An Experimental Platform for Autonomous Intelligent Cyber-Defense Agents: Towards a collaborative community approach (WIPP)

Abstract

Cyber defenses are increasingly challenged to keep up with attackers who might be using automation or machine learning as part of their attack strategies. Autonomous defensive systems will become critical in the coming years to respond to this threat. We present an update on ongoing work to build an autonomous intelligent cyber-defense agent. An initial prototype was demonstrated to NATO ACT in the fall of 2021, and work continues to add additional capabilities to it. The agent in its current state is capable of simple, statically-configured responsive actions as well as storing several types of observations (network scans, IDS alerts, Netflow data) in a knowledge graph. We outline the background for this work, detail the demonstration scenario used last fall, progress since then, and a future roadmap and collaborative strategy for this project including a reinforcement learning approach to automated reasoning.