics and automation for complex information, communications and technology (ICT) environment.


The mission of the Center for Cybersecurity Analytics and Automation (CCAA) is to build the critical mass of inter-disciplinary academic researchers and industry partnerships to undertake pre-competitive research that addresses the current and future challenges of analytics and automation. The research objectives are focused on improving enterprise IT system management, security, resiliency, service assurability and performance; and the application of innovative analytics and automation to complex networked systems. The applicable domains for this research include complex enterprise IT environments, Cloud and data centers, hybrid cyber-physical systems, smart critical infrastructures, mission-oriented networks (sensor-actuator networks), software defined networks, social networks and mobile systems. CCAA will emphasize, encourage and develop top-quality graduates with knowledge and experience in this field.

Research Directions

Research projects being refined include those focused on:

  • Predictive analytics that focus on the ability to learn of potential risk and threat to the enterprise IT environment without requiring manual analysis. Fusion of a broad range of enterprise related data automatically in machine readable forms to support a variety of analytics that can direct automated defensive actions.
  • Automating the configuration design process objectively (using measurable metrics) to determine cost-effective security, agility and resiliency counter-measure pattern for each flow to address the issue of identifying residual risk due to incomplete requirements by using hypothesis generation and evaluation and interactive analytics.
  • Formal (provable) analytics techniques for defining, verifying and validating system requirements such as service level agreement for large-scale complex system of systems such as cloud data centers, software defined networks, smart grid environments.
  • A holistic evaluation of the system security and resiliency using formal quantifiable metrics to measure and improve the interconnected configuration of information.

Research Thrusts


This research includes the entire configuration (polices, rules, variables or interfaces) cycle including defining, abstraction, synthesis, refinement, verification, validation, testing, debugging, optimization, tuning, and evaluation of configurations parameters in order to prove, measure, assess and improve the system assurability; i.e. availability and Quality of Service (QoS), security (trustworthiness), and sustainability (dependability) of current and future IT services and infrastructures.


This research is to develop cohesive, inter-connected, and context-aware configuration management operations to improve and automate decision making by improving system abstraction, semantics unification, distributed monitoring and correlation, configuration tuning and optimization, health-inspired 0-configuraiton, context-aware adaptation, machine-based configuration synthesis and enforcement, moving target defense and polymorphic networks, and configuration economics.


This research is to develop (a) interfaces to integrate heterogeneous information contents/assets about the network configuration or behavior, and (b) frameworks to integrate various formal analytics techniques or tools in a single a system to enable comprehensive and novel analytics capabilities. This will include Open interfaces, standardization and management such as Security Content Automation Protocol (SCAP)-based solutions, configuration sharing, human factors and cognitive science for usable configuration, protecting the privacy and integrity of security configuration, configuration management APIs.