A Cognitive Approach to Intrusion Detection

The VMSoar project at Pace University is building a cognitive agent for cybersecurity. The project's objective is to create an intelligent agent that can model and understand the activities of users who are on the network, and that can communicate with network administrators in English to alert them to illegal or suspicious activities. VMSoar can understand users' activities because it is capable of performing these activities itself. It knows how to perform both legal and illegal activities, and uses this knowledge to explore simulations of the activity on a network. It can also probe information stored on a machine to assess the legality of past activity. Research in cybersecurity is difficult is due to the extremely large amount of data that must be analyzed to detect illegal activities. In addition, new exploits are developed frequently. Most current projects in this area are attempting to build some level of intelligence into their systems; however, those projects are focusing primarily on statistical data mining approaches. The VMSoar project is unique in its approach to building an intelligent security agent. The VMSoar agent is based on Soar, a mature cognitive architecture that is used in universities and corporations around the world