Machine-assisted Cyber Threat Analysis using Conceptual Knowledge Discovery

Over the last years, computer networks have evolved into highly dynamic and interconnected environments, involving multiple heterogeneous devices and providing a myriad of services on top of them. This complex landscape has made it extremely difficult for security administrators to keep accurate and be effective in protecting their systems against cyber threats. In this paper, we describe our vision and scientific posture on how artificial intelligence techniques and a smart use of security knowledge may assist system administrators in better defending their networks. To that end, we put forward a research roadmap involving three complimentary axes, namely, (I) the use of FCA-based mechanisms for managing configuration vulnerabilities, (II) the exploitation of knowledge representation techniques for automated security reasoning, and (III) the design of a cyber threat intelligence mechanism as a CKDD process. Then, we describe a machine-assisted process for cyber threat analysis which provides a holistic perspective of how these three research axes are integrated together

Formal Concept Analysis from the Standpoint of Possibility Theory (ICFCA 2015)

International audienceFormal concept analysis (FCA) and possibility theory (PoTh) have been developed independently. They address different concerns in information processing: while FCA exploits relations linking objects and properties, and has applications in data mining and clustering, PoTh deals with the modeling of (graded) epistemic uncertainty. However, making a formal parallel between FCA and PoTh is fruitful. The four set-functions at work in PoTh have meaningful counterparts in FCA; this leads to consider operators neglected in FCA, and thus new fixed point equations. One of these pairs of equations, paralleling the one defining formal concepts in FCA, defines independent sub-contexts of objects and properties that have nothing in common. The similarity of the structures underlying FCA and PoTh is still more striking, using a cube of opposition (a device extending the traditional square of opposition in logic). Beyond the parallel between FCA and PoTh, this invited contribution, which largely relies on several past publications by the authors, also addresses issues pertaining to the possible meanings, degree of satisfaction vs. degree of certainty, of graded object-property links, which calls for distinct manners of handling the degrees. Other lines of interest for further research are briefly mentioned

RCA-Seq: an Original Approach for Enhancing the Analysis of Sequential Data Based on Hierarchies of Multilevel Closed Partially-Ordered Patterns

International audienceMethods for analysing sequential data generally produce a huge number of sequential patterns that have then to be evaluated and interpreted by domain experts. To diminish this number and thus the difficulty of the interpretation task, methods that directly extract a more compact representation of sequential patterns, namely closed partially-ordered patterns (CPO-patterns), were introduced. In spite of the fewer number of obtained CPO-patterns, their analysis is still a challenging task for experts since they are unorgan-ised and besides, do not provide a global view of the discovered regularities. To address these problems, we present and formalise an original approach within the framework of Relational Concept Analysis (RCA), referred to as RCA-Seq, that focuses on facilitating the interpretation task of experts. The hierarchical RCA result allows to directly obtain and organize the relationships between the extracted CPO-patterns. Moreover, a generalisation order on items is also revealed, and multilevel CPO-patterns are obtained. Therefore, a hierarchy of such CPO-patterns guides the interpretation task, helps experts in better understanding the extracted patterns, and minimises the chance of overlooking interesting CPO-patterns. RCA-Seq is compared with another approach that relies on pattern structures. In addition, we highlight the adaptability of RCA-Seq by integrating a user-defined tax-* onomy over the items, and by considering user-specified constraints on the order relations on itemsets

Connaissances de domaine et treillis de concepts pour l'exploration progressive de données complexes

National audienceNous présentons dans cet article l'Analyse de Concepts Formels par Similarité, qui adapte et étend l'Analyse de Concepts Formels classique à des données complexes, en s'appuyant sur des connaissances de domaine. Ces connaissances sont considérées pour définir la similarité entre les données qui se présentent sous la forme d'un contexte multivalué. En s'appuyant sur la similarité définie, les données du contexte sont groupées dans des concepts multivalués qui forment des treillis de concepts multivalués. La variation des critères dans la définition de la similarité aboutit à la modification de la structure de treillis obtenue et du niveau de précision dans les concepts. Nous exploitons cet aspect pour définir une méthode d'exploration progressive de données complexes par treillis de concepts multivalués. Nous détaillons l'application de cette méthode à l'organisation et à l'identification des sources de données biologiques de l'annuaire BioRegsity

Building up Shared Knowledge with Logical Information Systems

International audienceLogical Information Systems (LIS) are based on Logical Concept Analysis, an extension of Formal Concept Analysis. This paper describes an application of LIS to support group decision. A case study gathered a research team. The objective was to decide on a set of potential conferences on which to send submissions. People individually used Abilis, a LIS web server, to preselect a set of conferences. Starting from 1041 call for papers, the individual participants preselected 63 conferences. They met and collectively used Abilis to select a shared set of 42 target conferences. The team could then sketch a publication planning. The case study provides evidence that LIS cover at least three of the collaboration patterns identified by Kolfschoten, de Vreede and Briggs. Abilis helped the team to build a more complete and relevant set of information (Generate/Gathering pattern); to build a shared understanding of the relevant information (Clarify/Building Shared Understanding); and to quickly reduce the number of target conferences (Reduce/Filtering pattern)

Machine-assisted Cyber Threat Analysis using Conceptual Knowledge Discovery: – Position Paper –

International audienceOver the last years, computer networks have evolved into highly dynamic and interconnected environments, involving multiple heterogeneous devices and providing a myriad of services on top of them. This complex landscape has made it extremely difficult for security administrators to keep accurate and be effective in protecting their systems against cyber threats. In this paper, we describe our vision and scientific posture on how artificial intelligence techniques and a smart use of security knowledge may assist system administrators in better defending their networks. To that end, we put forward a research roadmap involving three complimentary axes, namely, (I) the use of FCA-based mechanisms for managing configuration vulnerabilities, (II) the exploitation of knowledge representation techniques for automated security reasoning, and (III) the design of a cyber threat intelligence mechanism as a CKDD process. Then, we describe a machine-assisted process for cyber threat analysis which provides a holistic perspective of how these three research axes are integrated together

A Proposal for Extending Formal Concept Analysis to Knowledge Graphs

International audienceKnowledge graphs offer a versatile knowledge representation, and have been studied under different forms, such as conceptual graphs or Datalog databases. With the rise of the Semantic Web, more and more data are available as knowledge graphs. FCA has been successful for analyzing, mining, learning, and exploring tabular data, and our aim is to help transpose those results to graph-based data. Previous FCA approaches have already addressed relational data, hence graphs, but with various limits. We propose G-FCA as an extension of FCA where the formal context is a knowledge graph based on n-ary relationships. The main contributions is the introduction of " n-ary concepts " , i.e. concepts whose extents are n-ary relations of objects. Their intents, " projected graph patterns " , mix relationships of different arities, objects, and variables. In this paper, we lay first theoretical results, in particular the existence of a concept lattice for each concept arity, and the role of rela-tional projections to connect those different lattices

Formal Concept Analysis and Information Retrieval – A Survey

International audienceOne of the first models to be proposed as a document index for retrieval purposes was a lattice structure, decades before the introduction of Formal Concept Analysis. Nevertheless, the main notions that we consider so familiar within the community (" extension " , " intension " , " closure operators " , " order ") were already an important part of it. In the '90s, as FCA was starting to settle as an epistemic community, lattice-based Information Retrieval (IR) systems smoothly transitioned towards FCA-based IR systems. Currently, FCA theory supports dozens of different retrieval applications, ranging from traditional document indices to file systems, recommendation, multi-media and more recently, semantic linked data. In this paper we present a comprehensive study on how FCA has been used to support IR systems. We try to be as exhaustive as possible by reviewing the last 25 years of research as chronicles of the domain, yet we are also concise in relating works by its theoretical foundations. We think that this survey can help future endeavours of establishing FCA as a valuable alternative for modern IR systems