IMMACCS: A Multi-Agent Decision-Support System

This report describes work performed by the Collaborative Agent Design Research Center for the US Marine Corps Warfighting Laboratory (MCWL), on the IMMACCS experimental decision-support system. IMMACCS (Integrated Marine Multi-Agent Command and Control System) incorporates three fundamental concepts that distinguish it from existing (i.e., legacy) command and control applications. First, it is a collaborative system in which computer-based agents assist human operators by monitoring, analyzing, and reasoning about events in near real-time. Second, IMMACCS includes an ontological model of the battlespace that represents the behavioral characteristics and relationships among real world entities such as friendly and enemy assets, infrastructure objects (e.g., buildings, roads, and rivers), and abstract notions. This object model provides the essential common language that binds all IMMACCS components into an integrated and adaptive decision-support system. Third, IMMACCS provides no ready made solutions that may not be applicable to the problems that will occur in the real world. Instead, the agents represent a powerful set of tools that together with the human operators can adjust themselves to the problem situations that cannot be predicted in advance. In this respect, IMMACCS is an adaptive command and control system that supports planning, execution and training functions concurrently. The report describes the nature and functional requirements of military command and control, the architectural features of IMMACCS that are designed to support these operational requirements, the capabilities of the tools (i.e., agents) that IMMACCS offers its users, and the manner in which these tools can be applied. Finally, the performance of IMMACCS during the Urban Warrior Advanced Warfighting Experiment held in California in March, 1999, is discussed from an operational viewpoint

INSecS: An Intelligent Network Security System

There are new challenges in network security, introduced by the nature of modern networks like IoT systems, Cloud systems, and other distributed systems. System resource limitations in IoT, delays in processing the large stream of data from Cloud and distributed system, incapability to handle multi-step attacks due to delay in updates, limited datasets used for Intrusion Detection System (IDS) training which impacts the system performance are some of the pressing issues. To address these challenges, the author proposes Intelligent Network Security Systems, a framework that can handle these issues and also be as accurate as a commercial grade IDS. The proposed framework consists of three components: a Dataset Creation Software (DCS), an Intrusion Detection System and a Learning module. This thesis presents implementation details and validation results for DCS and IDS. The first component is a highly customizable software framework capable of generating labeled network intrusion datasets on demand. This software is able to collect data from a live network as well as from a pre-recorded packet capture file. The output can be either Raw packet capture (PCAP) with selected attributes per packet or a processed dataset with customized attributes related to both individual packet features and overall traffic behavior within a time window. The abilities of this component are compared with a state-of-the-art dataset creation system through a feature comparison. The proposed Intrusion Detection System is a novel, distributed IDS that is able to perform in real-time in a distributed system. Hierarchical decision making is used to reduce traffic overhead on the IDS and allow faster Intrusion Detection. The IDS also detects multi-step attacks faster by updating the system rules when a reconnaissance attack is detected, without any human intervention. Internal attacks are also detected easily because of the distributed nature of the IDS. The performance tests show that the IDS performs 8 times faster on averages with the hierarchical decision-making structure and still maintains the same level of accuracy as Snort

DEFending Integrated Circuit Layouts

The production of modern integrated circuit (IC) requires a complex, outsourced supply chain involving computer-aided design (CAD) tools, expert knowledge, and advanced foundries. This complexity has led to various security threats, such as Trojans inserted by adversaries during outsourcing, and physical probing or manipulation of devices at run-time. Our proposed solution, DEFense is an extensible CAD framework for evaluating and proactively mitigating threats to IC at the design-time stage. Our goal with DEFense is to achieve “security closure” at the physical layout level of IC design, prioritizing security alongside traditional power, performance, and area (PPA) objectives. DEFense uses an iterative approach to assess and mitigate vulnerabilities in the IC layout, automating vulnerability assessments and identifying vulnerable active devices and wires. Using the quantified findings, DEFense guides CAD tools to re-arrange placement and routing and use other heuristic means to “DEFend” the layouts. DEFense is independent of back-end CAD tools as it works with the standard DEF format for physical layouts. It is a flexible and extensible scripting framework without the need for modifications to commercial CAD code bases. We are providing the framework to the community and have conducted a thorough experimental investigation into different threats and adversaries at various stages of the IC life-cycle, including Trojan insertion by an untrusted foundry, probing by an untrusted end-user, and intentionally introduced crosstalk by an untrusted foundry

Resilient and Trustworthy Dynamic Data-driven Application Systems (DDDAS) Services for Crisis Management Environments

Future crisis management systems needresilient and trustworthy infrastructures to quickly develop reliable applications and processes, andensure end-to-end security, trust, and privacy. Due to the multiplicity and diversity of involved actors, volumes of data, and heterogeneity of shared information;crisis management systems tend to be highly vulnerable and subjectto unforeseen incidents. As a result, the dependability of crisis management systems can be at risk. This paper presents a cloud-based resilient and trustworthy infrastructure (known as rDaaS) to quickly develop secure crisis management systems. The rDaaS integrates the Dynamic Data-Driven Application Systems (DDDAS) paradigm into a service-oriented architecture over cloud technology and provides a set of resilient DDDAS-As-A Service (rDaaS) components to build secure and trusted adaptable crisis processes. The rDaaS also ensures resilience and security by obfuscating the execution environment and applying Behavior Software Encryption and Moving Technique Defense. A simulation environment for a nuclear plant crisis management case study is illustrated to build resilient and trusted crisis response processes

Resolving corporate bribery through deferred prosecution agreements:Lessons from the US, UK and France for China

While bribery is designated as a criminal offense in most jurisdictions, the enforcement of anti-bribery laws in the corporate context is far from satisfactory. The weak enforcement can be mainly attributed to the practical challenges of doing so. Benefiting from deferred prosecution agreements (DPAs), the U.S., UK and French authorities have significantly ramped up their anti-bribery enforcement and encouraged corporate self-policing activities. Inspired by the foreign DPA developments, China’s prosecutorial authorities have been actively promoting the compliance non-prosecution program (CNP) since 2020. Introduced amid the Covid-19 pandemic and the ever-intensive U.S.-China trade conflicts, the CNP aims to mitigate the adverse economic implications of corporate criminal enforcement and foster corporate compliance.Combining legal doctrinal research, comparative research and insights from the law and economics literature, this thesis provides an overview of the DPA regimes in the U.S., UK and France and the CNP in China. It analyzes the advantages and weakness of the DPA programs in the three jurisdictions, aiming to draw lessons for developing the Chinese version of DPA program to address corporate bribery. Meanwhile, it also identifies the reasons for the inactive role played by the corporations in China’s anti-bribery movement and the challenges caused for the authorities in the anti-bribery enforcement. It is proposed that a Chinese version of DPA program be established based on the existing CNP to resolve corporate bribery cases. When designing and applying the Chinese version of DPA program and complementary regimes, special attention should be paid to deterrence, rehabilitation, and individual accountability.<br/

Resolving corporate bribery through deferred prosecution agreements:Lessons from the US, UK and France for China

While bribery is designated as a criminal offense in most jurisdictions, the enforcement of anti-bribery laws in the corporate context is far from satisfactory. The weak enforcement can be mainly attributed to the practical challenges of doing so. Benefiting from deferred prosecution agreements (DPAs), the U.S., UK and French authorities have significantly ramped up their anti-bribery enforcement and encouraged corporate self-policing activities. Inspired by the foreign DPA developments, China’s prosecutorial authorities have been actively promoting the compliance non-prosecution program (CNP) since 2020. Introduced amid the Covid-19 pandemic and the ever-intensive U.S.-China trade conflicts, the CNP aims to mitigate the adverse economic implications of corporate criminal enforcement and foster corporate compliance.Combining legal doctrinal research, comparative research and insights from the law and economics literature, this thesis provides an overview of the DPA regimes in the U.S., UK and France and the CNP in China. It analyzes the advantages and weakness of the DPA programs in the three jurisdictions, aiming to draw lessons for developing the Chinese version of DPA program to address corporate bribery. Meanwhile, it also identifies the reasons for the inactive role played by the corporations in China’s anti-bribery movement and the challenges caused for the authorities in the anti-bribery enforcement. It is proposed that a Chinese version of DPA program be established based on the existing CNP to resolve corporate bribery cases. When designing and applying the Chinese version of DPA program and complementary regimes, special attention should be paid to deterrence, rehabilitation, and individual accountability.<br/

Predictive Cyber Situational Awareness and Personalized Blacklisting: A Sequential Rule Mining Approach

Cybersecurity adopts data mining for its ability to extract concealed and indistinct patterns in the data, such as for the needs of alert correlation. Inferring common attack patterns and rules from the alerts helps in understanding the threat landscape for the defenders and allows for the realization of cyber situational awareness, including the projection of ongoing attacks. In this paper, we explore the use of data mining, namely sequential rule mining, in the analysis of intrusion detection alerts. We employed a dataset of 12 million alerts from 34 intrusion detection systems in 3 organizations gathered in an alert sharing platform, and processed it using our analytical framework. We execute the mining of sequential rules that we use to predict security events, which we utilize to create a predictive blacklist. Thus, the recipients of the data from the sharing platform will receive only a small number of alerts of events that are likely to occur instead of a large number of alerts of past events. The predictive blacklist has the size of only 3 % of the raw data, and more than 60 % of its entries are shown to be successful in performing accurate predictions in operational, real-world settings