27 research outputs found
The Need to Support of Data Flow Graph Visualization of Forensic Lucid Programs, Forensic Evidence, and their Evaluation by GIPSY
Lucid programs are data-flow programs and can be visually represented as data
flow graphs (DFGs) and composed visually. Forensic Lucid, a Lucid dialect, is a
language to specify and reason about cyberforensic cases. It includes the
encoding of the evidence (representing the context of evaluation) and the crime
scene modeling in order to validate claims against the model and perform event
reconstruction, potentially within large swaths of digital evidence. To aid
investigators to model the scene and evaluate it, instead of typing a Forensic
Lucid program, we propose to expand the design and implementation of the Lucid
DFG programming onto Forensic Lucid case modeling and specification to enhance
the usability of the language and the system and its behavior. We briefly
discuss the related work on visual programming an DFG modeling in an attempt to
define and select one approach or a composition of approaches for Forensic
Lucid based on various criteria such as previous implementation, wide use,
formal backing in terms of semantics and translation. In the end, we solicit
the readers' constructive, opinions, feedback, comments, and recommendations
within the context of this short discussion.Comment: 11 pages, 7 figures, index; extended abstract presented at VizSec'10
at http://www.vizsec2010.org/posters ; short paper accepted at PST'1
Reasoning About a Simulated Printer Case Investigation with Forensic Lucid
In this work we model the ACME (a fictitious company name) "printer case
incident" and make its specification in Forensic Lucid, a Lucid- and
intensional-logic-based programming language for cyberforensic analysis and
event reconstruction specification. The printer case involves a dispute between
two parties that was previously solved using the finite-state automata (FSA)
approach, and is now re-done in a more usable way in Forensic Lucid. Our
simulation is based on the said case modeling by encoding concepts like
evidence and the related witness accounts as an evidential statement context in
a Forensic Lucid program, which is an input to the transition function that
models the possible deductions in the case. We then invoke the transition
function (actually its reverse) with the evidential statement context to see if
the evidence we encoded agrees with one's claims and then attempt to
reconstruct the sequence of events that may explain the claim or disprove it.Comment: 18 pages, 3 figures, 7 listings, TOC, index; this article closely
relates to arXiv:0906.0049 and arXiv:0904.3789 but to remain stand-alone
repeats some of the background and introductory content; abstract presented
at HSC'09 and the full updated paper at ICDF2C'11. This is an updated/edited
version after ICDF2C proceedings with more references and correction
Toward Formal Reasoning in Cyberforensic Case Investigation with Forensic Lucid
This work focuses on the application of the intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state automata approach. This work extends the use of the scientific intensional programming paradigm onto modeling and implementation of a cyberforensics investigation process with the backtrace of event reconstruction, modeling the evidence as multidimensional hierarchical contexts, and proving or disproving the claims with it in the intensional manner of evaluation. This is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in the related works. As a base implementation language model we use in this approach is a new dialect of the Lucid programming language, that we call Forensic Lucid and we define hierarchical contexts based on the intensional logic for the evaluation of cyberforensic expressions. We also augment the work with the credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled. The Forensic Lucid programming language proposed for this intensional cyberforensic analysis, includes the syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, and JOOIP bound by the intensional (temporal) logic that is behind them. The distributed Java-based eduction (demand-driven) evaluation engine of the General Intensional Programming System (GIPSY) is the run-time system to cope with the scalability issues of the large evidential knowledge base. We then propose a near future work with the dataflow graph visualization and a toolset for compilation and execution of the Forensic Lucid programs. We show some examples by re-writing them in Forensic Lucid. We then postulate other investigations applications beyond the digital forensics domain
Intensional Cyberforensics
This work focuses on the application of intensional logic to cyberforensic
analysis and its benefits and difficulties are compared with the
finite-state-automata approach. This work extends the use of the intensional
programming paradigm to the modeling and implementation of a cyberforensics
investigation process with backtracing of event reconstruction, in which
evidence is modeled by multidimensional hierarchical contexts, and proofs or
disproofs of claims are undertaken in an eductive manner of evaluation. This
approach is a practical, context-aware improvement over the finite state
automata (FSA) approach we have seen in previous work. As a base implementation
language model, we use in this approach a new dialect of the Lucid programming
language, called Forensic Lucid, and we focus on defining hierarchical contexts
based on intensional logic for the distributed evaluation of cyberforensic
expressions. We also augment the work with credibility factors surrounding
digital evidence and witness accounts, which have not been previously modeled.
The Forensic Lucid programming language, used for this intensional
cyberforensic analysis, formally presented through its syntax and operational
semantics. In large part, the language is based on its predecessor and
codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective
Lucid, and JOOIP bound by the underlying intensional programming paradigm.Comment: 412 pages, 94 figures, 18 tables, 19 algorithms and listings; PhD
thesis; v2 corrects some typos and refs; also available on Spectrum at
http://spectrum.library.concordia.ca/977460
Towards a Self-Forensics Property in the ASSL Toolset
This preliminary conceptual work discusses a notion of self-forensics as an autonomic property to augment the Autonomic System Specification Language (ASSL) framework of formal specification tools for autonomic systems. The core of the proposed methodology leverages existing designs, theoretical results, and implementing systems to enable rapid completion of and validation of the experiments and their the results initiated in this work. Specifically, we leverage the ASSL toolkit to add the self-forensics autonomic property (SFAP) to enable generation of the Java-based Object-Oriented Intensional Programming (JOOIP) language code laced with traces of Forensic Lucid to encode contextual forensic evidence and other expressions
Intensional Cyberforensics
This work focuses on the application of intensional logic to cyberforensic analysis and its benefits and difficulties are compared with the finite-state-automata approach. This work extends the use of the intensional programming paradigm to the modeling and implementation of a cyberforensics investigation process with backtracing of event reconstruction, in which evidence is modeled by multidimensional hierarchical contexts, and proofs or disproofs of claims are undertaken in an eductive manner of evaluation. This approach is a practical, context-aware improvement over the finite state automata (FSA) approach we have seen in previous work. As a base implementation language model, we use in this approach a new dialect of the Lucid programming language, called Forensic Lucid, and we focus on defining hierarchical contexts based on intensional logic for the distributed evaluation of cyberforensic expressions. We also augment the work with credibility factors surrounding digital evidence and witness accounts, which have not been previously modeled.
The Forensic Lucid programming language, used for this intensional cyberforensic analysis, formally presented through its syntax and operational semantics. In large part, the language is based on its predecessor and codecessor Lucid dialects, such as GIPL, Indexical Lucid, Lucx, Objective Lucid, MARFL, and JOOIP bound by the underlying intensional programming paradigm
MARFL: An Intensional Language for Demand-Driven Management of Machine Learning Backends
Artificial Intelligence (AI) is a rapidly evolving field that has transformed numerous industries and one of its key applications, Pattern Recognition, has been instrumental to the success of Large Language Models like ChatGPT, Bard, etc. However, scripting these advanced systems can be complex and challenging for some users. In this research, we propose a simpler scripting language to perform complex pattern recognition tasks.
We introduce a new intensional programming language, MARFL, which is an extension of the Lucid family supported by General Intensional Programming System (GIPSY). Our solution focuses on providing syntax and semantics for MARFL, which enables scripting of Modular A* Recognition Framework (MARF)-based applications as context aware, where the notion of context represents fine-grained configuration details of a given MARF instance. We adapt the concept of context to provide an easily comprehensible language that can perform complex pattern recognition tasks on a demand-driven system such as GIPSY. Our solution is also generic enough to handle other machine learning backends such as PyTorch or TensorFlow in the future.
We also provide a complete implementation of our approach, including a new compiler component and MARFL-specific execution engines within GIPSY. Our work extends the use of intensional programming to modeling and executing scripted pattern recognition tasks, which can be used for implementing different algorithmic specifications. Additionally, we utilize the demand-driven distributed computing capabilities of GIPSY to enable an efficient and scalable execution