Cybersecurity architects are using D3FEND to describe specific technical functions within cyber technologies in a common language of countermeasure techniques. A research project funded by the National Security Agency, D3FEND provides a large collection of digital artifacts to model cyber systems and related countermeasures. This creates a foundation for automated reasoning about the complex interplay between computer network architectures, threats, and cyber countermeasures. Our goal to make it easier for architects to understand how countermeasures work, so that they can more effectively design, deploy, and ultimately better defend networked systems.
D3FEND is a framework which provides a countermeasure knowledge base, but more specifically, a knowledge graph. The graph contains semantically rigorous types and relations that define both the key concepts in the cybersecurity countermeasure domain and the relations necessary to link those concepts to each other. We ground each of the concepts and relations to particular references in the cybersecurity literature. Numerous sources of research and development literature were analyzed, including a targeted sample of over 500 countermeasure patents drawn from the U.S. Patent Office corpus. The graph supports queries that can inferentially map architectural elements to both cybersecurity countermeasures and offensive TTPs.
Peter Kaloroumakis enlisted in the United States Air Force, where he served in Operation Iraqi Freedom and earned a B.S in Computer Information Technology from University of Maryland Global Campus. He worked as a Principal Investigator at Northrop Grumman, and was the founding CTO at BluVector Inc. and holds two patents in applying machine-learning technology to malware detection. Peter joined MITRE in 2017 where he created and leads the MITRE D3FEND project, a knowledge graph of cybersecurity countermeasures.