Intelligent agent representations of Malware: Analysis to prepare for future cyber threats

Abstract

There have been several recent examples of cyber-attacks that contain multiple components and have more advanced approaches than those that cyber-defense teams have become accustomed to. Some of these attacks have characteristics of intelligence and can be modelled as a set of collaborating software components such as those used in intelligent agents. In this paper, we discuss a set of parameters useful for analyzing and characterizing potential advanced cyber threats and for helping cybersecurity experts prepare to defend against them. A set of intelligent agents can be designed to collaborate in order to solve a complex problem, each agent having its own set of knowledge and expertise and being able to respond to requests from other agents for help in solving the problem. An intelligent agent can contain or have access to knowledge about context (e.g. patterns of network traffic) or problem-solving and can use any of the artificial intelligence reasoning techniques that are available to larger, more comprehensive software modules. Some agents are mobile, that is they can move across a network to operate on multiple network nodes. These intelligent agent paradigms can represent advanced threats. For example, intelligent agents as individual intelligent software entities, as a collaborating set, or as a swarm with emergent intelligence could be used to model threats which manifest cyber tactics, techniques and procedures (TTPs). This paper includes an analysis of the design parameters of intelligent agent architectures and the implications of these parameter choices for agent behaviors that can be used for analyzing and testing systems for the purpose of learning to secure them against sophisticated cyber-attacks. In order to motivate and support this analysis we provide a scenario use case which envisions the use of advanced intelligent agent teams for analysis of possible threats and for cybersecurity testing.