A graph oriented approach for network forensic analysis

Network forensic analysis is a process that analyzes intrusion evidence captured from networked environment to identify suspicious entities and stepwise actions in an attack scenario. Unfortunately, the overwhelming amount and low quality of output from security sensors make it difficult for analysts to obtain a succinct high-level view of complex multi-stage intrusions. This dissertation presents a novel graph based network forensic analysis system. The evidence graph model provides an intuitive representation of collected evidence as well as the foundation for forensic analysis. Based on the evidence graph, we develop a set of analysis components in a hierarchical reasoning framework. Local reasoning utilizes fuzzy inference to infer the functional states of an host level entity from its local observations. Global reasoning performs graph structure analysis to identify the set of highly correlated hosts that belong to the coordinated attack scenario. In global reasoning, we apply spectral clustering and Pagerank methods for generic and targeted investigation respectively. An interactive hypothesis testing procedure is developed to identify hidden attackers from non-explicit-malicious evidence. Finally, we introduce the notion of target-oriented effective event sequence (TOEES) to semantically reconstruct stealthy attack scenarios with less dependency on ad-hoc expert knowledge. Well established computation methods used in our approach provide the scalability needed to perform post-incident analysis in large networks. We evaluate the techniques with a number of intrusion detection datasets and the experiment results show that our approach is effective in identifying complex multi-stage attacks

An " expert system building tool" incorporated with fuzzy concepts.

by Lam Wai.Thesis (M.Ph.)--Chinese University of Hong Kong, 1988.Bibliography: leaves 216-220

Fifth Conference on Artificial Intelligence for Space Applications

The Fifth Conference on Artificial Intelligence for Space Applications brings together diverse technical and scientific work in order to help those who employ AI methods in space applications to identify common goals and to address issues of general interest in the AI community. Topics include the following: automation for Space Station; intelligent control, testing, and fault diagnosis; robotics and vision; planning and scheduling; simulation, modeling, and tutoring; development tools and automatic programming; knowledge representation and acquisition; and knowledge base/data base integration

The role of situational information in conceptual knowledge

This thesis investigated the influence of situational knowledge on the performance of two common tasks; category member generation under a free-emission procedure and the judgement of similarity between two items using rating scales. In both tasks, self-report protocols were used to identify the strategies that people seemed to be using to complete the tasks. The main goal was to identify the role of situational knowledge in the organisation of semantic memory. Traditional models would not predict a role for situational knowledge in either of the target tasks. In the category member generation studies (Chapter 2) participants frequently instantiated situations or perspectives to cue retrieval of category members for both taxonomic and ad hoc categories. Chapter 3 investigated the factors that determine subjective similarity: category type, typicality, context and presence or absence of self-report. The quantitative data analysis showed the need for careful qualifications to previous claims concerning the effect of context on similarity (Barsalou, 1982). Specifically, ad hoc category members were rated more similar with context only when judgements were made without self-report and when items were relatively typical. Self-report protocols showed that co-occurrence of items in a situation frequently entered into judgements of similarity. Chapter 4 investigated the role of events in determining the strength of this 'thematic' similarity. Individual indices of association strength between the items and an event were shown to predict similarity ratings - thus confirming that thematic similarity is driven, at least partially, by the association of items to common settings. The findings lend empirical weight to theoretical positions that present memory for situational information as an integral part of conceptual knowledge. This approach may underpin a new direction for research into concepts in both normal and clinical adult populations

Goal driven theorem proving using conceptual graphs and Peirce logic

The thesis describes a rational reconstruction of Sowa's theory of Conceptual Graphs. The reconstruction produces a theory with a firmer logical foundation than was previously the case and which is suitable for computation whilst retaining the expressiveness of the original theory. Also, several areas of incompleteness are addressed. These mainly concern the scope of operations on conceptual graphs of different types but include extensions for logics of higher orders than first order. An important innovation is the placing of negation onto a sound representational basis. A comparison of theorem proving techniques is made from which the principles of theorem proving in Peirce logic are identified. As a result, a set of derived inference rules, suitable for a goal driven approach to theorem proving, is developed from Peirce's beta rules. These derived rules, the first of their kind for Peirce logic and conceptual graphs, allow the development of a novel theorem proving approach which has some similarities to a combined semantic tableau and resolution methodology. With this methodology it is shown that a logically complete yet tractable system is possible. An important result is the identification of domain independent heuristics which follow directly from the methodology. In addition to the theorem prover, an efficient system for the detection of selectional constraint violations is developed. The proof techniques are used to build a working knowledge base system in Prolog which can accept arbitrary statements represented by conceptual graphs and test their semantic and logical consistency against a dynamic knowledge base. The same proof techniques are used to find solutions to arbitrary queries. Since the system is logically complete it can maintain the integrity of its knowledge base and answer queries in a fully automated manner. Thus the system is completely declarative and does not require any programming whatever by a user with the result that all interaction with a user is conversational. Finally, the system is compared with other theorem proving systems which are based upon Conceptual Graphs and conclusions about the effectiveness of the methodology are drawn