EMMA: The expert system for munition maintenance

Expert Missile Maintenance Aid (EMMA) is a first attempt to enhance maintenance of the tactical munition at the field and depot level by using artificial intelligence (AI) techniques. The ultimate goal of EMMA is to help a novice maintenance technician isolate and diagnose electronic, electromechanical, and mechanical equipment faults to the board/chassis level more quickly and consistently than the best human expert using the best currently available automatic test equipment (ATE). To this end, EMMA augments existing ATE with an expert system that captures the knowledge of design and maintenance experts. The EMMA program is described, including the evaluation of field-level expert system prototypes, the description of several study tasks performed during EMMA, and future plans for a follow-on program. This paper will briefly address several study tasks performed during EMMA. The paper concludes with a discussion of future plans for a follow-on program and other areas of concern

Structured P2P Technologies for Distributed Command and Control

The utility of Peer-to-Peer (P2P) systems extends far beyond traditional file sharing. This paper provides an overview of how P2P systems are capable of providing robust command and control for Distributed Multi-Agent Systems (DMASs). Specifically, this article presents the evolution of P2P architectures to date by discussing supporting technologies and applicability of each generation of P2P systems. It provides a detailed survey of fundamental design approaches found in modern large-scale P2P systems highlighting design considerations for building and deploying scalable P2P applications. The survey includes unstructured P2P systems, content retrieval systems, communications structured P2P systems, flat structured P2P systems and finally Hierarchical Peer-to-Peer (HP2P) overlays. It concludes with a presentation of design tradeoffs and opportunities for future research into P2P overlay systems

Large-scale Cooperative Task Distribution on Peer-to-Peer Networks

Large-scale systems are part of a growing trend in distributed computing, and coordinating control of them is an increasing challenge. This paper presents a cooperative agent system that scales to one million or more nodes in which agents form coalitions to complete global task objectives. This approach uses the large-scale Command and Control (C2) capabilities of the Resource Clustered Chord (RC-Chord) Hierarchical Peer-to-Peer (HP2P) design. Tasks are submitted that require access to processing, data, or hardware resources, and a distributed agent search is performed to recruit agents to satisfy the distributed task. This approach differs from others by incorporating design elements to accommodate large-scale systems into the resource location algorithm. Peersim simulations demonstrate that the distributed coalition formation algorithm is as effective as an omnipotent central algorithm in a one million agent system

RC-Chord: Resource Clustering in a Large-Scale Hierarchical Peer-to-Peer System

Conducting data fusion and Command and Control (C2) in large-scale systems requires more than the presently available Peer-to-Peer (P2P) technologies provide. Resource Clustered Chord (RC-Chord) is an extension to the Chord protocol that incorporates elements of a hierarchical peer-to-peer architecture to facilitate coalition formation algorithms in large-scale systems. Each cluster in this hierarchy represents a particular resource available for allocation, and RC-Chord provides the capabilities to locate agents of a particular resource. This approach improves upon other strategies by including support for abundant resources, or those resources that most or all agents in the system possess. This scenario exists in large-scale coalition formation problems, and applies directly to the United States Air Force\u27s CyberCraft project. Simulations demonstrate that RC-Chord scales to systems of one million or more agents, and can be adapted to serve as a deployment environment for CyberCraft

A Secure Group Communication Architecture for Autonomous Unmanned Aerial Vehicles

This paper investigates the application of a secure group communication architecture to a swarm of autonomous unmanned aerial vehicles (UAVs). A multicast secure group communication architecture for the low earth orbit (LEO) satellite environment is evaluated to determine if it can be effectively adapted to a swarm of UAVs and provide secure, scalable, and efficient communications. The performance of the proposed security architecture is evaluated with two other commonly used architectures using a discrete event computer simulation developed using MATLAB. Performance is evaluated in terms of the scalability and efficiency of the group key distribution and management scheme when the swarm size, swarm mobility, multicast group join and departure rates are varied. The metrics include the total keys distributed over the simulation period, the average number of times an individual UAV must rekey, the average bandwidth used to rekey the swarm, and the average percentage of battery consumed by a UAV to rekey over the simulation period. The proposed security architecture can successfully be applied to a swarm of autonomous UAVs using current technology. The proposed architecture is more efficient and scalable than the other tested and commonly used architectures. Over all the tested configurations, the proposed architecture distributes 55.2–94.8% fewer keys, rekeys 59.0–94.9% less often per UAV, uses 55.2–87.9% less bandwidth to rekey, and reduces the battery consumption by 16.9–85.4%

Developing Cyberspace Data Understanding Using CRISP-DM for Host-based IDS Feature Mining

Current intrusion detection systems (IDS) generate a large number of specific alerts, but typically do not provide actionable information. Compounding this problem is the fact that many alerts are false positive alerts. This paper applies the Cross Industry Standard Process for Data Mining (CRISP-DM) to develop an understanding of a host environment under attack. Data is generated by launching scans and exploits at a machine outfitted with a set of host-based forensic data collectors. Through knowledge discovery, features are selected to project human understanding of the attack process into the IDS model. By discovering relationships between the data collected and controlled events, false positive alerts were reduced by over 91% when compared to a leading open source IDS. This method of searching for hidden forensic evidence relationships enhances understanding of novel attacks and vulnerabilities, bolstering ones ability to defend the cyberspace domain. The methodology presented can be used to further host-based intrusion detection research

Simulating Windows-Based Cyber Attacks Using Live Virtual Machine Introspection

Static memory analysis has been proven a valuable technique for digital forensics. However, the memory capture technique halts the system causing the loss of important dynamic system data. As a result, live analysis techniques have emerged to complement static analysis. In this paper, a compiled memory analysis tool for virtualization (CMAT-V) is presented as a virtual machine introspection (VMI) utility to conduct live analysis during simulated cyber attacks. CMAT-V leverages static memory dump analysis techniques to provide live system state awareness. CMAT-V parses an arbitrary memory dump from a simulated guest operating system (OS) to extract user information, network usage, active process information and registry files. Unlike some VMI applications, CMAT-V bridges the semantic gap using derivation techniques. This provides increased operating system compatibility for current and future operating systems. This research demonstrates the usefulness of CMAT-V as a situational awareness tool during simulated cyber attacks and measures the overall performance of CMAT-V

An FPGA-Based System for Tracking Digital Information Transmitted Via Peer-to-Peer Protocols

This paper presents a Field Programmable Gate Array (FPGA)-based tool designed to process file transfers using the BitTorrent Peer-to-Peer (P2P) protocol and VoIP phone calls made using the Session Initiation Protocol (SIP). The tool searches selected control messages in real time and compares the unique identifier of the shared file or phone number against a list of known contraband files or phone numbers. Results show the FPGA tool processes P2P packets of interest 92% faster than a software-only configuration and is 97.6% accurate at capturing and processing messages at a traffic load of 89.6 Mbps

The Z-Wave Routing Protocol and Its Security Implications

Z-Wave is a proprietary technology used to integrate sensors and actuators over RF and perform smart home and office automation services. Lacking implementation details, consumers are under-informed on the security aptitude of their installed distributed sensing and actuating systems. While the Physical (PHY) and Medium Access Control (MAC) layers of the protocol have been made public, details regarding the network layer are not available for analysis. Using a real-world Z-Wave network, the frame forwarding and topology management aspects of the Z-Wave routing protocol are reverse engineered. A security analysis is also performed on the network under study to identify source and data integrity vulnerabilities of the routing protocol. It is discovered that the topology and routes may be modified by an outsider through the exploitation of the blind trust inherent to the routing nodes of the network. A Black Hole attack is conducted on a real-world Z-Wave network to demonstrate a well-known routing attack that exploits the exposed vulnerabilities. As a result of the discoveries, several recommendations are made to enhance the security of the routing protocol

Track A Basic Science

Peer Reviewedhttps://deepblue.lib.umich.edu/bitstream/2027.42/138319/1/jia218438.pd