Measuring inconsistency in a network intrusion detection rule set based on Snort

In this preliminary study, we investigate how inconsistency in a network intrusion detection rule set can be measured. To achieve this, we first examine the structure of these rules which are based on Snort and incorporate regular expression (Regex) pattern matching. We then identify primitive elements in these rules in order to translate the rules into their (equivalent) logical forms and to establish connections between them. Additional rules from background knowledge are also introduced to make the correlations among rules more explicit. We measure the degree of inconsistency in formulae of such a rule set (using the Scoring function, Shapley inconsistency values and Blame measure for prioritized knowledge) and compare the *This is a revised and significantly extended version of [1]

Towards Large-scale Inconsistency Measurement

We investigate the problem of inconsistency measurement on large knowledge bases by considering stream-based inconsistency measurement, i.e., we investigate inconsistency measures that cannot consider a knowledge base as a whole but process it within a stream. For that, we present, first, a novel inconsistency measure that is apt to be applied to the streaming case and, second, stream-based approximations for the new and some existing inconsistency measures. We conduct an extensive empirical analysis on the behavior of these inconsistency measures on large knowledge bases, in terms of runtime, accuracy, and scalability. We conclude that for two of these measures, the approximation of the new inconsistency measure and an approximation of the contension inconsistency measure, large-scale inconsistency measurement is feasible.Comment: International Workshop on Reactive Concepts in Knowledge Representation (ReactKnow 2014), co-located with the 21st European Conference on Artificial Intelligence (ECAI 2014). Proceedings of the International Workshop on Reactive Concepts in Knowledge Representation (ReactKnow 2014), pages 63-70, technical report, ISSN 1430-3701, Leipzig University, 2014. http://nbn-resolving.de/urn:nbn:de:bsz:15-qucosa-15056

Applying Abstract Argumentation Theory to Cooperative Game Theory

We apply ideas from abstract argumentation theory to study cooperative game theory. Building on Dung's results in his seminal paper, we further the correspondence between Dung's four argumentation semantics and solution concepts in cooperative game theory by showing that complete extensions (the grounded extension) correspond to Roth's subsolutions (respectively, the supercore). We then investigate the relationship between well-founded argumentation frameworks and convex games, where in each case the semantics (respectively, solution concepts) coincide; we prove that three-player convex games do not in general have well-founded argumentation frameworks.Comment: 15 pages, 1 tabl

Détection des contradictions dans les annotations sémantiques

L'annotation sémantique a pour objectif d'apporter au texte une représentation explicite de son interprétation sémantique. Dans un précédent article, nous avons proposé d'étendre les ontologies par des règles d'annotation sémantique. Ces règles sont utilisées pour l'annotation sémantique d'un texte au regard d'une ontologie dans le cadre d'une plate-forme d'annotation linguistique automatique. Nous présentons dans cet article une mesure, basée sur la valeur de Shapley, permettant d'identifier les règles qui sont sources de contradiction dans l'annotation sémantique. Par rapport aux classiques mesures de précision et de rappel, l'intérêt de cette me- sure est de ne pas nécessiter de corpus manuellement annoté, d'être entièrement automatisable et de permettre l'identification des règles qui posent problème

A Possibilistic Analysis of Inconsistency

International audienceCentral in standard possibilistic logic (where propositional logic formulas are associated with lower bounds of their necessity measures), is the notion of inconsistency level of a possibilistic logic base. Formulas whose level is strictly above this inconsistency level constitute a sub-base free of any inconsistency. Some extensions, based on the notions of paraconsistent completion of a possibilistic logic base, and of safely supported formulas, have been proposed for handling formulas below the level of inconsistency. In this paper we further explore these ideas, and show the interest of considering the minimal inconsistent subsets in this setting. Lines for further research are also outlined

MEASURING INCONSISTENCY IN A NETWORK INTRUSION DETECTION RULE SET BASED ON SNORT

In this preliminary study, we investigate how inconsistency in a network intrusion detection rule set can be measured. To achieve this, we first examine the structure of these rules which are based on Snort and incorporate regular expression (Regex) pattern matching. We then identify primitive elements in these rules in order to translate the rules into their (equivalent) logical forms and to establish connections between them. Additional rules from background knowledge are also introduced to make the correlations among rules more explicit. We measure the degree of inconsistency in formulae of such a rule set (using the Scoring function, Shapley inconsistency values and Blame measure for prioritized knowledge) and compare the informativeness of these measures. Finally, we propose a new measure of inconsistency for prioritized knowledge which incorporates the normalized number of atoms in a language involved in inconsistency to provide a deeper inspection of inconsistent formulae. We conclude that such measures are useful for the network intrusion domain assuming that introducing expert knowledge for correlation of rules is feasible.<br/

The Shapley Value of Inconsistency Measures for Functional Dependencies

Quantifying the inconsistency of a database is motivated by various goals including reliability estimation for new datasets and progress indication in data cleaning. Another goal is to attribute to individual tuples a level of responsibility to the overall inconsistency, and thereby prioritize tuples in the explanation or inspection of dirt. Therefore, inconsistency quantification and attribution have been a subject of much research in Knowledge Representation and, more recently, in Databases. As in many other fields, a conventional responsibility sharing mechanism is the Shapley value from cooperative game theory. In this paper, we carry out a systematic investigation of the complexity of the Shapley value in common inconsistency measures for functional-dependency (FD) violations. For several measures we establish a full classification of the FD sets into tractable and intractable classes with respect to Shapley-value computation. We also study the complexity of approximation in intractable cases