28 March 2005 VMSoar: a cognitive agent for network security
Author Affiliations +
Abstract
VMSoar is a cognitive network security agent designed for both network configuration and long-term security management. It performs automatic vulnerability assessments by exploring a configuration’s weaknesses and also performs network intrusion detection. VMSoar is built on the Soar cognitive architecture, and benefits from the general cognitive abilities of Soar, including learning from experience, the ability to solve a wide range of complex problems, and use of natural language to interact with humans. The approach used by VMSoar is very different from that taken by other vulnerability assessment or intrusion detection systems. VMSoar performs vulnerability assessments by using VMWare to create a virtual copy of the target machine then attacking the simulated machine with a wide assortment of exploits. VMSoar uses this same ability to perform intrusion detection. When trying to understand a sequence of network packets, VMSoar uses VMWare to make a virtual copy of the local portion of the network and then attempts to generate the observed packets on the simulated network by performing various exploits. This approach is initially slow, but VMSoar’s learning ability significantly speeds up both vulnerability assessment and intrusion detection. This paper describes the design and implementation of VMSoar, and initial experiments with Windows NT and XP.
© (2005) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
David P. Benjamin, David P. Benjamin, Ranjita Shankar-Iyer, Ranjita Shankar-Iyer, Archana Perumal, Archana Perumal, "VMSoar: a cognitive agent for network security", Proc. SPIE 5812, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, (28 March 2005); doi: 10.1117/12.602015; https://doi.org/10.1117/12.602015
PROCEEDINGS
9 PAGES


SHARE
Back to Top