KI - Künstliche Intelligenz

, Volume 26, Issue 2, pp 127–140 | Cite as

Sol: An Agent-Based Framework for Cyber Situation Awareness

  • Jeffrey M. Bradshaw
  • Marco Carvalho
  • Larry Bunch
  • Tom Eskridge
  • Paul J. Feltovich
  • Matt Johnson
  • Dan Kidwell


In this article, we describe how we augment human perception and cognition through Sol, an agent-based framework for distributed sensemaking. We describe how our visualization approach, based on IHMC’s OZ flight display, has been leveraged and extended in our development of the Flow Capacitor, an analyst display for maintaining cyber situation awareness, and in the Parallel Coordinates 3D Observatory (PC3O or Observatory), a generalization of the Flow Capacitor that provides capabilities for developing and exploring lines of inquiry. We then introduce the primary implementation frameworks that provide the core capabilities of Sol: the Luna Software Agent Framework, the VIA Cross-Layer Communications Substrate, and the KAoS Policy Services Framework. We show how policy-governed agents can perform much of the tedious high-tempo tasks of analysts and facilitate collaboration. Much of the power of Sol lies in the concept of coactive emergence, whereby a comprehension of complex situations is achieved through the collaboration of analysts and agents working together in tandem. Not only can the approach embodied in Sol lead to a qualitative improvement in cyber situation awareness, but its approach is equally relevant to applications of distributed sensemaking for other kinds of complex high-tempo tasks.


Cyber security Teamwork Software agents Policy management Resilience Coactive design Emergence Joint activity Sensemaking 


  1. 1.
    Bergen JR (1991) Theories of visual texture perception. In: Regan D (ed) Spatial vision: vision and visual dysfunction, vol 10. CRC Press, Boca Raton, pp 71–92 Google Scholar
  2. 2.
    Bradshaw JM, Feltovich P, Johnson M (2011) Human-agent interaction. In: Boy G (ed) Handbook of human-machine interaction. Ashgate, London, pp 283–302 Google Scholar
  3. 3.
    Bradshaw JM (1997) An introduction to software agents. In: Bradshaw JM (ed) Software agents. AAAI Press/MIT Press, Cambridge, pp 3–46 Google Scholar
  4. 4.
    Bradshaw JM (ed) (1997) Software agents. AAAI Press/MIT Press, Cambridge Google Scholar
  5. 5.
    Bradshaw JM, Carvalho M (2011) Policy services in the cloud: Leveraging dynamically-bounded emergence. In: Workshop on safe in the clouds: biologically-inspired approaches to system resilience and security, Ocala, FL, March 2011 Google Scholar
  6. 6.
    Bratman J, Shvartsman M, Lewis RL, Singh S (2010) A new approach to exploring language emergence as boundedly optimal control in the face of environmental and cognitive constraints. In: Proceedings of the 10th international conference on cognitive modeling (ICCM) Google Scholar
  7. 7.
    Byrski A, Carvalho M (2008) Agent-based immunological intrusion detection system for mobile ad-hoc networks. In: Proceedings of the 8th international conference on computational science, Part III (ICCS ’08). Springer, Berlin, pp 584–593 Google Scholar
  8. 8.
    Carvalho M (2009) A distributed reinforcement learning approach to mission survivability in tactical MANETs. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research (CSIIRW ’09), New York, NY, USA, pp 1–4 CrossRefGoogle Scholar
  9. 9.
    Carvalho M, Dasgupta D, Grimaila M, Perez C (2011) Mission resilience in cloud computing: a biologically inspired approach. In: Proceedings of the sixth international conference on information warfare and security Google Scholar
  10. 10.
    Carvalho M, Granados A, Perez C, Arguedas M, Winkler R, Kovach J, Choy S (2009) A cross-layer communications susbtrate for tactical environments. In: P McDermott, L Allender (eds), Chap 5: Collaborative technologies alliance. Advanced decisions architecture Google Scholar
  11. 11.
    Carvalho M, Granados A, Usbeck K, Loyall J, Gillen M, Sinclair A, Hanna JP (2011) Integrated information and network management for end-to-end quality of service. In: Proceedings of MILCOM Google Scholar
  12. 12.
    Carvalho M, Lamkin T, Perez C (2010) Organic resilience for tactical environments. In: 5th international ICST conference on bio-inspired models of network, information, and computing systems (Bionetics), Boston, MA, December Google Scholar
  13. 13.
    Carvalho M, Perez C (2011) An evolutionary multi-agent approach to anomaly an evolutionary multi-agent approach to anomaly detection and cyber defense. In: Proceedings of the 7th annual workshop on cyber security and information intelligence research (CSIIRW ’11), New York, NY, USA, September. ACM, New York Google Scholar
  14. 14.
    Carvalho M, Rebeschini M, Horsley J, Suri N, Cowin T, Breedy M (2005) MAST: intelligent roaming guards for network and host security. Scientia 16(2):125–138 Google Scholar
  15. 15.
    Systems Cisco (2007) Netflow services solution guide.
  16. 16.
    Eskridge TC, Lecoutre D, Johnson M, Bradshaw JM (2009) Network situation awareness: a representative study. In: Proceedings of the fourth workshop on human-computer interaction and visualization (HCIV 2009), Kaiserslautern, Germany, 2 March 2009 Google Scholar
  17. 17.
    Feltovich P, Bradshaw JM, Jeffers R, Suri N, Uszok A (2004) Social order and adaptability in animal and human cultures as an analogue for agent communities: toward a policy-based approach. In: Engineering societies in the agents world IV. Lecture notes in artificial intelligence, vol 3071. Springer, Berlin, pp 21–48 CrossRefGoogle Scholar
  18. 18.
    Feltovich PJ, Bradshaw JM, Clancey WJ, Johnson M (2006) We regulate to coordinate: limits to human and machine joint activity. In: Proceedings of ESAW 2006, Dublin, Ireland, 6–8 September 2006 Google Scholar
  19. 19.
    Feltovich PJ, Bradshaw JM, Clancey WJ, Johnson M, Bunch L (2008) Progress appraisal as a challenging element of coordination in human and machine joint activity. In: Artikis A, O’Hare GMP, Stathis K, Vouros G (eds) Engineering societies in the agents world VIII. Lecture notes in computer science. Springer, Heidelberg, pp 124–141 CrossRefGoogle Scholar
  20. 20.
    Ford KM, Bradshaw JM, Adams-Webber JR, Agnew NM (1993) Knowledge acquisition as a constructive modeling activity. In: Ford KM, Bradshaw JM (eds) Knowledge acquisition as modeling. Wiley, New York, pp 9–32 Google Scholar
  21. 21.
    Cabri G, Leonardi L, Zambonelli F (2000) Weak and strong mobility in mobile agents applications. In: 2nd international conference and exhibition on the practical application of Java, April 2000 Google Scholar
  22. 22.
    Hoffman R, Feltovich P, Ford KM, Woods DD, Klein G, Feltovich A (2002) A rose by any other name… would probably be given an acronym. IEEE Intelligent Systems, July–August 2002, pp 72–80 Google Scholar
  23. 23.
    Holland JH (1998) Emergence: from chaos to order. Addison-Wesley, Reading zbMATHGoogle Scholar
  24. 24.
    Johnson M, Bradshaw JM, Feltovich P, Jonker C, van Riemsdijk B (2011, in press) The fundamental principle of coactive design: interdependence must shape autonomy. In: Proceedings of COIN. Springer, Berlin Google Scholar
  25. 25.
    Johnson NE (1989) Mediating representations in knowledge elicitation. In: Diaper D (ed) Knowledge elicitation: principles, techniques and applications. Wiley, New York Google Scholar
  26. 26.
    Kaplan A (1963) The conduct of inquiry. Harper & Row, New York Google Scholar
  27. 27.
    Khronos Group (2011)
  28. 28.
    Klein G, Feltovich PJ, Bradshaw JM, Woods DD (2004) Common ground and coordination in joint activity. In: Rouse WB, Boff KR (eds) Organizational simulation. Wiley, New York, pp 139–184 Google Scholar
  29. 29.
    Klein G, Woods DD, Bradshaw JM, Hoffman R, Feltovich P (2004) Ten challenges for making automation a team player in joint human-agent activity. IEEE Intell Syst 19(6):91–95 November–December CrossRefGoogle Scholar
  30. 30.
    Langton CG (ed) (1989) Artificial life. Santa Fe institute studies in the sciences of complexity, vol 6. Addison-Wesley, Reading Google Scholar
  31. 31.
    Leibowitz H, Shupert CL (1984) Low luminance and spatial orientation. In: Proceedings of the tri-service aeromedical research panel fall technical meeting. NAMRL monograph, vol 33. Naval Aerospace Medical Research Laboratory, Pensacola, pp 97–104 Google Scholar
  32. 32.
    Leibowitz H, Shupert CL, Post (1984) The two modes of visual processing: implications for spatial orientation. In Peripheral vision horizon display (PVHD), NASA conference publication 2306 (pp 41–44). Dryden Flight Research Facility, NASA Ames Research Center, Edwards Air Force Base, CA Google Scholar
  33. 33.
    Lind M (1996) Perceiving motion and rigid structure from optic flow: a combined weak-perspective and polar-perspective approach. Percept Psychophys 58:1085–1102 CrossRefGoogle Scholar
  34. 34.
    Lott J, Bradshaw JM, Uszok A, Jeffers R (2004) Using KAoS policy and domain services within Cougaar. Presented at the Proceedings of the open Cougaar conference, New York City, NY, 20 July 2004, pp 89–95 Google Scholar
  35. 35.
    Loyall J, Gillen M, Paulos A, Bunch L, Carvalho M, Edmondson J, Schmidt D, Martignoni A III, Sinclair A (2011) Dynamic policy-driven quality of service in service-oriented information management systems. Softw Pract Exp 41(12):1459–1489 CrossRefGoogle Scholar
  36. 36.
    Moore DT (2011) Sensemaking: a structure for an intelligence revolution. Clift series on the intelligence profession. National Defense Intelligence College, Washington Google Scholar
  37. 37.
    Müller-Schloer C (2004) Organic computing on the feasibility of controlled emergence. In: Proceedings of the international conference on hardware/software codesign and system synthesis, CODES+ISSS ’04. IEEE Comput Soc, Washington, pp 2–5 CrossRefGoogle Scholar
  38. 38.
    Pollick FE (1997) The perception of motion and structure in structure-from-motion: comparisons of affine and Euclidean formulations. Vis Res 37:447–466 CrossRefGoogle Scholar
  39. 39.
    Siddiqi K, Tresness KJ, Kimia BB (1996) Parts of visual form: psychophysical aspects. Perception 25:399–424 CrossRefGoogle Scholar
  40. 40.
    Smith CF (2008) The effect of functional display information on the acquisition and transfer of novice piloting knowledge. PhD Dissertation in psychology. George Mason University, Fairfax, Google Scholar
  41. 41.
    Smith CF, Boehm-Davis DA (2005) Improving novice flight performance using a functional flight display. In: Proceedings of the international symposium on aviation psychology 13th annual meeting, Oklahoma City, OK Google Scholar
  42. 42.
    Smith CF, Fadden S et al. (2005) Use of a functional avionics display under varying conditions of workload. In: Proceedings of the human factors and ergonomics society 49th annual meeting, Orlando, FL Google Scholar
  43. 43.
    Still DL, Temme LA (2003) OZ: A human-centered computing cockpit display. In: Interservice/industry training, simulation & education conference (I/ITSEC), Orlando, FL Google Scholar
  44. 44.
    Still DL, Eskridge TC, Temme LA (2004) Interface for non-pilot UAV control. In: Cooke NJ (ed) Human factors of UAVs workshop, Mesa, AZ Google Scholar
  45. 45.
    Temme LA, Still DL, Acromite M (2003) OZ: a human-centered computing cockpit display. In: 45th annual conference of the international military testing association, Pensacola, FL, pp 70–90 Google Scholar
  46. 46.
    Thibos LN, Still DL, Bradley A (1996) Characterization of spatial aliasing and contrast sensitivity in peripheral vision. Vis Res 36:249–258 CrossRefGoogle Scholar
  47. 47.
    Uszok A, Bradshaw JM, Breedy MR, Bunch L, Feltovich P, Johnson M, Jung H (2008) New developments in ontology-based policy management: increasing the practicality and comprehensiveness of KAoS. In: Proceedings of the 2008 IEEE conference on policy, Palisades, NY, 2008 Google Scholar
  48. 48.
    Uszok A, Bradshaw JM, Lott J, Johnson M, Breedy M, Vignati M, Whittaker K, Jakubowski K, Bowcock J (2011) Toward a flexible ontology-based approach for network operations using the KAoS framework. In: Proceedings of MILCOM 2011, pp. 1108–1114 CrossRefGoogle Scholar
  49. 49.
    van Diggelen J, Bradshaw JM, Johnson M, Uszok A, Feltovich P (2009) Implementing collective obligations in human-agent teams using KAoS policies. In: Proceedings of workshop on coordination, organization, institutions and norms (COIN), IEEE/ACM conference on autonomous agents and multi-agent systems, Budapest, Hungary, 12 May Google Scholar
  50. 50.
    van Diggelen J, Johnson M, Bradshaw JM, Neerincx M, Grant T (2009) Policy-based design of human-machine collaboration in manned space missions. In: Proceedings of the third IEEE international conference on space mission challenges for information technology (SMC-IT), Pasadena, CA, 19–23 July Google Scholar
  51. 51.
    VanderHorn N, Haan B, Carvalho M, Perez C (2010) Distributed policy learning for the cognitive network management system. In: The 2010 military communications conference—unclassified program—cyber security and network management (MILCOM 2010-CSNM), San Jose, California, USA, November Google Scholar
  52. 52.
    Westerinen A (2011) Digital policy management: policy language overview. Presentation at the DPM meeting, 19 January 2011, updated 27 March, 2011 Google Scholar
  53. 53.
    Yin X, Yurcik W et al. (2004) VisFlowConnect: netflow visualizations of link relationships for security situational awareness. In: Proceedings of the 2004 ACM workshop on visualization and data mining for computer security, Washington DC, USA. ACM, New York Google Scholar

Copyright information

© The Author(s) 2012

Authors and Affiliations

  • Jeffrey M. Bradshaw
    • 1
  • Marco Carvalho
    • 1
  • Larry Bunch
    • 1
  • Tom Eskridge
    • 1
  • Paul J. Feltovich
    • 1
  • Matt Johnson
    • 1
  • Dan Kidwell
  1. 1.Florida Institute for Human and Machine Cognition (IHMC)PensacolaUSA

Personalised recommendations