Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Previous Work
Current and Future Work
Summary
References
All Topics
Law
Jurisprudence

A Cognitive Approach to Intrusion Detection

Profile image of Paul BenjaminPaul Benjamin

2007, 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications

https://doi.org/10.1109/CISDA.2007.368149
visibility

description

8 pages

link

1 file

Abstract

The VMSoar project at Pace University is building a cognitive agent for cybersecurity. The project's objective is to create an intelligent agent that can model and understand the activities of users who are on the network, and that can communicate with network administrators in English to alert them to illegal or suspicious activities. VMSoar can understand users' activities because it is capable of performing these activities itself. It knows how to perform both legal and illegal activities, and uses this knowledge to explore simulations of the activity on a network. It can also probe information stored on a machine to assess the legality of past activity. Research in cybersecurity is difficult is due to the extremely large amount of data that must be analyzed to detect illegal activities. In addition, new exploits are developed frequently. Most current projects in this area are attempting to build some level of intelligence into their systems; however, those projects are focusing primarily on statistical data mining approaches. The VMSoar project is unique in its approach to building an intelligent security agent. The VMSoar agent is based on Soar, a mature cognitive architecture that is used in universities and corporations around the world. I.

Related papers

CSEIT1722265 | Artificial Intelligence in Cyber Security
Amit Rajbanshi

Cyber-attackers unit investment automation technology to launch strikes, whereas many organisations unit still victimisation manual efforts to mixture internal security findings and contextualising them with external threat data. Victimisation these ancient ways that, it'll take weeks or months to sight intrusions, throughout that amount attackers can exploit vulnerabilities to compromise systems and extract info. To wear down these challenges, progressive organisations unit exploring the employment of AI (AI) in their regular cyber risk management operations. The speed of processes and conjointly the amount of data to be used in defensive the cyberspace can't be handled by humans whereas not sizeable automation. However, it's hard to develop code with customarily mounted algorithms (hard-wired logic on deciding level) for effectively defensive against the dynamically evolving attacks in networks. this instance is also handled by applying methods of computing that supply...

View PDFchevron_right
Cognitive artificial intelligence application to cyber defense
Arwin Sumari

IOP Conference Series: Materials Science and Engineering, 2020

Predicting or estimating the occurrence of a cyberattack has been a challenge for various sectors including defense one. In this paper we propose a new method for making a prediction or an estimation of the occurrence of cyberattacks in terms of the attack type or category and when the attack(s) would be possible to occur. Our method based on Cognitive Artificial Intelligence (CAI) approach called as Knowledge Growing System (KGS). For this purpose, we did a simulation using random numbers which were generated based on the real data from UNSW-NB15. From the simulation results, we can conclude that CAI is able to deliver a prediction or an estimation of the occurrence of future possible cyberattacks.

View PDFchevron_right
Categorization of malicious behaviors using ontology-based cognitive agents
Umar Manzoor

Data & Knowledge Engineering, 2013

Every organization uses computer networks (consisting of networks of networks) for resource sharing (i.e. printer, files, etc.) and communication. Computer networks today are increasingly complex, and managing such networks requires specialized expertise. Monitoring systems help network administrators in monitoring and protecting their network by not allowing users to run illegal application or changing the configuration of network nodes. In this paper we have developed an agent based system for activity monitoring on networks (ABSAMN) and proposed Categorization of Malicious Behaviors using Cognitive Agents (CMBCA). This uses ontology to predict unknown illegal applications based on known illegal application behaviors. CMBCA is an intelligent multi agent system used to detect known and unknown malicious activities carried out users over the network. We have compared An Agent Based System for Activity Monitoring on Network (ABSAMN) and Categorization of Malicious Behaviors using Cognitive Agents (CMBCA) concurrently at the university campus having seven labs equipped with 20 to 300 PCs in various labs. Both systems were tested on the same configuration; results indicate that CMBCA outperforms ABSAMN in every aspect.

View PDFchevron_right
Intelligent agents for intrusion detection
Vasant G Honavar

Information Technology …, 1998

This paper focuses on intrusion detection and countermeasures with respect to widely-used operating systems and networks. The design and architecture of an intrusion detection system built from distributed agents is proposed to implement an intelligent system on which data mining can be performed to provide global, temporal views of an entire networked system.

View PDFchevron_right
Using AI for Intrusion Detection and Threat Intelligence: Enhancing Enterprise Security in the Digital Age
Anil Malipeddi

ISJEM, 2024

The rise of cyber threats has underscored the need for advanced tools that can predict, detect, and respond to security incidents with minimal human intervention. Artificial Intelligence (AI) is now at the forefront of such tools, transforming intrusion detection and threat intelligence systems with its ability to analyze vast amounts of data, learn from patterns, and adapt to emerging threats. This article explores how AI is reshaping intrusion detection systems (IDS) and threat intelligence platforms, examining the methods, advantages, and challenges associated with AI-driven security systems. Through AI, enterprises can strengthen their cyber defenses by enabling proactive, real-time responses to increasingly sophisticated cyber threats.

View PDFchevron_right
Complementary Approaches to Instructable Agents for Advanced Persistent Threats Detection
Gheorghe Tecuci

2020

Large CSOCs (cybersecurity operation centers) must analyze tens of thousands of security incidents per day. Not only that there are not enough cybersecurity analysts available but the average cost of a cybersecurity analyst keeps going up. This paper presents a novel approach to the detection of APTs (advanced persistent threats), where an expert cybersecurity analyst directly teaches (rather than programs) a cognitive agent how to investigate cybersecurity alerts, as the analyst would teach a student, through explained examples of investigations. It then presents two complementary instantiations of this approach, as implemented in ADONIS (Automating the ATT&CKTM-based Detection Of Novel Network Intrusions System) and CAAPT (Cognitive Agent for APT detection). ADONIS detects adversary’s behavior in terms of MITRE’s ATT&CK (Adversarial Tactics, Techniques & Common Knowledge), independent of specific malware and tools. It can therefore detect novel intrusions, but is expected to be le...

View PDFchevron_right
Threats and Opportunities with AI-based Cyber Security Intrusion Detection: A Review
Dr. Bibhu Dash

International Journal of Software Engineering & Applications

Internet usage has increased quickly, particularly in the previous decade. With the widespread use of the internet, cybercrime is growing at an alarming rate in our daily lives. However, with the growth of artificial intelligence (AI), businesses are concentrating more on preventing cybercrime. AI is becoming an essential component of every business, affecting individuals worldwide. Cybercrime is one of the most prominent domains where AI has begun demonstrating valuable inputs. As a result, AI is being deployed as the first line of defense in most firms' systems. Because AI can detect new assaults faster than humans, it is the best alternative for constructing better protection against cybercrime. AI technologies also offer more significant potential in the development of such technology. This paper discusses recent cyber intrusions and how the AI-enabled industry is preparing to defend itself in the long run.

View PDFchevron_right
Anomaly Detection Under Cognitive Security Model
Susana Cadena

2020

Cybersecurity attacks are considered among the top five of risks worldwide, according to the World Economic Forum in the year 2019. This context has generated the need to improve the tasks of cybersecurity defense in organizations. Improving the effectiveness in executing a cybersecurity task requires three pillars: people, processes and technologies. The proposal in this work is to analyze the integration of these three components as a strategy to improve the effectiveness of the execution of operational tasks in cyber defense, specifically the detection of anomalies. Based on the foundation that: cybersecurity operational tasks carried out daily by analysts require the use of cognitive processes, and that the use of techniques based on technologies such as machine learning, data mining and data science have generally been used to automate cybersecurity tasks, we have considered the use of cognitive security, as a strategy to improve the anomaly detection process, taking into account the cognitive processes and skills that are executed by the security analyst.

View PDFchevron_right
IMPLEMENTING AGENTS FOR INTRUSION DETECTION
Dan Marian

2010

Many advanced techniques have been developed recently to help fight against intrusion. Significant power in this direction can be gained by better taking advantage of the patterns available in the data passing through the network. We have conceived various software agents, distributed over a network, that are able to collect and filter the data and also consider the firewall rules. Preliminary experiments show a significant gain.

View PDFchevron_right
Computer and Network Security: Ontological and Multi-agent System for Intrusion Detection
Ahmed Aloui

Journal of Digital Information Management

Today the security aspect is a backbone of every computer system, particularly when this system contains sensitive information. When we use our computers and connect to the network or use web services, we trust that our personal and sensitive information (images, passwords, credit card number …etc) are confidential and well secured by the used security system. Unfortunately, the hackers may succeed to gain access to the system and misuse our information. Generally, the aim of the intrusion is to find new ways to annoy, steal and harm parts of computer systems. Moreover, with the possibility of connecting several computers and networks, the necessity of protecting the whole data and machines from attackers (hackers) that try to get some confident information to use for their own benefit or just destroy or modify valuable information was born. At this point IDS appears to help users, companies or institutions to detect when they are getting compromised. In this paper, we develop an intrusion detection system using multi agent system, ontological techniques (IDSMAO) and misuse method.

View PDFchevron_right

References (19)

  1. 01:10:23.445709 192.168.1.14.38931 > 192.168.1.15.711: S 1354789686:1354789686(0) win 5840 <mss 1460,sackOK,timestamp 8958340 0,nop,wscale 0> (DF) 01:10:23.445709 192.168.1.14.38932 > 192.168.1.15.3005: S 358598610:1358598610(0) win 5840 <mss 1460,sackOK,timestamp 8958340 0,nop,wscale 0> (DF) 01:10:23.445709 192.168.1.14.38933 > 192.168.1.15.4500: S 359735835:1359735835(0) win 5840 <mss 1460,sackOK,timestamp 8958340 0,nop,wscale 0> (DF) 01:10:23.445709 192.168.1.14.38934 > 192.168.1.15.1353: S 363526429:1363526429(0) win 5840 <mss 1460,sackOK,timestamp 8958340 0,nop,wscale 0> (DF) 01:10:23.445709 192.168.1.15.711 > 192.168.1.14.38931: R 0:0(0) ack 1354789687 win 0 01:10:23.445709 192.168.1.15.3005 > 192.168.1.14.38932: R 0:0(0) ack 1358598611 win 0 01:10:23.445709 192.168.1.15.4500 > 192.168.1.14.38933: R 0:0(0) ack 1359735836 win 0 01:10:23.445709 192.168.1.15.1353 > 192.168.1.14.38934: R 0:0(0) ack 1363526430 win 0 REFERENCES
  2. K. Avijit, P. Gupta, and D. Gupta. "Tied, libsafeplus: Tools for runtime buffer overflow protection", in USENIX Security Symposium, August 2004.
  3. Axelsson, Stefan, Intrusion Detection Systems: A Survey and Taxonomy, Technical Report No 99-15, Dept. of Computer Engineering, Chalmers University of Technology, Sweden, 2000.
  4. Balasubramanian, J. S., Garcia-Fernandez, J. O., Isacoff, D., Spafford, E., and Zamboni, D., An Architecture for Intrusion Detection using Autonomous Agents, Proceedings of the Fourteenth Annual Computer Security Applications Conference, 1998.
  5. Benjamin, D. Paul, Lonsdale, Deryle, and Lyons, Damian, Designing a Robot Cognitive Architecture with Concurrency and Active Perception, Proceedings of the AAAI Fall Symposium on the Intersection of Cognitive Science and Robotics, Washington, D.C., October, 2004.
  6. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. "Stack-Guard: automatic adaptive detection and prevention of buffer- overflow attacks", in Proceedings of the 7th USENIX Security Symposium, January, 1998.
  7. C. Cowan, M. Barringer, S. Beattie, and G. Kroah-Hartman. "FormatGuard: automatic protection from printf format string vulnerabilities", in Proceedings of the 10th USENIX Security Symposium, August 2001.
  8. Green, Nancy, and Lehman, Jill F., An Integrated Discourse Recipe-Based Model for Task-Oriented Dialogue, Discourse Processes, 33(2), pp.133-158, 2002.
  9. Kanlayasiri, U., Sanguanpong, S., and Jaratmanachot, W., A Rule-based Approach for Port Scanning Detection, in Proceedings of the 23rd Electrical Engineering Conference, Chiang Mai Thailand, 2000.
  10. H.-A. Kim and B. Karp, "Autograph: toward automated, distributed worm signature detection", in Proceedings of the 13th USENIX Security Symposium, August 2004.
  11. Laird, J.E., Newell, A. and Rosenbloom, P.S., Soar: An Architecture for General Intelligence, Artificial Intelligence 33, pp.1-64, 1987.
  12. Lee, Wenke, Christopher T. Park , Salvatore J. Stolfo, Automated Intrusion Detection Using NFR: Methods and Experiences, in Proceedings of the Workshop on Intrusion Detection and Network Monitoring, p.63-72, 1999.
  13. Lonsdale and C. Anton Rytting, Integrating WordNet with NL-Soar, WordNet and other lexical resources: Applications, extensions, and customizations; Proceedings of NAACL- 2001; Association for Computational Linguistics, 2001.
  14. Marsella, Stacy, Jonathan Gratch and Jeff Rickel, Expressive Behaviors for Virtual Worlds, Life-like Characters Tools, Affective Functions and Applications, Helmut Prendinger and Mitsuru Ishizuka (Editors), Springer Cognitive Technologies Series, 2003.
  15. Me, Ludovic, and Michel, Cedric, Intrusion Detection: A Bibliography, In Technical Report SSIR-2001-01, Sup'elec, Rennes, France, 2001.
  16. Miller, C. S., Modeling Concept Acquisition in the Context of a Unified Theory of Cognition, EECS, Ann Arbor, University of Michigan, 1993.
  17. Nelson, G., Lehman, J.F., and John, B.E., Integrating cognitive capabilities in a real-time task, In Proceedings of the Sixteenth Annual Conference of the Cognitive Science Society. Atlanta, GA, August, 1994.
  18. Newell, Allen, Unified Theories of Cognition, Harvard University Press, Cambridge, Massachusetts, 1990.
  19. Rosenbloom, P.S., Johnson, W.L., Jones, R.M., Koss, F., Laird, J.E., Lehman, J.F., Rubinoff, R., Schwamb, K.B., and Tambe, M., Intelligent Automated Agents for Tactical Air

Related papers

VMSoar: a cognitive agent for network security
Paul Benjamin

Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, 2005

VMSoar is a cognitive network security agent designed for both network configuration and long-term security management. It performs automatic vulnerability assessments by exploring a configuration's weaknesses and also performs network intrusion detection. VMSoar is built on the Soar cognitive architecture, and benefits from the general cognitive abilities of Soar, including learning from experience, the ability to solve a wide range of complex problems, and use of natural language to interact with humans. The approach used by VMSoar is very different from that taken by other vulnerability assessment or intrusion detection systems. VMSoar performs vulnerability assessments by using VMWare to create a virtual copy of the target machine then attacking the simulated machine with a wide assortment of exploits. VMSoar uses this same ability to perform intrusion detection. When trying to understand a sequence of network packets, VMSoar uses VMWare to make a virtual copy of the local portion of the network and then attempts to generate the observed packets on the simulated network by performing various exploits. This approach is initially slow, but VMSoar's learning ability significantly speeds up both vulnerability assessment and intrusion detection. This paper describes the design and implementation of VMSoar, and initial experiments with Windows NT and XP.

View PDFchevron_right
An Experimental Intrusion Detection Prototype based on Cognitive Architectures
Catriona Kennedy

2008

An important area of Artificial Intelligence is concerned with the integration of sensing, reasoning, selfmonitoring and action into a single cognitive architecture capable of surviving in a hostile environment. So far, this approach has mostly been applied to visio-spatial domains such as robotics and agents in an artificial world. We argue that the study of "complete" cognitive systems also has value for intrusion detection systems. We also present a distributed agent-based prototype that was first developed in a simulated network and is currently being developed further in a physical test network. We conclude that the cognitive systems methodology leads to an integrated high level view of both the IDS and the protected system. This can make it easier to identify limitations and weaknesses than is the case with typical IDS packages.

View PDFchevron_right
Using a Cognitive Architecture to Automate Cyberdefense Reasoning
Partha Pal

Bio-inspired, Learning, and Intelligent Systems for Security, 2008

The CSISM project is designing and implementing an automated cyberdefense decision-making mechanism with expert-level ability. CSISM interprets alerts and observations and takes defensive actions to try to ensure the survivability of the computing capability of the network. The project goal is a difficult one: to produce expert-level response in realtime with uncertain and incomplete information. Our approach is to emulate human reasoning and learning abilities by using a cognitive architecture to embody the reasoning of human cyberdefense experts. This paper focuses on the cognitive reasoning component of CSISM.

View PDFchevron_right
Alba: A cognitive assistant for network administration
francisco martin

2003

We are developing a first prototype of an agent-aided intrusion detection tool called Alba (ALert BArrage) that assists a network administrator's decision making, reducing the burdensome output produced by current intrusion detection systems (IDSes). This work describes the cognitive machinery that allows Alba to reason about computer security incidents and learn the salient features of an incident so that they can be later employed to recognize similar situations and predict the likely effects of a new attack. ¤ On sabbatical leave from iSOCO-Intelligent Software Components, S. A.

View PDFchevron_right
Cognitive Approaches to Policy Based Intrusion Defence
Catriona Kennedy

SCHOOL OF COMPUTER SCIENCE RESEARCH …, 2005

This is a discussion paper on design options for the application of distributed cognitive agents to intrusion defence systems. Intrusion defence includes not only detection but also automated responses and proactive reconfigurations. If the system is to have some autonomy, it needs cognitive capabilities such as sensing, reasoning, planning and acting. Adaptation and focussing of attention are also critically important.

View PDFchevron_right

Related topics

  • Computer Science
  • Computer Security
  • Principle of Legality
  • Intrusion Detection System
    • 580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved