Analytic Characterization Framework

This extension to D3FEND is funded by Office of the Undersecretary of Defense (Research and Engineering), Developmental Test, Evaluation, and Assessments (DTE&A)

What is an analytic? In technology, this is a term often used, but not often defined. For our purposes we’ll use the Cambridge Dictionary’s definition for the term analytic:

"A process in which a computer examines information using mathematical methods in order to find useful patterns." Cambridge Dictionary

Technical capabilities often solve a set of domain problems by performing a set of specific technical functions. With D3FEND, we catalog these discreet functions as they pertain to cybersecurity, we call these D3FEND Techniques. Capability developers use analytics to make sense of or act on the data they are processing. Their implementations can be simple conditional logic or matching, or something more sophisticated like in model-driven approaches. Sometimes simple is better than complex. Other times, you need a complex approach to solve a complex problem. It is always situation dependent.

The D3FEND Analytic Characterization Framework provides the language necessary to describe the specific technical implementation of a D3FEND technique or even abstract method.

Essential ACF Concepts and Relationships

The above diagram depicts our intended use of this framework. These analytic techniques are used to characterize the implementation of D3FEND techniques. We envision multiple use cases for this extension to D3FEND.

First, we seek to advance the state of the art in testing knowledge management for verification (does the capability meet its specification) and validation (is the capability fit for operational purpose). A knowledgebase is necessary to drive consistency across a community of engineers who design and execute tests. We have not found a sufficient taxonomy of these mathematical methods or "Analytic Techniques".

Another use case is supporting analysis of alternatives. Accurately characterizing a capability's domain function and implementation logic ensures you're making valid comparisons between capabilities. It also can also ensure that a capabilty is a good match for the particular situation and intended problem set.

This is an alpha-level taxonomy and framework within D3FEND. We are releasing it to request feedback and contributions from the community.

Analytic Technique Taxonomy

Machine Learning
Machine Learning