| Intelligent Distributed Computing Department |
| Distributed Systems Technology Group Papers |
|
|
|
|
Anomaly and Specification Based Cognitive Approach for Mission-Level Detection and Response: Extended Abstract
Citation: Paul Rubel, Partha Pal, Michael Atighetchi, D. Paul Benjamin, and Franklin Webber. Anomaly and Specification Based Cognitive Approach for Mission-Level Detection and Response (Extended Abstract). 11th International Symposium On Recent Advances In Intrusion Detection (RAID 2008) Boston, MA, USA. September 15-17, 2008.
Formats: pdf
Abstract In 2005 a survivable system we built was subjected to red-team evaluation. Analyzing, interpreting, and responding to the defense mechanism reports took a room of developers. In May 2008 we took part in another red-team exercise. During this exercise an autonomous reasoning engine took the place of the room of developers. Our reasoning engine uses anomaly and specification-based approaches to autonomously decide if system and mission availability is in jeopardy, and take necessary corrective actions. This extended abstract presents a brief summary of the reasoning capability we developed: how it categorizes the data into an internal representation and how it uses deductive and coherence based reasoning to decide whether a response is warranted.
