Achieving Active Cybersecurity through Agent-Based Cognitive Models for Detection and Defense

Date

2021

Journal Title

Journal ISSN

Volume Title

Publisher

NATO Autonomous Intelligence Cyber-Defence Agent Working Group

Abstract

We propose a methodology for the development of autonomous intelligent cyber-defense agents based on cognitive models. Those cognitive models inherit both mechanism and limitations from cognitive architectures implementing unified theories of human cognition. The mechanisms endow the models with powerful characteristics of human cognition, including robustness, generalization and adaptivity. The limitations enable the models to predict the cognitive biases of human teammates and adversaries, allowing them to augment the former and exploit the latter. This paper provides an introduction to the cognitive mechanisms used, in particular the subsymbolic activation mechanisms underlying symbolic knowledge representation enabling human-like learning and adaptivity. We illustrate the approach with a number of applications, including models of sensemaking in geospatial intelligence, deceptive signaling for cyber defense, and malware and intrusion detection systems.

Description

Keywords

cognitive modeling, deceptive signals, cognitive architecture, phishing

Citation

Thomson, Robert, E. A. Cranford, and C. Lebiere. "Achieving active cybersecurity through agent-based cognitive models for detection and defense." In Proceedings of the 1st International Conference on Autonomous Intelligent Cyber-defence Agents (AICA 2021). 2021.

DOI