904 research outputs found
A graph oriented approach for network forensic analysis
Network forensic analysis is a process that analyzes intrusion evidence captured from networked environment to identify suspicious entities and stepwise actions in an attack scenario. Unfortunately, the overwhelming amount and low quality of output from security sensors make it difficult for analysts to obtain a succinct high-level view of complex multi-stage intrusions.
This dissertation presents a novel graph based network forensic analysis system. The evidence graph model provides an intuitive representation of collected evidence as well as the foundation for forensic analysis. Based on the evidence graph, we develop a set of analysis components in a hierarchical reasoning framework. Local reasoning utilizes fuzzy inference to infer the functional states of an host level entity from its local observations. Global reasoning performs graph structure analysis to identify the set of highly correlated hosts that belong to the coordinated attack scenario. In global reasoning, we apply spectral clustering and Pagerank methods for generic and targeted investigation
respectively. An interactive hypothesis testing procedure is developed to identify hidden attackers from non-explicit-malicious evidence. Finally, we introduce the notion of target-oriented effective event sequence (TOEES) to semantically reconstruct stealthy attack scenarios with less dependency on ad-hoc expert knowledge. Well established computation methods used in our approach provide the scalability needed to perform
post-incident analysis in large networks. We evaluate the techniques with a number of intrusion detection datasets and the experiment results show that our approach is effective in identifying complex multi-stage attacks
An " expert system building tool" incorporated with fuzzy concepts.
by Lam Wai.Thesis (M.Ph.)--Chinese University of Hong Kong, 1988.Bibliography: leaves 216-220
Fifth Conference on Artificial Intelligence for Space Applications
The Fifth Conference on Artificial Intelligence for Space Applications brings together diverse technical and scientific work in order to help those who employ AI methods in space applications to identify common goals and to address issues of general interest in the AI community. Topics include the following: automation for Space Station; intelligent control, testing, and fault diagnosis; robotics and vision; planning and scheduling; simulation, modeling, and tutoring; development tools and automatic programming; knowledge representation and acquisition; and knowledge base/data base integration
The role of situational information in conceptual knowledge
This thesis investigated the influence of situational knowledge on the performance of
two common tasks; category member generation under a free-emission procedure and
the judgement of similarity between two items using rating scales. In both tasks, self-report
protocols were used to identify the strategies that people seemed to be using to
complete the tasks. The main goal was to identify the role of situational knowledge in
the organisation of semantic memory. Traditional models would not predict a role for
situational knowledge in either of the target tasks. In the category member generation
studies (Chapter 2) participants frequently instantiated situations or perspectives to
cue retrieval of category members for both taxonomic and ad hoc categories. Chapter
3 investigated the factors that determine subjective similarity: category type,
typicality, context and presence or absence of self-report. The quantitative data
analysis showed the need for careful qualifications to previous claims concerning the
effect of context on similarity (Barsalou, 1982). Specifically, ad hoc category
members were rated more similar with context only when judgements were made
without self-report and when items were relatively typical. Self-report protocols
showed that co-occurrence of items in a situation frequently entered into judgements
of similarity. Chapter 4 investigated the role of events in determining the strength of
this 'thematic' similarity. Individual indices of association strength between the items
and an event were shown to predict similarity ratings - thus confirming that thematic
similarity is driven, at least partially, by the association of items to common settings.
The findings lend empirical weight to theoretical positions that present memory for
situational information as an integral part of conceptual knowledge. This approach
may underpin a new direction for research into concepts in both normal and clinical
adult populations
Goal driven theorem proving using conceptual graphs and Peirce logic
The thesis describes a rational reconstruction of Sowa's theory of Conceptual
Graphs. The reconstruction produces a theory with a firmer logical foundation than was
previously the case and which is suitable for computation whilst retaining the
expressiveness of the original theory. Also, several areas of incompleteness are
addressed. These mainly concern the scope of operations on conceptual graphs of
different types but include extensions for logics of higher orders than first order. An
important innovation is the placing of negation onto a sound representational basis.
A comparison of theorem proving techniques is made from which the principles of
theorem proving in Peirce logic are identified. As a result, a set of derived inference rules,
suitable for a goal driven approach to theorem proving, is developed from Peirce's beta
rules. These derived rules, the first of their kind for Peirce logic and conceptual graphs,
allow the development of a novel theorem proving approach which has some similarities
to a combined semantic tableau and resolution methodology. With this methodology it is
shown that a logically complete yet tractable system is possible. An important result is the
identification of domain independent heuristics which follow directly from the
methodology. In addition to the theorem prover, an efficient system for the detection of
selectional constraint violations is developed.
The proof techniques are used to build a working knowledge base system in Prolog
which can accept arbitrary statements represented by conceptual graphs and test their
semantic and logical consistency against a dynamic knowledge base. The same proof
techniques are used to find solutions to arbitrary queries. Since the system is logically
complete it can maintain the integrity of its knowledge base and answer queries in a fully
automated manner. Thus the system is completely declarative and does not require any
programming whatever by a user with the result that all interaction with a user is
conversational. Finally, the system is compared with other theorem proving systems
which are based upon Conceptual Graphs and conclusions about the effectiveness of the
methodology are drawn
- …