Features and Operation of an Autonomous Agent for Cyber Defense
This addresses cyber defense for military operations, but it is incremental as it only proposes ideas without implementation or validation.
The paper tackles the problem of securing the Internet of Battlefield Things against cyber threats by proposing an autonomous agent capability, but it does not present concrete results or numbers, focusing instead on a scenario and discussion of challenges.
An ever increasing number of battlefield devices that are capable of collecting, processing, storing, and communicating information are rapidly becoming interconnected. The staggering number of connected devices on the battlefield greatly increases the possibility that an adversary could find ways to exploit hardware or software vulnerabilities, degrading or denying Warfighters the assured and secure use of those devices. Autonomous software agents will become necessities to manage, defend, and react to cyber threats in the future battlespace. The number of connected devices increases disproportionately to the number of cyber experts that could be available within an operational environment. In this paper, an autonomous agent capability and a scenario of how it could operate are proposed. The goal of developing such capability is to increase the security posture of the Internet of Battlefield Things and meet the challenges of an increasingly complex battlefield. This paper describes an illustrative scenario in a notional use case and discusses the challenges associated with such autonomous agents. We conclude by offering ideas for potential research into developing autonomous agents suitable for cyber defense in a battlefield environment.