Research Team Status

• Names of researchers and position 
  (e.g. Research Scientist, PostDoc, Student (Undergrad/Masters/PhD))
  • Xenofon Koutsoukos – PI
  • Sandeep Neema – co-PI
  • Gabor Karsai – co-PI
  • Ankita Samaddar- Postdoctoral Scholar
  • Nicholas Potteiger – PhD student
  • Hunter Bergstrom – MS student
     
• Any new collaborations with other universities/researchers?
  • Collaboration with the DARPA CASTLE project at Vanderbilt and University of Virginia for evaluation of the neurosymbolic cyber-agents using a realistic emulation testbed.

Project Goals

• What is the current project goal?
  • Design of robust cyber-defense agents using evolving behavior trees (EBTs).
  • Development of runtime assurance methods for determining the confidence of EBT-agent actions.
  • Evaluation of the EBT-based agents in computer network defense scenarios based in the CybORG simulation environment and in the Vanderbilt emulation testbed developed under the DARPA CASTLE.
     
• How does the current goal factor into the long-term goal of the project?
  • The current goals address the development of the agent architecture including the required learning methods, runtime assurance, and demonstration and evaluation which are the main tasks of the year 1 base period. 

Accomplishments

• Address whether project milestones were met. If milestones were not met, explain why, and what are the next steps.
  • Project milestones are met with respect to both the agent architecture and the demonstration/evaluation. The development of runtime assurance methods is in-progress, and it is expected to be completed by the end of year 1 base period.
  • In summary, we developed an approach to design autonomous cyber defense agents using behavior trees with learning-enabled components, which we refer to as Evolving Behavior Trees (EBTs). We learn the structure of an EBT with a novel abstract cyber environment and optimize learning-enabled components for deployment. The learning-enabled components are optimized for adapting to various cyber-attacks and deploying security mechanisms. The learned EBT structure is evaluated in the abstract cyber environment demonstrating success in efficient mitigation and visibility of a network. For deployment, we developed a software architecture for evaluating EBT-based agents in computer network defense scenarios using simulation and emulation.
     
• What is the contribution to foundational cybersecurity research? Was there something discovered or confirmed?
  • Our results demonstrate that the EBT-based agent is robust to adaptive cyber-attacks and provides high-level explanations for interpreting its decisions and actions.
     
• Impact of research
  • Internal to the university (coursework/curriculum)
  • External to the university (transition to industry/government (local/federal); patents, start-ups, software, etc.)
    • The neurosymbolic cyber-defense agents are evaluated using the emulation testbed developed at Vanderbilt under the DARPA CASTLE program. The impact of this research is beneficial not only  for improving the design of the cyber-agents but also for validation of the emulation testbed.
  • Any acknowledgements, awards, or references in media?

Publications and presentations

• Add publication reference in the publications section below. An authors copy or final should be added in the report file(s) section. This is for NSA's review only.
• Optionally, upload technical presentation slides that may go into greater detail. For NSA's review only.