Cyc in Use

Publication Date:  Mon, 04/08/2002


April 8, 2002

A top-secret military command, which asked not to be identified, is pickier than most organizations about information security. And it’s one of the first users of CycSecure, the first commercial application of Cycorp Inc.’s Cyc Knowledge Base. The command uses CycSecure to ensure that all relevant patches have been applied to fix known vulnerabilities in its networked computers.

CycSecure taps into a variety of sources, including the U.S. Department of Defense’s Information Assurance Vulnerability Assessment notification program, to keep up to date on all known ways a system can be attacked. It also knows about the military command’s computers and networks and combines that knowledge with the vulnerability information to simulate network attacks. When it spots a potential vulnerability in a computer, it can go out to that box to determine whether it is in fact vulnerable and then recommend the appropriate patch.

“It can plan an attack from the outside or from a disgruntled employee on the inside,” says an information systems security analyst at the command. “It’s pretty amazing.”

She says Austin, Texas-based Cycorp customized CycSecure for the command, but because such customization involves just adding rules and knowledge to the database, it doesn’t require software changes. Cycorp maintains the application for the command now, but eventually the user will be able to take over maintenance itself, she says.

“It’s rule-driven; it’s dynamic; it kind of grows,” she explains. “It keeps up with the attacks that are out there.”

Cycorp CEO Doug Lenat offers this explanation of CycSecure: “Cycorp Cyc knows what are normal, legitimate actions — such as a user renaming one of their own files or changing their password — and what are actions taken by hackers — such as packet-sniffing and spoofing. An attack plan generally includes a large number of ‘normal’ steps and one or more ‘hacker’ steps. Cyc does not have a model of the hacker mentality, such as goals, ego and so on, but it does have the notion that hackers generally want to be undetected, since that motivation accounts for many steps in many plans which would otherwise be missed.”

by Gary H. Anthes