Method for Attack Tree Data Transformation and Import Into IT Risk Analysis Expert Systems

Information technology (IT) security risk analysis preventatively helps organizations in identifying their vulnerable systems or internal controls. Some researchers propose expert systems (ES) as the solution for risk analysis automation since risk analysis by human experts is expensive and timely. By design, ES need a knowledge base, which must be up to date and of high quality. Manual creation of databases is also expensive and cannot ensure stable information renewal. These facts make the knowledge base automation process very important. This paper proposes a novel method of converting attack trees to a format usable by expert systems for utilizing the existing attack tree repositories in facilitating information and IT security risk analysis. The method performs attack tree translation into the Java Expert System Shell (JESS) format, by consistently applying ATTop, a software bridging tool that enables automated analysis of attack trees using a model-driven engineering approach, translating attack trees into the eXtensible Markup Language (XML) format, and using the newly developed ATES (attack trees to expert system) program, performing further XML conversion into JESS compatible format. The detailed method description, along with samples of attack tree conversion and results of conversion experiments on a significant number of attack trees, are presented and discussed. The results demonstrate the high method reliability rate and viability of attack trees as a source for the knowledge bases of expert systems used in the IT security risk analysis process.This article belongs to the Special Issue Human-Centered Computing and Information Security: Recent Advances & Intelligent Application

ClaimChain: secure Blockchain platform for handling insurance claims processing

Insurance claims processing involves multi-domain entities and multi-source data, along with a number of human-agent interactions. Consequently, this processing is traditionally manually-intensive and time-consuming. Blockchain technologybased platforms for intelligent automation can significantly improve the scale and response time of claims processing. However, there is a need to secure such platforms against fraud (e.g., duplicate claims) and the loss of data integrity caused due to cyber-attacks (e.g., Sybil attack). This thesis proposes a novel "Claim- Chain", a consortium Blockchain platform that transforms the state-of-the-art NICB/ISO database architecture approach through increased shared intelligence and participation of insurance companies. ClaimChain features include: (a) automation of insurance claim processing via implementation of a Blockchain infrastructure, (b) infrastructure-level threat modeling via attack tree formalism for data integrity attacks, and (c) application-level fraud modeling for identified prominent red flags through machine learning models and risk scoring on the basis of risk severity. The scalability of ClaimChain is evaluated by simulating realistically large number of Blockchain transactions of claim processing. It is shown that data integrity attacks at the infrastructure-level can be mitigated (reduction of 24 percent probability in loss) through implementation of security design principles. Also, fraud-detection is performed over an open dataset in ClaimChain to show how machine learning models can detect fraudulent activity with 98 percent accuracy.Includes bibliographical references

A Statistical Approach to the Alignment of fMRI Data

Multi-subject functional Magnetic Resonance Image studies are critical. The anatomical and functional structure varies across subjects, so the image alignment is necessary. We define a probabilistic model to describe functional alignment. Imposing a prior distribution, as the matrix Fisher Von Mises distribution, of the orthogonal transformation parameter, the anatomical information is embedded in the estimation of the parameters, i.e., penalizing the combination of spatially distant voxels. Real applications show an improvement in the classification and interpretability of the results compared to various functional alignment methods

A comparison of the CAR and DAGAR spatial random effects models with an application to diabetics rate estimation in Belgium

When hierarchically modelling an epidemiological phenomenon on a finite collection of sites in space, one must always take a latent spatial effect into account in order to capture the correlation structure that links the phenomenon to the territory. In this work, we compare two autoregressive spatial models that can be used for this purpose: the classical CAR model and the more recent DAGAR model. Differently from the former, the latter has a desirable property: its ρ parameter can be naturally interpreted as the average neighbor pair correlation and, in addition, this parameter can be directly estimated when the effect is modelled using a DAGAR rather than a CAR structure. As an application, we model the diabetics rate in Belgium in 2014 and show the adequacy of these models in predicting the response variable when no covariates are available

NASA Systems Engineering Handbook

This handbook is intended to provide general guidance and information on systems engineering that will be useful to the NASA community. It provides a generic description of Systems Engineering (SE) as it should be applied throughout NASA. A goal of the handbook is to increase awareness and consistency across the Agency and advance the practice of SE. This handbook provides perspectives relevant to NASA and data particular to NASA. The coverage in this handbook is limited to general concepts and generic descriptions of processes, tools, and techniques. It provides information on systems engineering best practices and pitfalls to avoid. There are many Center-specific handbooks and directives as well as textbooks that can be consulted for in-depth tutorials. This handbook describes systems engineering as it should be applied to the development and implementation of large and small NASA programs and projects. NASA has defined different life cycles that specifically address the major project categories, or product lines, which are: Flight Systems and Ground Support (FS&GS), Research and Technology (R&T), Construction of Facilities (CoF), and Environmental Compliance and Restoration (ECR). The technical content of the handbook provides systems engineering best practices that should be incorporated into all NASA product lines. (Check the NASA On-Line Directives Information System (NODIS) electronic document library for applicable NASA directives on topics such as product lines.) For simplicity this handbook uses the FS&GS product line as an example. The specifics of FS&GS can be seen in the description of the life cycle and the details of the milestone reviews. Each product line will vary in these two areas; therefore, the reader should refer to the applicable NASA procedural requirements for the specific requirements for their life cycle and reviews. The engineering of NASA systems requires a systematic and disciplined set of processes that are applied recursively and iteratively for the design, development, operation, maintenance, and closeout of systems throughout the life cycle of the programs and projects