Soar Agents for Cyberspace 5/15/2018

Slides:



Advertisements
Similar presentations
 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group ( Provides a set of tools and.
Advertisements

Can Network Security be Fun? An agent-based Simulation Model and Game Proposal "A computer lets you make more mistakes faster than any invention in human.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
SWE 316: Software Design and Architecture – Dr. Khalid Aljasser Objectives Lecture 11 : Frameworks SWE 316: Software Design and Architecture  To understand.
Event Driven Programming
The Yellow Group Design Informatics (Regli, Stone, Kusiak, Leifer, Gupta, Chung, Fenves, Law, Kopena)
CSCE 522 Secure Software Development Best Practices.
Rehab AlFallaj.  OSI Model : Open system Interconnection.  is a conceptual model that characterizes and standardizes the internal functions of a communication.
1 CMPT 275 High Level Design Phase Modularization.
CSCE 201 Secure Software Development Best Practices.
CSCE 315 – Programming Studio Spring Goal: Reuse and Sharing Many times we would like to reuse the same process or data for different purpose Want.
Autonomous Mission Management of Unmanned Vehicles using Soar Scott Hanford Penn State Applied Research Lab Distribution A Approved for Public Release;
Information Security in Laurier Grant Li Wilfrid Laurier University.
Computer Networking A Top-Down Approach Featuring the Internet Introduction Jaypee Institute of Information Technology.
Use of Soar for Modeling Cyber Operations 36 th Soar Workshop Ann Arbor, Michigan Denise Nicholson, Ph.D., Director of X Ryan O’Grady, Software Engineer.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Advanced Network Labs & Remote Network Agent
Proactive Incident Response
Botnets A collection of compromised machines
Protocols and the TCP/IP Suite
VMware ESX and ESXi Module 3.
CompTIA Security+ Study Guide (SY0-401)
Module 9: Preparing to Administer a Server
Tor Good + Evil.
A lustrum of malware network communication: Evolution & insights
Types for Programs and Proofs
GWE Core Grid Wizard Enterprise (
SECURING NETWORK TRAFFIC WITH IPSEC
^ About the.
CT1303 LAN Rehab AlFallaj.
CHAPTER 3 Architectures for Distributed Systems
Maintaining software solutions
CIT 480: Securing Computer Systems
Understanding the OSI Reference Model
CMPE419 Mobile Application Development
Botnets A collection of compromised machines
Chapter 3: Windows7 Part 4.
CompTIA Security+ Study Guide (SY0-401)
Why PC Based Control ?.
Unit 27: Network Operating Systems
Modeling Cyberspace Operations
Chapter 13 Logical Architecture.
Privacy Through Anonymous Connection and Browsing
Net 431: ADVANCED COMPUTER NETWORKS
11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
GEOMATIKA UNIVERSITY COLLEGE CHAPTER 2 OPERATING SYSTEM PRINCIPLES
Goals Introduce the Windows Server 2003 family of operating systems
Soar Technology, Inc. Proprietary 11/26/2018
Event Driven Programming
Starting Design: Logical Architecture and UML Package Diagrams
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Chapter 13 Logical Architecture.
Chapter 17: Client/Server Computing
K!M SAA LOGICAL SECURITY Strong Adaptive Authentication
Middleware, Services, etc.
4+1 View Model of Software Architecture
Intrusion Detection system
Topic 5: Communication and the Internet
Cloud-Enabling Technology
4+1 View Model of Software Architecture
Software and Software Engineering
Computer Networking A Top-Down Approach Featuring the Internet
Chapter 5 Architectural Design.
Module 9: Preparing to Administer a Server
CMPE419 Mobile Application Development
Chapter 5 SNMP Management
Chapter 5 SNMP Management
From Use Cases to Implementation
Presentation transcript:

Soar Agents for Cyberspace 5/15/2018

Why Do We Need Cyberspace Cognitive Agents? Attack Surface Growth Continuous Security Threat Complexity Workforce Shortage

CyCog Agent Genealogy Penetration Tester Defender Cyberspace Denizen Cyber Range TTP Models CyCog-A Penetration Tester General Agent CyCog CyCog-D Soar Defender RiDL Cyber Feature Mgmt Sys CyCog-U Cyberspace Denizen CyCog: Cyber Cognitive TTP: Tactics, Techniques & Procedures

Challenges Enabling Soar agents to use standard tools and applications Standard off-the-shelf pen-testing tools Built-in command-line interface (CLI) applications (especially over remote sessions) Should Soar know all the CLI arguments, or rely on abstraction layers?   Modeling behaviors of (cyberspace) operators Model abstractions allow reuse across multiple domains Goal preferences ensure desired goals based on different operators (personas) How to model/manage/share large sets of adversarial techniques & procedures? Modeling cyberspace Documentation of every “thing” the agent sense/acts-on in cyberspace Sharing models with humans, Soar agents, non-symbolic AI How to keep track of hosts (etc.) when everything (e.g., IP addresses) can change?   

CyCog Architecture C4: CyCog Command & Control TTP: Tactics, Techniques & Procedures

Teaching CyCog New Tricks SC2RAM Knowledge Model

Teaching CyCog New Tricks

Keeping Track of Cyber Stuff Cyberspace Layer Modeling Aspects Cyber-Persona (Cognitive/ Social) Personas and Identities (many-to-many) Intent/Goals TTPs, C2 Social presence and communication Logical Operating system + drivers Applications (to include malware) Network protocols Events and Logs Physical Hardware architecture Physical compute nodes Physical network connections Geo-Location of compute nodes Persona biometrics (key stroke, mouse patterns, facial recognition) Me Alejandro Orient DB

Demo

Future Work Improved Mission Planning Temporal Aspects Open Source RaGE goal editor Control measures Temporal Aspects Soar agents don’t operate at the same speed as human cyberspace operators Cyberspace is a dynamic environment (i.e., things move around an awful lot)   Open Source TTP Model & RESTful API TTP Toolkit Human-Guided Exploration User hints On-the-fly re-tasking

Nuggets Coal Only (known) autonomous cyberspace operator Abstraction layer supports autonomous general users Expressive user interface Requires Soar programming for full mission planning Too few tricks (adversarial techniques & procedures) Very limited teaming

alex.nickels@soartech.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.