Creating an Agent Based Framework to Maximize Information Utility

With increased reliance on communications to conduct military operations, information centric network management becomes vital. A Defense department study of information management for net-centric operations lists the need for tools for information triage (based on relevance, priority, and quality) to counter information overload, semi-automated mechanisms for assessment of quality and relevance of information, and advances to enhance cognition and information understanding in the context of missions [30]. Maximizing information utility to match mission objectives is a complex problem that requires a comprehensive solution in information classification, in scheduling, in resource allocation, and in QoS support. Of these research areas, the resource allocation mechanism provides a framework to build the entire solution. Through an agent based mindset, the lessons of robot control architecture are applied to the network domain. The task of managing information flows is achieved with a hybrid reactive architecture. By demonstration, the reactive agent responds to the observed state of the network through the Unified Behavior Framework (UBF). As information flows relay through the network, agents in the network nodes limit resource contention to improve average utility and create a network with smarter bandwidth utilization. While this is an important result for information maximization, the agent based framework may have broader applications for managing communication networks

Workflow Behavior Auditing for Mission Centric Collaboration

Successful mission-centric collaboration depends on situational awareness in an increasingly complex mission environment. To support timely and reliable high level mission decisions, auditing tools need real-time data for effective assessment and optimization of mission behaviors. In the context of a battle rhythm, mission health can be measured from workflow generated activities. Though battle rhythm collaboration is dynamic and global, a potential enabling technology for workflow behavior auditing exists in process mining. However, process mining is not adequate to provide mission situational awareness in the battle rhythm environment since event logs may contain dynamic mission states, noise and timestamp inaccuracy. Therefore, we address a few key near-term issues. In sequences of activities parsed from network traffic streams, we identify mission state changes in the workflow shift detection algorithm. In segments of unstructured event logs that contain both noise and relevant workflow data, we extract and rank workflow instances for the process analyst. When confronted with timestamp inaccuracy in event logs from semi automated, distributed workflows, we develop the flower chain network and discovery algorithm to improve behavioral conformance. For long term adoption of process mining in mission centric collaboration, we develop and demonstrate an experimental framework for logging uncertainty testing. We show that it is highly feasible to employ process mining techniques in environments with dynamic mission states and logging uncertainty. Future workflow behavior auditing technology will benefit from continued algorithmic development, new data sources and system prototypes to propel next generation mission situational awareness, giving commanders new tools to assess and optimize workflows, computer systems and missions in the battle space environment

Improving Optimization of Convolutional Neural Networks through Parameter Fine-tuning

In recent years, convolutional neural networks have achieved state-of-the-art performance in a number of computer vision problems such as image classification. Prior research has shown that a transfer learning technique known as parameter fine-tuning wherein a network is pre-trained on a different dataset can boost the performance of these networks. However, the topic of identifying the best source dataset and learning strategy for a given target domain is largely unexplored. Thus, this research presents and evaluates various transfer learning methods for fine-grained image classification as well as the effect on ensemble networks. The results clearly demonstrate the effectiveness of parameter fine-tuning over random initialization. We find that training should not be reduced after transferring weights, larger, more similar networks tend to be the best source task, and parameter fine-tuning can often outperform randomly initialized ensembles. The experimental framework and findings will help to train models with improved accuracy

Categorization of cyber training environments for industrial control systems

Part 3: INDUSTRIAL CONTROL SYSTEM SECURITYInternational audienceFirst responders and professionals in hazardous occupations undergo intense training and evaluation to enable them to efficiently and effectively mitigate risk and damage. For example, helicopter pilots train with multiple simulations that increase in complexity before they fly real aircraft. However, in the industrial control systems domain, where incident response professionals help detect, respond and recover from cyber incidents, there is no official categorization of training environments, let alone training regimens. To address this gap, this chapter provides a categorization of industrial control training environments based on realism. Four levels of environments are proposed and mapped to Bloom’s Taxonomy. The categorization enables organizations to determine the cyber training environments that best align with their training needs and budgets

Multi-controller exercise environments for training industrial control system first responders

Part 3: INDUSTRIAL CONTROL SYSTEM SECURITYInternational audienceWhen systems are targeted by cyber attacks, cyber first responders must be able to react effectively, especially when dealing with critical infrastructure assets. Training for cyber first responders is lacking and most exercise platforms are expensive, inaccessible and/or ineffective. This chapter describes a mobile training platform that incorporates a variety of programmable logic controllers in a single system that helps impart the unique skills required of industrial control system cyber first responders. The platform is modeled after a jail in the United States and was developed to maximize realism. Training scenarios are presented that cover specific cyber first responder skills and techniques. The results demonstrate that the platform is robust and highly effective for conducting sustained training exercises in curricula developed for cyber first responders

System-Agnostic Security Domains for Understanding and Prioritizing Systems Security Engineering Efforts

As modern systems continue to increase in size and complexity, current systems security practices lack an effective approach to prioritize and tailor systems security efforts to successfully develop and field systems in challenging operational environments. This paper uniquely proposes seven system-agnostic security domains, which assist in understanding and prioritizing systems security engineering (SSE) efforts. To familiarize the reader with the state-of-the-art in SSE practices, we first provide a comprehensive discussion of foundational SSE concepts, methodologies, and frameworks. Next, the seven system-agnostic security domains are presented for consideration by researchers and practitioners. The domains are intended to be representative of a holistic SSE approach, which is universally applicable to multiple systems classes and not just a single-system implementation. Finally, three examples are explored to illustrate the utility of the system-agnostic domains for understanding and prioritizing SSE efforts in information technology systems, Department of Defense weapon systems, and cyber-physical systems

A Customizable Framework for Prioritizing Systems Security Engineering Processes, Activities, and Tasks

As modern systems become increasingly complex, current security practices lack effective methodologies to adequately address the system security. This paper proposes a repeatable and tailorable framework to assist in the application of systems security engineering (SSE) processes, activities, and tasks as defined in the recently released National Institute of Standards and Technology (NIST) Special Publication 800-160. First, a brief survey of systems-oriented security methodologies is provided. Next, an examination of the relationships between the NIST-defined SSE processes is conducted to provide context for the engineering problem space. These findings inform a mapping of the NIST SSE processes to seven system-agnostic security domains which enable prioritization for three types of systems (conventional IT, cyber-physical, and defense). These concrete examples provide further understanding for applying and prioritizing the SSE effort. The goal of this paper is assist practitioners by informing the efficient application of the 30 processes, 111 activities, and 428 tasks defined in NIST SP 800-160. The customizable framework tool is available online for developers to employ, modify, and tailor to meet their needs

Defending building automation systems using decoy networks

Part 4: INTERNET OF THINGS SECURITYInternational audienceThe Internet of Things (IoT) and home and building automation systems are growing fields. Many automation networks use proprietary protocols and few publications have evaluated their security. INSTEON is a leading Internet of Things protocol for home and building automation and, like other proprietary protocols, little research is available relating to its vulnerabilities. This chapter presents techniques for analyzing INSTEON traffic and defending INSTEON networks using virtual decoys. By using a software-defined radio, the packet capture rate for INSTEON traffic is increased from approximately 40% to almost 75% compared with previous research efforts. Additionally, a virtual decoy network has been designed and tested for authenticity and targetability to better protect home and building automation systems