Graphical model-based approaches to target tracking in sensor networks: an overview of some recent work and challenges

Sensor Networks have provided a technology base for distributed target tracking applications among others. Conventional centralized approaches to the problem lack scalability in such a scenario where a large number of sensors provide measurements simultaneously under a possibly non-collaborating environment. Therefore research efforts have focused on scalable, robust, and distributed algorithms for the inference tasks related to target tracking, i.e. localization, data association, and track maintenance. Graphical models provide a rigorous tool for development of such algorithms by modeling the information structure of a given task and providing distributed solutions through message passing algorithms. However, the limited communication capabilities and energy resources of sensor networks pose the additional difculty of considering the tradeoff between the communication cost and the accuracy of the result. Also the network structure and the information structure are different aspects of the problem and a mapping between the physical entities and the information structure is needed. In this paper we discuss available formalisms based on graphical models for target tracking in sensor networks with a focus on the aforementioned issues. We point out additional constraints that must be asserted in order to achieve further insight and more effective solutions

CSM Automated Confidence Score Measurement of Threat Indicators

abstract: The volume and frequency of cyber attacks have exploded in recent years. Organizations subscribe to multiple threat intelligence feeds to increase their knowledge base and better equip their security teams with the latest information in threat intelligence domain. Though such subscriptions add intelligence and can help in taking more informed decisions, organizations have to put considerable efforts in facilitating and analyzing a large number of threat indicators. This problem worsens further, due to a large number of false positives and irrelevant events detected as threat indicators by existing threat feed sources. It is often neither practical nor cost-effective to analyze every single alert considering the staggering volume of indicators. The very reason motivates to solve the overcrowded threat indicators problem by prioritizing and filtering them. To overcome above issue, I explain the necessity of determining how likely a reported indicator is malicious given the evidence and prioritizing it based on such determination. Confidence Score Measurement system (CSM) introduces the concept of confidence score, where it assigns a score of being malicious to a threat indicator based on the evaluation of different threat intelligence systems. An indicator propagates maliciousness to adjacent indicators based on relationship determined from behavior of an indicator. The propagation algorithm derives final confidence to determine overall maliciousness of the threat indicator. CSM can prioritize the indicators based on confidence score; however, an analyst may not be interested in the entire result set, so CSM narrows down the results based on the analyst-driven input. To this end, CSM introduces the concept of relevance score, where it combines the confidence score with analyst-driven search by applying full-text search techniques. It prioritizes the results based on relevance score to provide meaningful results to the analyst. The analysis shows the propagation algorithm of CSM linearly scales with larger datasets and achieves 92% accuracy in determining threat indicators. The evaluation of the result demonstrates the effectiveness and practicality of the approach.Dissertation/ThesisMasters Thesis Computer Science 201

A multi-dimensional trust-model for dynamic, scalable and resources-efficient trust-management in social internet of things

L'internet des Objets (IoT) est un paradigme qui a rendu les objets du quotidien, intelligents en leur offrant la possibilité de se connecter à Internet, de communiquer et d'interagir. L'intégration de la composante sociale dans l'IoT a donné naissance à l'Internet des Objets Social (SIoT), qui a permis de surmonter diverse problématiques telles que l'interopérabilité et la découverte de ressources. Dans ce type d'environnement, les participants rivalisent afin d'offrir une variété de services attrayants. Certains d'entre eux ont recours à des comportements malveillants afin de propager des services de mauvaise qualité. Ils lancent des attaques, dites de confiance, et brisent les fonctionnalités de base du système. Plusieurs travaux de la littérature ont abordé ce problème et ont proposé différents modèles de confiance. La majorité d'entre eux ont tenté de réappliquer des modèles de confiance conçus pour les réseaux sociaux ou les réseaux pair-à-pair. Malgré les similitudes entre ces types de réseaux, les réseaux SIoT présentent des particularités spécifiques. Dans les SIoT, nous avons différents types d'entités qui collaborent, à savoir des humains, des dispositifs et des services. Les dispositifs peuvent présenter des capacités de calcul et de stockage très limitées et leur nombre peut atteindre des millions. Le réseau qui en résulte est complexe et très dynamique et les répercussions des attaques de confiance peuvent être plus importantes. Nous proposons un nouveau modèle de confiance, multidimensionnel, dynamique et scalable, spécifiquement conçu pour les environnements SIoT. Nous proposons, en premier lieu, des facteurs permettant de décrire le comportement des trois types de nœuds impliqués dans les réseaux SIoT et de quantifier le degré de confiance selon les trois dimensions de confiance résultantes. Nous proposons, ensuite, une méthode d'agrégation basée sur l'apprentissage automatique et l'apprentissage profond qui permet d'une part d'agréger les facteurs proposés pour obtenir un score de confiance permettant de classer les nœuds, mais aussi de détecter les types d'attaques de confiance et de les contrer. Nous proposons, ensuite, une méthode de propagation hybride qui permet de diffuser les valeurs de confiance dans le réseau, tout en remédiant aux inconvénients des méthodes centralisée et distribuée. Cette méthode permet d'une part d'assurer la scalabilité et le dynamisme et d'autre part, de minimiser la consommation des ressources. Les expérimentations appliquées sur des de données synthétiques nous ont permis de valider le modèle proposé.The Internet of Things (IoT) is a paradigm that has made everyday objects intelligent by giving them the ability to connect to the Internet, communicate and interact. The integration of the social component in the IoT has given rise to the Social Internet of Things (SIoT), which has overcome various issues such as interoperability, navigability and resource/service discovery. In this type of environment, participants compete to offer a variety of attractive services. Some of them resort to malicious behavior to propagate poor quality services. They launch so-called Trust-Attacks (TA) and break the basic functionality of the system. Several works in the literature have addressed this problem and have proposed different trust-models. Most of them have attempted to adapt and reapply trust models designed for traditional social networks or peer-to-peer networks. Despite the similarities between these types of networks, SIoT ones have specific particularities. In SIoT, there are different types of entities that collaborate: humans, devices, and services. Devices can have very limited computing and storage capacities, and their number can be as high as a few million. The resulting network is complex and highly dynamic, and the impact of Trust-Attacks can be more compromising. In this work, we propose a Multidimensional, Dynamic, Resources-efficient and Scalable trust-model that is specifically designed for SIoT environments. We, first, propose features to describe the behavior of the three types of nodes involved in SIoT networks and to quantify the degree of trust according to the three resulting Trust-Dimensions. We propose, secondly, an aggregation method based on Supervised Machine-Learning and Deep Learning that allows, on the one hand, to aggregate the proposed features to obtain a trust score allowing to rank the nodes, but also to detect the different types of Trust-Attacks and to counter them. We then propose a hybrid propagation method that allows spreading trust values in the network, while overcoming the drawbacks of centralized and distributed methods. The proposed method ensures scalability and dynamism on the one hand, and minimizes resource consumption (computing and storage), on the other. Experiments applied to synthetic data have enabled us to validate the resilience and performance of the proposed model

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Networking and Application Interface Technology for Wireless Sensor Network Surveillance and Monitoring

Distributed unattended ground sensor networks used in battlefield surveillance and monitoring missions, have proven to be valuable in providing a tactical information advantage required for command and control, intelligence, surveillance, and reconnaissance planning. Operational effectiveness for surveillance missions can be enhanced further through network centric capability, where distributed UGS networks have the ability to perform surveillance operations autonomously. NCC operation can be enhanced through UGSs having the ability to evaluate their awareness of the current joint surveillance environment, in order to provide the necessary adaptation to dynamic changes. NCC can also provide an advantage for UGS networks to self-manage their limited operational resources efficiently, according to mission objective priority. In this article, we present a cross-layer approach and highlight techniques that have potential to enable NCC operation within a mission-orientated UGS surveillance setting

Managing Vulnerabilities of Tactical Wireless RF Network Systems: A Case Study

Organisations and individuals benefit when wireless networks are protected. After assessing the risks associated with wireless technologies, organisations can reduce the risks by applying countermeasures to address specific threats and vulnerabilities. These countermeasures include management, operational and technical controls. While these countermeasures will not prevent all penetrations and adverse events, they can be effective in reducing many of the common risks associated with wireless RF networks. Among engineers dealing with different scaled and interconnected engineering systems, such as tactical wireless RF communication systems, there is a growing need for a means of analysing complex adaptive systems. We propose a methodology based on the systematic resolution of complex issues to manage the vulnerabilities of tactical wireless RF systems. There are is a need to assemble and balance the results of any successful measure, showing how well each solution meets the system’s objectives. The uncertain arguments used and other test results are combined using a form of mathematical theory for their analysis. Systems engineering thinking supports design decisions and enables decision‐makers to manage and assess the support for each solution. In these circumstances, complexity management arises from the many interacting and conflicting requirements of an increasing range of possible parameters. There may not be a single ‘right’ solution, only a satisfactory set of resolutions which this system helps to facilitate. Smart and innovative performance matrixes are introduced using a mathematical Bayesian network to manage, model, calculate and analyse all the potential vulnerability paths in wireless RF networks

Improving resilience in Critical Infrastructures through learning from past events

Modern societies are increasingly dependent on the proper functioning of Critical Infrastructures (CIs). CIs produce and distribute essential goods or services, as for power transmission systems, water treatment and distribution infrastructures, transportation systems, communication networks, nuclear power plants, and information technologies. Being resilient, where resilience denotes the capacity of a system to recover from challenges or disruptive events, becomes a key property for CIs, which are constantly exposed to threats that can undermine safety, security, and business continuity. Nowadays, a variety of approaches exists in the context of CIs’ resilience research. This dissertation starts with a systematic review based on PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) on the approaches that have a complete qualitative dimension, or that can be used as entry points for semi-quantitative analyses. The review identifies four principal dimensions of resilience referred to CIs (i.e., techno-centric, organizational, community, and urban) and discusses the related qualitative or semi-quantitative methods. The scope of the thesis emphasizes the organizational dimension, as a socio-technical construct. Accordingly, the following research question has been posed: how can learning improve resilience in an organization? Firstly, the benefits of learning in a particular CI, i.e. the supply chain in reverse logistics related to the small arms utilized by Italian Armed Forces, have been studied. Following the theory of Learning From Incidents, the theoretical model helped to elaborate a centralized information management system for the Supply Chain Management of small arms within a Business Intelligence (BI) framework, which can be the basis for an effective decision-making process, capable of increasing the systemic resilience of the supply chain itself. Secondly, the research question has been extended to another extremely topical context, i.e. the Emergency Management (EM), exploring the crisis induced learning where single-loop and double-loop learning cycles can be established regarding the behavioral perspective. Specifically, the former refers to the correction of practices within organizational plans without changing core beliefs and fundamental rules of the organization, while the latter aims at resolving incompatible organizational behavior by restructuring the norms themselves together with the associated practices or assumptions. Consequently, with the aim of ensuring high EM systems resilience, and effective single-loop and double-loop crisis induced learning at organizational level, the study examined learning opportunities that emerge through the exploration of adaptive practices necessary to face the complexity of a socio-technical work domain as the EM of Covid-19 outbreaks on Oil & Gas platforms. Both qualitative and quantitative approaches have been adopted to analyze the resilience of this specific socio-technical system. On this consciousness, with the intention to explore systems theoretic possibilities to model the EM system, the Functional Resonance Analysis Method (FRAM) has been proposed as a qualitative method for developing a systematic understanding of adaptive practices, modelling planning and resilient behaviors and ultimately supporting crisis induced learning. After the FRAM analysis, the same EM system has also been studied adopting a Bayesian Network (BN) to quantify resilience potentials of an EM procedure resulting from the adaptive practices and lessons learned by an EM organization. While the study of CIs is still an open and challenging topic, this dissertation provides methodologies and running examples on how systemic approaches may support data-driven learning to ultimately improve organizational resilience. These results, possibly extended with future research drivers, are expected to support decision-makers in their tactical and operational endeavors

AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments

This report considers the application of Articial Intelligence (AI) techniques to the problem of misuse detection and misuse localisation within telecommunications environments. A broad survey of techniques is provided, that covers inter alia rule based systems, model-based systems, case based reasoning, pattern matching, clustering and feature extraction, articial neural networks, genetic algorithms, arti cial immune systems, agent based systems, data mining and a variety of hybrid approaches. The report then considers the central issue of event correlation, that is at the heart of many misuse detection and localisation systems. The notion of being able to infer misuse by the correlation of individual temporally distributed events within a multiple data stream environment is explored, and a range of techniques, covering model based approaches, `programmed' AI and machine learning paradigms. It is found that, in general, correlation is best achieved via rule based approaches, but that these suffer from a number of drawbacks, such as the difculty of developing and maintaining an appropriate knowledge base, and the lack of ability to generalise from known misuses to new unseen misuses. Two distinct approaches are evident. One attempts to encode knowledge of known misuses, typically within rules, and use this to screen events. This approach cannot generally detect misuses for which it has not been programmed, i.e. it is prone to issuing false negatives. The other attempts to `learn' the features of event patterns that constitute normal behaviour, and, by observing patterns that do not match expected behaviour, detect when a misuse has occurred. This approach is prone to issuing false positives, i.e. inferring misuse from innocent patterns of behaviour that the system was not trained to recognise. Contemporary approaches are seen to favour hybridisation, often combining detection or localisation mechanisms for both abnormal and normal behaviour, the former to capture known cases of misuse, the latter to capture unknown cases. In some systems, these mechanisms even work together to update each other to increase detection rates and lower false positive rates. It is concluded that hybridisation offers the most promising future direction, but that a rule or state based component is likely to remain, being the most natural approach to the correlation of complex events. The challenge, then, is to mitigate the weaknesses of canonical programmed systems such that learning, generalisation and adaptation are more readily facilitated