'Cybot' Development For Network Defense
Date: 2/22/2009 10:49 am
Rating: 0 Rate [ | ]
Oak Ridge explores cybots
- By William Jackson
- Feb 19, 2009
Team works to develop collaborative intelligent agents to monitor networks
Imagine being able to deploy an army of software robots intelligent enough to cooperate with one another to monitor and defend the largest networks. Instead of independent devices doing a single task and reporting to a central console, the cybots would collaborate to accomplish their missions.
That is the goal of the Ubiquitous Network Transient Autonomous Mission Entities program that a team of researchers is developing at Oak Ridge National Laboratory.
“UNTAME is a distributed, intelligent framework,” said Joe Trien of the lab’s Computational Sciences and Engineering Division. The prototype network supports existing commercial tools and security devices, enabling traditional point-to-point solutions to cooperate and provide situational awareness and response capabilities in near real time.
UNTAME is the product of a long-term program by the division’s Cyber Security and Information Intelligence Research Group to develop futuristic security functionality for increasingly large, complex environments. The cybots differ from traditional software agents in that they form a collective and are aware of the condition and activities of other cybots in the collective.
“You give it a mission and tools to work with, such as mobility and intrusion sensors, and it uses those tools and cooperates with other cybots to accomplish the mission,” said Lawrence MacIntyre, one of the project’s developers.
“A cybot is more intelligent than an agent,” said Trien, the team’s leader. “When you lose an agent, you’ve lost it. But a cybot is intended to work with other cybots, continue their mission or regenerate when necessary so they can pick up where one left off.”
The advantage of an autonomous system that can work across an enterprise is clear, but it’s not a concept that commercial product developers have embraced, MacIntyre said.
“Most enterprise-capable solutions are centrist,” he said. “They want a single point of control.”
The concept of mobile, autonomous software is a little frightening, Trien said.
“When you tell people you’ve got this software that roams, the first thing they think of is a worm,” he said.
But Trien prefers to think of UNTAME as similar to the Borg, the cyborg collective in the TV show “Star Trek: The Next Generation” that swept the galaxy assimilating other cultures. But UNTAME is not malicious: Cybots are bound by their mission directives, which could include jobs such as network monitoring and discovery, intrusion detection, and data management.
So far, there is little danger of the cybots getting out of control.
“UNTAME at this point is a prototype system,” Trien said. “It has only been tested in an isolated lab network.”
There are challenges to taking the system to the next level and demonstrating it on an operational network, Trien said. UNTAME will need to operate with little network overhead so that it is transparent. Someone will need to scrutinize the code until it has reached the “almost shrink-wrapped” stage, and the cybots must be tested to ensure that they do not do anything unexpected, he said.
“We don’t want to launch UNTAME on a real network and find it shuts everything down,” Trien said.
Those activities will require more resources than the Oak Ridge group has, and the developers are hoping to find funding to advance the project. They have been in touch with the Air Force Research Laboratory but have not yet gotten any commitments.
“We think that with appropriate resources, we could have this out in two years,” Trien said. “We’ve spent 10 years doing this.”
He said there is some urgency in developing UNTAME. “We know we can do this,” he said. “That means other people can do it.” U.S. government officials assume that other countries are working on cyber warfare capabilities. “If we don’t deploy this to defend the enterprise, someone else could turn this around and use it as an offensive weapon.”