EMMA: The expert system for munition maintenance

Expert Missile Maintenance Aid (EMMA) is a first attempt to enhance maintenance of the tactical munition at the field and depot level by using artificial intelligence (AI) techniques. The ultimate goal of EMMA is to help a novice maintenance technician isolate and diagnose electronic, electromechanical, and mechanical equipment faults to the board/chassis level more quickly and consistently than the best human expert using the best currently available automatic test equipment (ATE). To this end, EMMA augments existing ATE with an expert system that captures the knowledge of design and maintenance experts. The EMMA program is described, including the evaluation of field-level expert system prototypes, the description of several study tasks performed during EMMA, and future plans for a follow-on program. This paper will briefly address several study tasks performed during EMMA. The paper concludes with a discussion of future plans for a follow-on program and other areas of concern

Wireless Intrusion Detection And Device Fingerprinting Through Preamble Manipulation

A method of establishing a hardware identity of a coordinating device in a wireless network is provided. A standard PHY preamble is modified to a preamble that can be received by the coordinating device having an expected hardware configuration. The modified PHY preamble is transmitted with an association request by a joining device. In response to not receiving a reply containing an association response from the coordinating device by the joining device, determining the hardware configuration of the coordinating device is not the expected hardware configuration. A further method of characterizing a hardware identity of a device in a wireless network is also provided. A request with a modified PHY preamble is transmitted to a device. If a reply is received from the device, characterizing the device as a first hardware type. And, if a reply is not received, characterizing the device as not the first hardware type

Structured P2P Technologies for Distributed Command and Control

The utility of Peer-to-Peer (P2P) systems extends far beyond traditional file sharing. This paper provides an overview of how P2P systems are capable of providing robust command and control for Distributed Multi-Agent Systems (DMASs). Specifically, this article presents the evolution of P2P architectures to date by discussing supporting technologies and applicability of each generation of P2P systems. It provides a detailed survey of fundamental design approaches found in modern large-scale P2P systems highlighting design considerations for building and deploying scalable P2P applications. The survey includes unstructured P2P systems, content retrieval systems, communications structured P2P systems, flat structured P2P systems and finally Hierarchical Peer-to-Peer (HP2P) overlays. It concludes with a presentation of design tradeoffs and opportunities for future research into P2P overlay systems

RC-Chord: Resource Clustering in a Large-Scale Hierarchical Peer-to-Peer System

Conducting data fusion and Command and Control (C2) in large-scale systems requires more than the presently available Peer-to-Peer (P2P) technologies provide. Resource Clustered Chord (RC-Chord) is an extension to the Chord protocol that incorporates elements of a hierarchical peer-to-peer architecture to facilitate coalition formation algorithms in large-scale systems. Each cluster in this hierarchy represents a particular resource available for allocation, and RC-Chord provides the capabilities to locate agents of a particular resource. This approach improves upon other strategies by including support for abundant resources, or those resources that most or all agents in the system possess. This scenario exists in large-scale coalition formation problems, and applies directly to the United States Air Force\u27s CyberCraft project. Simulations demonstrate that RC-Chord scales to systems of one million or more agents, and can be adapted to serve as a deployment environment for CyberCraft

Large-scale Cooperative Task Distribution on Peer-to-Peer Networks

Large-scale systems are part of a growing trend in distributed computing, and coordinating control of them is an increasing challenge. This paper presents a cooperative agent system that scales to one million or more nodes in which agents form coalitions to complete global task objectives. This approach uses the large-scale Command and Control (C2) capabilities of the Resource Clustered Chord (RC-Chord) Hierarchical Peer-to-Peer (HP2P) design. Tasks are submitted that require access to processing, data, or hardware resources, and a distributed agent search is performed to recruit agents to satisfy the distributed task. This approach differs from others by incorporating design elements to accommodate large-scale systems into the resource location algorithm. Peersim simulations demonstrate that the distributed coalition formation algorithm is as effective as an omnipotent central algorithm in a one million agent system

Securing Photovoltaic (PV) System Deployments with Data Diodes

A survey of a typical photovoltaic (PV) system with and without the cybersecurity protections of a data diode is explored. This survey includes a brief overview of Industrial Control Systems (ICS) and their relationship to the Internet of Things (IoT), Industrial Internet of Things (IIoT), and Industry 4.0 terminology. The cybersecurity features of eight data diodes are compared, and the cyber attack surface, attack scenarios, and mitigations of a typical PV system are discussed. After assessing cybersecurity, the economic considerations to purchase a data diode are considered. At 13.19 cents/kWh, the sale of 227,445 kWh is needed to fund one $30,000 data diode. On average, a military installation, similar to a small city, requires approximately 48,516 kWh every hour and could fund a$30,000 data diode in 4.7 hours. Comparatively, a 25 kW communityscale PV system costing $75,000 and generating an excess of 20 kW annually (approx. 36,000 kWh), requires 6.3 years to fund a$30,000 data diode. Weighing the economic considerations, the employment of data diodes for cybersecurity protection is not economically feasible for residential or community-scale PV system deployment, but might be for large-scale utility providers. Finally, a discussion on the different communities involved in the design, cybersecurity, and operations of an ICS show that further work is needed to bridge the communities of systems engineers, cybersecurity specialists, and industrial operators if the US is to build secure and resilient ICS and PV system

A Secure Group Communication Architecture for Autonomous Unmanned Aerial Vehicles

This paper investigates the application of a secure group communication architecture to a swarm of autonomous unmanned aerial vehicles (UAVs). A multicast secure group communication architecture for the low earth orbit (LEO) satellite environment is evaluated to determine if it can be effectively adapted to a swarm of UAVs and provide secure, scalable, and efficient communications. The performance of the proposed security architecture is evaluated with two other commonly used architectures using a discrete event computer simulation developed using MATLAB. Performance is evaluated in terms of the scalability and efficiency of the group key distribution and management scheme when the swarm size, swarm mobility, multicast group join and departure rates are varied. The metrics include the total keys distributed over the simulation period, the average number of times an individual UAV must rekey, the average bandwidth used to rekey the swarm, and the average percentage of battery consumed by a UAV to rekey over the simulation period. The proposed security architecture can successfully be applied to a swarm of autonomous UAVs using current technology. The proposed architecture is more efficient and scalable than the other tested and commonly used architectures. Over all the tested configurations, the proposed architecture distributes 55.2–94.8% fewer keys, rekeys 59.0–94.9% less often per UAV, uses 55.2–87.9% less bandwidth to rekey, and reduces the battery consumption by 16.9–85.4%

Developing Cyberspace Data Understanding Using CRISP-DM for Host-based IDS Feature Mining

Current intrusion detection systems (IDS) generate a large number of specific alerts, but typically do not provide actionable information. Compounding this problem is the fact that many alerts are false positive alerts. This paper applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding of a host environment under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of host-based forensic data collectors. Through knowledge discovery, features are selected to project human understanding of the attack process into the IDS model. By discovering relationships between the data collected and controlled events, false positive alerts were reduced by over 91% when compared to a leading open source IDS. This method of searching for hidden forensic evidence relationships enhances understanding of novel attacks and vulnerabilities, bolstering ones ability to defend the cyberspace domain. The methodology presented can be used to further host-based intrusion detection research

Simulating Windows-Based Cyber Attacks Using Live Virtual Machine Introspection

Static memory analysis has been proven a valuable technique for digital forensics. However, the memory capture technique halts the system causing the loss of important dynamic system data. As a result, live analysis techniques have emerged to complement static analysis. In this paper, a compiled memory analysis tool for virtualization (CMAT-V) is presented as a virtual machine introspection (VMI) utility to conduct live analysis during simulated cyber attacks. CMAT-V leverages static memory dump analysis techniques to provide live system state awareness. CMAT-V parses an arbitrary memory dump from a simulated guest operating system (OS) to extract user information, network usage, active process information and registry files. Unlike some VMI applications, CMAT-V bridges the semantic gap using derivation techniques. This provides increased operating system compatibility for current and future operating systems. This research demonstrates the usefulness of CMAT-V as a situational awareness tool during simulated cyber attacks and measures the overall performance of CMAT-V

An FPGA-Based System for Tracking Digital Information Transmitted Via Peer-to-Peer Protocols

This paper presents a Field Programmable Gate Array (FPGA)-based tool designed to process file transfers using the BitTorrent Peer-to-Peer (P2P) protocol and VoIP phone calls made using the Session Initiation Protocol (SIP). The tool searches selected control messages in real time and compares the unique identifier of the shared file or phone number against a list of known contraband files or phone numbers. Results show the FPGA tool processes P2P packets of interest 92% faster than a software-only configuration and is 97.6% accurate at capturing and processing messages at a traffic load of 89.6 Mbps