AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments

This report considers the application of Articial Intelligence (AI) techniques to the problem of misuse detection and misuse localisation within telecommunications environments. A broad survey of techniques is provided, that covers inter alia rule based systems, model-based systems, case based reasoning, pattern matching, clustering and feature extraction, articial neural networks, genetic algorithms, arti cial immune systems, agent based systems, data mining and a variety of hybrid approaches. The report then considers the central issue of event correlation, that is at the heart of many misuse detection and localisation systems. The notion of being able to infer misuse by the correlation of individual temporally distributed events within a multiple data stream environment is explored, and a range of techniques, covering model based approaches, `programmed' AI and machine learning paradigms. It is found that, in general, correlation is best achieved via rule based approaches, but that these suffer from a number of drawbacks, such as the difculty of developing and maintaining an appropriate knowledge base, and the lack of ability to generalise from known misuses to new unseen misuses. Two distinct approaches are evident. One attempts to encode knowledge of known misuses, typically within rules, and use this to screen events. This approach cannot generally detect misuses for which it has not been programmed, i.e. it is prone to issuing false negatives. The other attempts to `learn' the features of event patterns that constitute normal behaviour, and, by observing patterns that do not match expected behaviour, detect when a misuse has occurred. This approach is prone to issuing false positives, i.e. inferring misuse from innocent patterns of behaviour that the system was not trained to recognise. Contemporary approaches are seen to favour hybridisation, often combining detection or localisation mechanisms for both abnormal and normal behaviour, the former to capture known cases of misuse, the latter to capture unknown cases. In some systems, these mechanisms even work together to update each other to increase detection rates and lower false positive rates. It is concluded that hybridisation offers the most promising future direction, but that a rule or state based component is likely to remain, being the most natural approach to the correlation of complex events. The challenge, then, is to mitigate the weaknesses of canonical programmed systems such that learning, generalisation and adaptation are more readily facilitated

Evaluation of a fuzzy-expert system for fault diagnosis in power systems

A major problem with alarm processing and fault diagnosis in power systems is the reliance on the circuit alarm status. If there is too much information available and the time of arrival of the information is random due to weather conditions etc., the alarm activity is not easily interpreted by system operators. In respect of these problems, this thesis sets out the work that has been carried out to design and evaluate a diagnostic tool which assists power system operators during a heavy period of alarm activity in condition monitoring. The aim of employing this diagnostic tool is to monitor and raise uncertain alarm information for the system operators, which serves a proposed solution for restoring such faults. The diagnostic system uses elements of AI namely expert systems, and fuzzy logic that incorporate abductive reasoning. The objective of employing abductive reasoning is to optimise an interpretation of Supervisory Control and Data Acquisition (SCADA) based uncertain messages when the SCADA based messages are not satisfied with simple logic alone. The method consists of object-oriented programming, which demonstrates reusability, polymorphism, and readability. The principle behind employing objectoriented techniques is to provide better insights and solutions compared to conventional artificial intelligence (Al) programming languages. The characteristics of this work involve the development and evaluation of a fuzzy-expert system which tries to optimise the uncertainty in the 16-lines 12-bus sample power system. The performance of employing this diagnostic tool is assessed based on consistent data acquisition, readability, adaptability, and maintainability on a PC. This diagnostic tool enables operators to control and present more appropriate interpretations effectively rather than a mathematical based precise fault identification when the mathematical modelling fails and the period of alarm activity is high. This research contributes to the field of power system control, in particular Scottish Hydro-Electric PLC has shown interest and supplied all the necessary information and data. The AI based power system is presented as a sample application of Scottish Hydro-Electric and KEPCO (Korea Electric Power Corporation)

Abductive Design of BDI Agent-based Digital Twins of Organizations

For a Digital Twin - a precise, virtual representation of a physical counterpart - of a human-like system to be faithful and complete, it must appeal to a notion of anthropomorphism (i.e., attributing human behaviour to non-human entities) to imitate (1) the externally visible behaviour and (2) the internal workings of that system. Although the Belief-Desire-Intention (BDI) paradigm was not developed for this purpose, it has been used successfully in human modeling applications. In this sense, we introduce in this thesis the notion of abductive design of BDI agent-based Digital Twins of organizations, which builds on two powerful reasoning disciplines: reverse engineering (to recreate the visible behaviour of the target system) and goal-driven eXplainable Artificial Intelligence (XAI) (for viewing the behaviour of the target system through the lens of BDI agents). Precisely speaking, the overall problem we are trying to address in this thesis is to “Find a BDI agent program that best explains (in the sense of formal abduction) the behaviour of a target system based on its past experiences . To do so, we propose three goal-driven XAI techniques: (1) abductive design of BDI agents, (2) leveraging imperfect explanations and (3) mining belief-based explanations. The resulting approach suggests that using goal-driven XAI to generate Digital Twins of organizations in the form of BDI agents can be effective, even in a setting with limited information about the target system’s behaviour

DRUM-II : efficient model based diagnosis of technical systems

[no abstract

Knowledge-based processing for aircraft flight control

This Contractor Report documents research in Intelligent Control using knowledge-based processing in a manner dual to methods found in the classic stochastic decision, estimation, and control discipline. Such knowledge-based control has also been called Declarative, and Hybid. Software architectures were sought, employing the parallelism inherent in modern object-oriented modeling and programming. The viewpoint adopted was that Intelligent Control employs a class of domain-specific software architectures having features common over a broad variety of implementations, such as management of aircraft flight, power distribution, etc. As much attention was paid to software engineering issues as to artificial intelligence and control issues. This research considered that particular processing methods from the stochastic and knowledge-based worlds are duals, that is, similar in a broad context. They provide architectural design concepts which serve as bridges between the disparate disciplines of decision, estimation, control, and artificial intelligence. This research was applied to the control of a subsonic transport aircraft in the airport terminal area

A case study of the challenges of cyber forensics analysis of digital evidence in a child pornography trial

Perfunctory case analysis, lack of evidence validation, and an inability or unwillingness to present understandable analysis reports adversely affect the outcome course of legal trials reliant on digital evidence. These issues have serious consequences for defendants facing heavy penalties or imprisonment yet expect their defence counsel to have clear understanding of the evidence. Poorly reasoned, validated and presented digital evidence can result in conviction of the innocent as well as acquittal of the guilty. A possession of child pornography Case Study highlights the issues that appear to plague case analysis and presentation of digital evidence relied on in these odious crimes; crimes increasingly consuming the time, resources and expertise of law enforcement and the legal fraternity. The necessity to raise the standard and formalise examinations of digital evidence used in child pornography seems timely. The case study shows how structured analysis and presentation processes can enhance examinations. The case study emphasises the urgency to integrate vigorous validation processes into cyber forensics examinations to meet acceptable standard of cyber forensics examinations. The processes proposed in this Case Study enhance clarity in case management and ensure digital evidence is correctly analysed, contextualised and validated. This will benefit the examiner preparing the case evidence and help legal teams better understand the technical complexities involved

Concern level assessment: building domain knowledge into a visual system to support network-security situation awareness

Information officers and network administrators require tools to help them achieve situation awareness about potential network threats. We describe a response to mini-challenge 1 of the 2012 IEEE VAST challenge in which we developed a visual analytic solution to a network security situation awareness problem. To support conceptual design, we conducted a series of knowledge elicitation sessions with domain experts. These provided an understanding of the information they needed to make situation awareness judgements as well as a characterisation of those judgements in the form of production rules which define a parameter we called the ‘Concern Level Assessment’ (CLA). The CLA was used to provide heuristic guidance within a visual analytic system called MSIEVE. An analysis of VAST challenge assessment sessions using M-SIEVE provides some evidence that intelligent heuristics like this can provide useful guidance without unduly dominating interaction and understanding

Using SCADA data for wind turbine condition monitoring - a review

The ever increasing size of wind turbines and the move to build them offshore have accelerated the need for optimised maintenance strategies in order to reduce operating costs. Predictive maintenance requires detailed information on the condition of turbines. Due to the high costs of dedicated condition monitoring systems based on mainly vibration measurements, the use of data from the turbine Supervisory Control And Data Acquisition (SCADA) system is appealing. This review discusses recent research using SCADA data for failure detection and condition monitoring, focussing on approaches which have already proved their ability to detect anomalies in data from real turbines. Approaches are categorised as (i) trending, (ii) clustering, (iii) normal behaviour modelling, (iv) damage modelling and (v) assessment of alarms and expert systems. Potential for future research on the use of SCADA data for advanced turbine condition monitoring is discussed