This chapter introduces the concept of Autonomous Intelligent Cyber-defense Agents (AICAs), and briefly explains the importance of this field and the motivation for its emergence. AICA is a software agent that resides on a system, and is responsible for defending the system from cyber compromises and enabling the response and recovery of the system, usually autonomously. The autonomy of the agent is a necessity because of the growing scarcity of human cyber-experts who could defend systems, either remotely or onsite, and because sophisticated malware could degrade or spoof the communications of a system that uses a remote monitoring center. An AICA Reference Architecture has been proposed and defines five main functions: (1) sensing and world state identification, (2) planning and action selection, (3) collaboration and negotiation, (4) action execution and (5) learning and knowledge improvement. The chapter reviews the details of AICA's environment, functions and operations. As AICA is intended to make changes within its environment, there is a risk that an agent's action could harm a friendly computer. This risk must be balanced against the losses that could occur if the agent does not act. The chapter discusses means by which this risk can be managed and how AICA's design features could help build trust among its users.

翻译：本章介绍了自主智能网络防御代理（Autonomous Intelligent Cyber-defense Agents, AICA）的概念，简要阐述了该领域的重要性及其产生的动因。AICA是一种驻留在系统上的软件代理，负责保护系统免受网络入侵侵害，并支持系统的响应与恢复，通常以自主方式运行。由于能够远程或现场保护系统的人类网络安全专家日益稀缺，且恶意软件可能降级或欺骗采用远程监控中心的系统通信，代理的自主性成为必需。本文提出了一个AICA参考架构，定义了五个主要功能：（1）感知与态势识别；（2）规划与动作选择；（3）协作与协商；（4）动作执行；（5）学习与知识改进。本章详细论述了AICA的运行环境、功能及操作流程。由于AICA旨在对其所在环境进行变更，代理的行为可能对友方计算机造成损害。这种风险必须与代理不作为可能产生的损失进行权衡。本章还探讨了管理该风险的方法，以及AICA的设计特性如何帮助建立用户信任。