Research Team Status
- Names of researchers and position 
 (e.g. Research Scientist, PostDoc, Student (Undergrad/Masters/PhD))- Xenofon Koutsoukos – PI
- Sandeep Neema – co-PI
- Gabor Karsai – co-PI
- Ankita Samaddar- Postdoctoral Scholar
- Robert Canady - Postdoctoral Scholar
- Nicholas Potteiger – PhD student
- Noah Dahle  - PhD student
 
 
- Any new collaborations with other universities/researchers?- Collaboration with the DARPA CASTLE project at Vanderbilt and University of Virginia for evaluation of the neurosymbolic cyber-agents using a realistic emulation testbed.
 
Project Goals
- What is the current project goal?- Design robust cyber-defense agents using evolving behavior trees (EBTs).
- Develop runtime assurance methods for determining the confidence of EBT-agent actions.
- Evaluate the EBT-based agents in computer network defense scenarios based in the CybORG simulation environment and in the Vanderbilt emulation testbed developed under the DARPA CASTLE.
 
 
- How does the current goal factor into the long-term goal of the project?- The current goals address the development of the agent architecture including the required learning methods, runtime assurance, and demonstration and evaluation which are the main tasks of the year 1 base period.
 
Accomplishments
- Address whether project milestones were met. If milestones were not met, explain why, and what are the next steps.- Project milestones are met with respect to both the agent architecture, the runtime assurance, and the demonstration/evaluation. In summary, we developed and demonstrated an approach to design autonomous cyber defense agents using behavior trees with learning-enabled components, which we refer to as Evolving Behavior Trees (EBTs).
- We developed runtime assurance methods for out-of-distribution detection and generalization. The methods can be used to detect shifts from the training distribution and trigger safe actions that improve the agent performance in unknown situations. The developed methods were also used to analyze differences between the CybOrg simulator and the Vanderbilt emulation testbed developed under the DARPA CASTLE program for CAGE Challenge 2.
 
- What is the contribution to foundational cybersecurity research? Was there something discovered or confirmed?- Our results demonstrate that neuro-symbolic models can improve robustness and generalization to adaptive cyber-attacks and can provide high-level explanations for interpreting its decisions and actions. The developed runtime assurance methods can be used to detect shift from the training distribution.
 
 
- Our results demonstrate that neuro-symbolic models can improve robustness and generalization to adaptive cyber-attacks and can provide high-level explanations for interpreting its decisions and actions. The developed runtime assurance methods can be used to detect shift from the training distribution.
- Impact of research- Internal to the university (coursework/curriculum)
- External to the university (transition to industry/government (local/federal); patents, start-ups, software, etc.)- The neurosymbolic cyber-defense agents are evaluated using the emulation testbed developed at Vanderbilt under the DARPA CASTLE program. The impact of this research is beneficial not only for improving the design of the cyber-agents but also for validation of the emulation testbed.
 
- Any acknowledgements, awards, or references in media?
 
Publications and presentations
- Add publication reference in the publications section below. An authors copy or final should be added in the report file(s) section. This is for NSA's review only.
- Optionally, upload technical presentation slides that may go into greater detail. For NSA's review only.
- Ankita Samaddar, Nicholas Potteiger, and Xenofon Koutsoukos. "Out-of-Distribution Detection for Neurosymbolic Autonomous Cyber Agents.” 4th IEEE International Conference on AI in Cybersecurity (ICAIC). Houston, TX, USA. To appear.
Report Materials
                                    
                                                        Files
                      Report File(s)