| A state of insecurity has existed in cyberspace for the last quarter century. Despite rapid, continual development of cybersecurity technology, the power balance between attacker and network defender has remained largely unchanged. While the cybersecurity community is attempting to change this stalemate by developing active cyber defense tactics, techniques, and procedures, and by emphasizing cyber threat intelligence, these efforts remain incomplete. The cybersecurity community lacks agreement on what active cybersecurity is or should be, and its understanding and use of cyber intelligence remains immature. This study sought to mature both efforts by examining the potential of integrating a structured intelligence analysis technique into an active cyber defense cycle confined to networks owned and operated by network defenders. By synthesizing the Diamond Model of Intrusion Analysis and Robert Lee's Active Cyber Defense Cycle, this study demonstrated that integrating structured intelligence analysis techniques into active cyber defense operations has the potential to alter the power balance between attacker and defender. |
