On Multistage Learning a Hidden Hypergraph

Learning a hidden hypergraph is a natural generalization of the classical group testing problem that consists in detecting unknown hypergraph $H_{un}=H(V,E)$ by carrying out edge-detecting tests. In the given paper we focus our attention only on a specific family $F(t,s,\ell)$ of localized hypergraphs for which the total number of vertices $|V| = t$, the number of edges $|E|\le s$, $s\ll t$, and the cardinality of any edge $|e|\le\ell$, $\ell\ll t$. Our goal is to identify all edges of $H_{un}\in F(t,s,\ell)$ by using the minimal number of tests. We develop an adaptive algorithm that matches the information theory bound, i.e., the total number of tests of the algorithm in the worst case is at most $s\ell\log_2 t(1+o(1))$. We also discuss a probabilistic generalization of the problem.Comment: 5 pages, IEEE conferenc

Error-Tolerant Non-Adaptive Learning of a Hidden Hypergraph

We consider the problem of learning the hypergraph using edge-detecting queries. In this model, the learner is allowed to query whether a set of vertices includes an edge from a hidden hypergraph. Except a few, all previous algorithms assume that a query\u27s result is always correct. In this paper we study the problem of learning a hypergraph where alpha -fraction of the queries are incorrect. The main contribution of this paper is generalizing the well-known structure CFF (Cover Free Family) to be Dense (we will call it DCFF - Dense Cover Free Family) while presenting three different constructions for DCFF. Later, we use these constructions wisely to give a polynomial time non-adaptive learning algorithm for a hypergraph problem with at most alpha-fracion incorrect queries. The hypergraph problem is also known as both monotone DNF learning problem, and complexes group testing problem

New Constructions for Competitive and Minimal-Adaptive Group Testing

Group testing (GT) was originally proposed during the World War II in an attempt to minimize the \emph{cost} and \emph{waiting time} in performing identical blood tests of the soldiers for a low-prevalence disease. Formally, the GT problem asks to find $d\ll n$ \emph{defective} elements out of $n$ elements by querying subsets (pools) for the presence of defectives. By the information-theoretic lower bound, essentially $d\log_2 n$ queries are needed in the worst-case. An \emph{adaptive} strategy proceeds sequentially by performing one query at a time, and it can achieve the lower bound. In various applications, nothing is known about $d$ beforehand and a strategy for this scenario is called \emph{competitive}. Such strategies are usually adaptive and achieve query optimality within a constant factor called the \emph{competitive ratio}. In many applications, queries are time-consuming. Therefore, \emph{minimal-adaptive} strategies which run in a small number $s$ of stages of parallel queries are favorable. This work is mainly devoted to the design of minimal-adaptive strategies combined with other demands of both theoretical and practical interest. First we target unknown $d$ and show that actually competitive GT is possible in as few as $2$ stages only. The main ingredient is our randomized estimate of a previously unknown $d$ using nonadaptive queries. In addition, we have developed a systematic approach to obtain optimal competitive ratios for our strategies. When $d$ is a known upper bound, we propose randomized GT strategies which asymptotically achieve query optimality in just $2$, $3$ or $4$ stages depending upon the growth of $d$ versus $n$. Inspired by application settings, such as at American Red Cross, where in most cases GT is applied to small instances, \textit{e.g.}, $n=16$. We extended our study of query-optimal GT strategies to solve a given problem instance with fixed values $n$, $d$ and $s$. We also considered the situation when elements to test cannot be divided physically (electronic devices), thus the pools must be disjoint. For GT with \emph{disjoint} simultaneous pools, we show that $\Theta (sd(n/d)^{1/s})$ tests are sufficient, and also necessary for certain ranges of the parameters

Learning Automata-based Misinformation Mitigation via Hawkes Processes

Mitigating misinformation on social media is an unresolved challenge, particularly because of the complexity of information dissemination. To this end, Multivariate Hawkes Processes (MHP) have become a fundamental tool because they model social network dynamics, which facilitates execution and evaluation of mitigation policies. In this paper, we propose a novel light-weight intervention-based misinformation mitigation framework using decentralized Learning Automata (LA) to control the MHP. Each automaton is associated with a single user and learns to what degree that user should be involved in the mitigation strategy by interacting with a corresponding MHP, and performing a joint random walk over the state space. We use three Twitter datasets to evaluate our approach, one of them being a new COVID-19 dataset provided in this paper. Our approach shows fast convergence and increased valid information exposure. These results persisted independently of network structure, including networks with central nodes, where the latter could be the root of misinformation. Further, the LA obtained these results in a decentralized manner, facilitating distributed deployment in real-life scenarios.acceptedVersio

Cyber Deception for Critical Infrastructure Resiliency

The high connectivity of modern cyber networks and devices has brought many improvements to the functionality and efficiency of networked systems. Unfortunately, these benefits have come with many new entry points for attackers, making systems much more vulnerable to intrusions. Thus, it is critically important to protect cyber infrastructure against cyber attacks. The static nature of cyber infrastructure leads to adversaries performing reconnaissance activities and identifying potential threats. Threats related to software vulnerabilities can be mitigated upon discovering a vulnerability and-, developing and releasing a patch to remove the vulnerability. Unfortunately, the period between discovering a vulnerability and applying a patch is long, often lasting five months or more. These delays pose significant risks to the organization while many cyber networks are operational. This concern necessitates the development of an active defense system capable of thwarting cyber reconnaissance missions and mitigating the progression of the attacker through the network. Thus, my research investigates how to develop an efficient defense system to address these challenges. First, we proposed the framework to show how the defender can use the network of decoys along with the real network to introduce mistrust. However, another research problem, the defender’s choice of whether to save resources or spend more (number of decoys) resources in a resource-constrained system, needs to be addressed. We developed a Dynamic Deception System (DDS) that can assess various attacker types based on the attacker’s knowledge, aggression, and stealthiness level to decide whether the defender should spend or save resources. In our DDS, we leveraged Software Defined Networking (SDN) to differentiate the malicious traffic from the benign traffic to deter the cyber reconnaissance mission and redirect malicious traffic to the deception server. Experiments conducted on the prototype implementation of our DDS confirmed that the defender could decide whether to spend or save resources based on the attacker types and thwarted cyber reconnaissance mission. Next, we addressed the challenge of efficiently placing network decoys by predicting the most likely attack path in Multi-Stage Attacks (MSAs). MSAs are cyber security threats where the attack campaign is performed through several attack stages and adversarial lateral movement is one of the critical stages. Adversaries can laterally move into the network without raising an alert. To prevent lateral movement, we proposed an approach that combines reactive (graph analysis) and proactive (cyber deception technology) defense. The proposed approach is realized through two phases. The first phase predicts the most likely attack path based on Intrusion Detection System (IDS) alerts and network trace. The second phase determines the optimal deployment of decoy nodes along the predicted path. We employ transition probabilities in a Hidden Markov Model to predict the path. In the second phase, we utilize the predicted attack path to deploy decoy nodes. The evaluation results show that our approach can predict the most likely attack paths and thwart adversarial lateral movement

Hidden Markov Model and Cyber Deception for the Prevention of Adversarial Lateral Movement

Advanced persistent threats (APTs) have emerged as multi-stage attacks that have targeted nation-states and their associated entities, including private and corporate sectors. Cyber deception has emerged as a defense approach to secure our cyber infrastructure from APTs. Practical deployment of cyber deception relies on defenders\u27 ability to place decoy nodes along the APT path optimally. This paper presents a cyber deception approach focused on predicting the most likely sequence of attack paths and deploying decoy nodes along the predicted path. Our proposed approach combines reactive (graph analysis) and proactive (cyber deception technology) defense to thwart the adversaries\u27 lateral movement. The proposed approach is realized through two phases. The first phase predicts the most likely attack path based on Intrusion Detection System (IDS) alerts and network trace, and the second phase is determining optimal deployment of decoy nodes along the predicted path. We employ transition probabilities in a Hidden Markov Model to predict the path. In the second phase, we utilize the predicted attack path to deploy decoy nodes. However, it is likely that the attacker will not follow that predicted path to move laterally. To address this challenge, we employ a Partially Observable Monte-Carlo Planning (POMCP) framework. POMCP helps the defender assess several defense actions to block the attacker when it deviates from the predicted path. The evaluation results show that our approach can predict the most likely attack paths and thwarts the adversarial lateral movement