Presentation is loading. Please wait.

Presentation is loading. Please wait.

Soar Agents for Cyberspace 5/15/2018

Published byShannon Jenkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Soar Agents for Cyberspace 5/15/2018"— Presentation transcript:

1 Soar Agents for Cyberspace 5/15/2018

2 Why Do We Need Cyberspace Cognitive Agents?
Attack Surface Growth Continuous Security Threat Complexity Workforce Shortage

3 CyCog Agent Genealogy Penetration Tester Defender Cyberspace Denizen
Cyber Range TTP Models CyCog-A Penetration Tester General Agent CyCog CyCog-D Soar Defender RiDL Cyber Feature Mgmt Sys CyCog-U Cyberspace Denizen CyCog: Cyber Cognitive TTP: Tactics, Techniques & Procedures

4 Challenges Enabling Soar agents to use standard tools and applications
Standard off-the-shelf pen-testing tools Built-in command-line interface (CLI) applications (especially over remote sessions) Should Soar know all the CLI arguments, or rely on abstraction layers? Modeling behaviors of (cyberspace) operators Model abstractions allow reuse across multiple domains Goal preferences ensure desired goals based on different operators (personas) How to model/manage/share large sets of adversarial techniques & procedures? Modeling cyberspace Documentation of every “thing” the agent sense/acts-on in cyberspace Sharing models with humans, Soar agents, non-symbolic AI How to keep track of hosts (etc.) when everything (e.g., IP addresses) can change?   

5 CyCog Architecture C4: CyCog Command & Control
TTP: Tactics, Techniques & Procedures

6 Teaching CyCog New Tricks
SC2RAM Knowledge Model

7 Teaching CyCog New Tricks

8 Keeping Track of Cyber Stuff
Cyberspace Layer Modeling Aspects Cyber-Persona (Cognitive/ Social) Personas and Identities (many-to-many) Intent/Goals TTPs, C2 Social presence and communication Logical Operating system + drivers Applications (to include malware) Network protocols Events and Logs Physical Hardware architecture Physical compute nodes Physical network connections Geo-Location of compute nodes Persona biometrics (key stroke, mouse patterns, facial recognition) Me Alejandro Orient DB

9 Demo

10 Future Work Improved Mission Planning Temporal Aspects Open Source
RaGE goal editor Control measures Temporal Aspects Soar agents don’t operate at the same speed as human cyberspace operators Cyberspace is a dynamic environment (i.e., things move around an awful lot) Open Source TTP Model & RESTful API TTP Toolkit Human-Guided Exploration User hints On-the-fly re-tasking

11 Nuggets Coal Only (known) autonomous cyberspace operator
Abstraction layer supports autonomous general users Expressive user interface Requires Soar programming for full mission planning Too few tricks (adversarial techniques & procedures) Very limited teaming

12

Download ppt "Soar Agents for Cyberspace 5/15/2018"

Similar presentations

 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group (www.opengroup.org) Provides a set of tools and.

 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group ( Provides a set of tools and.
Can Network Security be Fun? An agent-based Simulation Model and Game Proposal A computer lets you make more mistakes faster than any invention in human.

Can Network Security be Fun? An agent-based Simulation Model and Game Proposal "A computer lets you make more mistakes faster than any invention in human.
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
LÊ QU Ố C HUY ID: QLU13069 1. OUTLINE  What is data mining ?  Major issues in data mining 2.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
SWE 316: Software Design and Architecture – Dr. Khalid Aljasser Objectives Lecture 11 : Frameworks SWE 316: Software Design and Architecture  To understand.

SWE 316: Software Design and Architecture – Dr. Khalid Aljasser Objectives Lecture 11 : Frameworks SWE 316: Software Design and Architecture  To understand.
Event Driven Programming

Event Driven Programming
The Yellow Group Design Informatics (Regli, Stone, Kusiak, Leifer, Gupta, Chung, Fenves, Law, Kopena)

The Yellow Group Design Informatics (Regli, Stone, Kusiak, Leifer, Gupta, Chung, Fenves, Law, Kopena)
CSCE 522 Secure Software Development Best Practices.

CSCE 522 Secure Software Development Best Practices.
Rehab AlFallaj.  OSI Model : Open system Interconnection.  is a conceptual model that characterizes and standardizes the internal functions of a communication.

Rehab AlFallaj.  OSI Model : Open system Interconnection.  is a conceptual model that characterizes and standardizes the internal functions of a communication.
1 CMPT 275 High Level Design Phase Modularization.

1 CMPT 275 High Level Design Phase Modularization.
CSCE 201 Secure Software Development Best Practices.

CSCE 201 Secure Software Development Best Practices.
CSCE 315 – Programming Studio Spring 2012. Goal: Reuse and Sharing Many times we would like to reuse the same process or data for different purpose Want.

CSCE 315 – Programming Studio Spring Goal: Reuse and Sharing Many times we would like to reuse the same process or data for different purpose Want.
Autonomous Mission Management of Unmanned Vehicles using Soar Scott Hanford Penn State Applied Research Lab Distribution A Approved for Public Release;

Autonomous Mission Management of Unmanned Vehicles using Soar Scott Hanford Penn State Applied Research Lab Distribution A Approved for Public Release;
Information Security in Laurier Grant Li Wilfrid Laurier University.

Information Security in Laurier Grant Li Wilfrid Laurier University.
Computer Networking A Top-Down Approach Featuring the Internet Introduction Jaypee Institute of Information Technology.

Computer Networking A Top-Down Approach Featuring the Internet Introduction Jaypee Institute of Information Technology.
Use of Soar for Modeling Cyber Operations 36 th Soar Workshop Ann Arbor, Michigan Denise Nicholson, Ph.D., Director of X Ryan O’Grady, Software Engineer.

Use of Soar for Modeling Cyber Operations 36 th Soar Workshop Ann Arbor, Michigan Denise Nicholson, Ph.D., Director of X Ryan O’Grady, Software Engineer.
Common System Exploits Tom Chothia Computer Security, Lecture 17.

Common System Exploits Tom Chothia Computer Security, Lecture 17.
Advanced Network Labs & Remote Network Agent

Advanced Network Labs & Remote Network Agent
Proactive Incident Response

Proactive Incident Response

Similar presentations

Ads by Google