36 research outputs found
Using Event Calculus to Formalise Policy Specification and Analysis
As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement
An Argumentation-Based Reasoner to Assist Digital Investigation and Attribution of Cyber-Attacks
We expect an increase in the frequency and severity of cyber-attacks that
comes along with the need for efficient security countermeasures. The process
of attributing a cyber-attack helps to construct efficient and targeted
mitigating and preventive security measures. In this work, we propose an
argumentation-based reasoner (ABR) as a proof-of-concept tool that can help a
forensics analyst during the analysis of forensic evidence and the attribution
process. Given the evidence collected from a cyber-attack, our reasoner can
assist the analyst during the investigation process, by helping him/her to
analyze the evidence and identify who performed the attack. Furthermore, it
suggests to the analyst where to focus further analyses by giving hints of the
missing evidence or new investigation paths to follow. ABR is the first
automatic reasoner that can combine both technical and social evidence in the
analysis of a cyber-attack, and that can also cope with incomplete and
conflicting information. To illustrate how ABR can assist in the analysis and
attribution of cyber-attacks we have used examples of cyber-attacks and their
analyses as reported in publicly available reports and online literature. We do
not mean to either agree or disagree with the analyses presented therein or
reach attribution conclusions
Jacobian Ensembles Improve Robustness Trade-offs to Adversarial Attacks
Deep neural networks have become an integral part of our software
infrastructure and are being deployed in many widely-used and safety-critical
applications. However, their integration into many systems also brings with it
the vulnerability to test time attacks in the form of Universal Adversarial
Perturbations (UAPs). UAPs are a class of perturbations that when applied to
any input causes model misclassification. Although there is an ongoing effort
to defend models against these adversarial attacks, it is often difficult to
reconcile the trade-offs in model accuracy and robustness to adversarial
attacks. Jacobian regularization has been shown to improve the robustness of
models against UAPs, whilst model ensembles have been widely adopted to improve
both predictive performance and model robustness. In this work, we propose a
novel approach, Jacobian Ensembles-a combination of Jacobian regularization and
model ensembles to significantly increase the robustness against UAPs whilst
maintaining or improving model accuracy. Our results show that Jacobian
Ensembles achieves previously unseen levels of accuracy and robustness, greatly
improving over previous methods that tend to skew towards only either accuracy
or robustness