An introductory preview of Autonomous Intelligent Cyber-defense Agent reference architecture, release 2.0

Warning

This publication doesn't include Faculty of Arts. It includes Institute of Computer Science. Official publication website can be found on muni.cz.

Authors	KOTT Alexander THERON Paul MANCINI Luigi DUSHKU Edlira PANICO Agostino DRAŠAR Martin LEBLANC Benoit LOSIEWICZ Paul GUARINO Alessandro PIHELGAS Mauno RZADCA Krzysztof
Year of publication	2020
Type	Article in Periodical
Magazine / Source	The Journal of Defense Modeling and Simulation: Applications, Methodology, Technology
MU Faculty or unit	Institute of Computer Science
Citation
Web	https://journals.sagepub.com/doi/10.1177/1548512919886163
Doi	http://dx.doi.org/10.1177/1548512919886163
Keywords	Intelligent agent; autonomy; cyber warfare; cyber defense; agent architecture
Description	The North Atlantic Treaty Organization (NATO) Research Task Group IST-152 developed a concept and a reference architecture for intelligent software agents performing active, largely autonomous cyber-defense actions on military assets. The group released a detailed report, briefly reviewed in this article, where such an agent is referred to as an Autonomous Intelligent Cyber-defense Agent (AICA). In a conflict with a technically sophisticated adversary, NATO military networks will operate in a heavily contested battlefield. Enemy malware will likely infiltrate and attack friendly networks and systems. Today's reliance on human cyber defenders will be untenable on the future battlefield. Instead, artificially intelligent agents, such as AICAs, will be necessary to defeat the enemy malware in an environment of potentially disrupted communications where human intervention may not be possible. The IST-152 group identified specific capabilities of AICA. For example, AICA will have to be capable of autonomous planning and execution of complex multi-step activities for defeating or degrading sophisticated adversary malware, with the anticipation and minimization of resulting side effects. It will have to be capable of adversarial reasoning to battle against a thinking, adaptive malware. Crucially, AICA will have to keep itself and its actions as undetectable as possible, and will have to use deceptions and camouflage. The report identifies the key functions and components and their interactions for a potential reference architecture of such an agent, as well as a tentative roadmap toward the capabilities of AICA.
Related projects:	CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence