Achieving Active Cybersecurity through Agent-Based Cognitive Models for Detection and Defense
Date
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
We propose a methodology for the development of autonomous intelligent cyber-defense agents based on cognitive models. Those cognitive models inherit both mechanism and limitations from cognitive architectures implementing unified theories of human cognition. The mechanisms endow the models with powerful characteristics of human cognition, including robustness, generalization and adaptivity. The limitations enable the models to predict the cognitive biases of human teammates and adversaries, allowing them to augment the former and exploit the latter. This paper provides an introduction to the cognitive mechanisms used, in particular the subsymbolic activation mechanisms underlying symbolic knowledge representation enabling human-like learning and adaptivity. We illustrate the approach with a number of applications, including models of sensemaking in geospatial intelligence, deceptive signaling for cyber defense, and malware and intrusion detection systems.