Toward Using Intelligent Agents to Detect, Assess, and Counter Cyberattacks in a Network-Centric Environment

Abstract : The network-centric warfare philosophy is becoming more firmly entrenched in US military doctrine and operations. As a result, the state and trustworthiness of the network and its computational resources are becoming even more important for commanders, particularly as the network itself is becoming an ever more lucrative target for cyber attack. In cyberspace, however, given human limitations and the fact that intelligent agents (computer viruses, worms, etc.) execute most cyber attacks, we argue that the netcentric environment will require computerized agents to detect, assess, and respond to cyber attacks. A significant portion of day-to-day network operations will have to be allocated to intelligent agents (or computer-generated forces (CGFs)). These CGFs will have to determine the types of attacks that are underway, the targets of the attacks, the appropriate responses to the attacks, the prioritization of the responses, the erection of defenses against secondary attacks, the response to the primary attack(s), and for the overall management of the response.