31,479 research outputs found
Security information management with frame-based attack presentation and first-order reasoning
Internet has grown by several orders of magnitude in recent years, and this growth has escalated the importance of computer security. Intrusion Detection System (IDS) is used to protect computer networks. However, the overwhelming flow of log data generated by IDS hamper security administrators from uncovering new insights and hidden attack scenarios. Security Information Management (SIM) is a new growing area of interest for intrusion detection. The research work in this dissertation explores the semantics of attack behaviors and designs Frame-based Attack Representation and First-order logic Automatic Reasoning (FAR-FAR) using linguistics and First-order Logic (FOL) based approaches. Techniques based on linguistics can provide efficient solutions to acquire semantic information from alert contexts, while FOL can tackle a wide variety of problems in attack scenario reasoning and querying. In FAR-FAR, the modified case grammar PCTCG is used to convert raw alerts into frame-structured alert streams and the alert semantic network 2-AASN is used to generate the attack scenarios, which can then inform the security administrator. Based on the alert contexts and attack ontology, Space Vector Model (SVM) is applied to categorize the intrusion stages. Furthermore, a robust Variant Packet Sending-interval Link Padding algorithm (VPSLP) is proposed to prevent links between the IDS sensors and the FAR-FAR agents from traffic analysis attacks. Recent measurements and studies demonstrated that real network traffic exhibits statistical self-similarity over several time scales. The bursty traffic anomaly detection method, Multi-Time scaling Detection (MTD), is proposed to statistically analyze network traffic\u27s Histogram Feature Vector to detect traffic anomalies
Extending Modular Semantics for Bipolar Weighted Argumentation (Technical Report)
Weighted bipolar argumentation frameworks offer a tool for decision support
and social media analysis. Arguments are evaluated by an iterative procedure
that takes initial weights and attack and support relations into account. Until
recently, convergence of these iterative procedures was not very well
understood in cyclic graphs. Mossakowski and Neuhaus recently introduced a
unification of different approaches and proved first convergence and divergence
results. We build up on this work, simplify and generalize convergence results
and complement them with runtime guarantees. As it turns out, there is a
tradeoff between semantics' convergence guarantees and their ability to move
strength values away from the initial weights. We demonstrate that divergence
problems can be avoided without this tradeoff by continuizing semantics.
Semantically, we extend the framework with a Duality property that assures a
symmetric impact of attack and support relations. We also present a Java
implementation of modular semantics and explain the practical usefulness of the
theoretical ideas
Fault detection and isolation of malicious nodes in MIMO Multi-hop Control Networks
A MIMO Multi-hop Control Network (MCN) consists of a MIMO LTI system where
the communication between sensors, actuators and computational units is
supported by a (wireless) multi-hop communication network, and data flow is
performed using scheduling and routing of sensing and actuation data. We
provide necessary and sufficient conditions on the plant dynamics and on the
communication protocol configuration such that the Fault Detection and
Isolation (FDI) problem of failures and malicious attacks to communication
nodes can be solved.Comment: 6 page
Decision-making and problem-solving methods in automation technology
The state of the art in the automation of decision making and problem solving is reviewed. The information upon which the report is based was derived from literature searches, visits to university and government laboratories performing basic research in the area, and a 1980 Langley Research Center sponsored conferences on the subject. It is the contention of the authors that the technology in this area is being generated by research primarily in the three disciplines of Artificial Intelligence, Control Theory, and Operations Research. Under the assumption that the state of the art in decision making and problem solving is reflected in the problems being solved, specific problems and methods of their solution are often discussed to elucidate particular aspects of the subject. Synopses of the following major topic areas comprise most of the report: (1) detection and recognition; (2) planning; and scheduling; (3) learning; (4) theorem proving; (5) distributed systems; (6) knowledge bases; (7) search; (8) heuristics; and (9) evolutionary programming
The Meaning of Memory Safety
We give a rigorous characterization of what it means for a programming
language to be memory safe, capturing the intuition that memory safety supports
local reasoning about state. We formalize this principle in two ways. First, we
show how a small memory-safe language validates a noninterference property: a
program can neither affect nor be affected by unreachable parts of the state.
Second, we extend separation logic, a proof system for heap-manipulating
programs, with a memory-safe variant of its frame rule. The new rule is
stronger because it applies even when parts of the program are buggy or
malicious, but also weaker because it demands a stricter form of separation
between parts of the program state. We also consider a number of pragmatically
motivated variations on memory safety and the reasoning principles they
support. As an application of our characterization, we evaluate the security of
a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio
ATOMIC: An Atlas of Machine Commonsense for If-Then Reasoning
We present ATOMIC, an atlas of everyday commonsense reasoning, organized
through 877k textual descriptions of inferential knowledge. Compared to
existing resources that center around taxonomic knowledge, ATOMIC focuses on
inferential knowledge organized as typed if-then relations with variables
(e.g., "if X pays Y a compliment, then Y will likely return the compliment").
We propose nine if-then relation types to distinguish causes vs. effects,
agents vs. themes, voluntary vs. involuntary events, and actions vs. mental
states. By generatively training on the rich inferential knowledge described in
ATOMIC, we show that neural models can acquire simple commonsense capabilities
and reason about previously unseen events. Experimental results demonstrate
that multitask models that incorporate the hierarchical structure of if-then
relation types lead to more accurate inference compared to models trained in
isolation, as measured by both automatic and human evaluation.Comment: AAAI 2019 C
- …