Reasoning about militav situations requires a scientifcally sound and computationally robust . uncertainty calculus, a suppom'ng inference engine that procedurally encodes the axiom of the calculus, the capability to &e information at multiple levels of abstraction, and the ability to respond to dynamic situations. The inference engine also needs ta be able to encapsulate expert bowledge, including deep human doctrinal and domain bowledge. At Information Extractian & Transport, Inc. @En. we have developed techniques to encode domain and doctrinal expertise in reusable howledge chunks, based on the technology of Bayesian Network Fragments. and the capability to automatically constmct situation specific BayesianNeiworks based on a combination of top down control and botiom up evidence-driven processes. These techniques have been used to prototype fusion system capable of reasoning aboui uncertain numbers of uncertain hierarchically organized entities based on incompleie observations. These systems have demonstrated success in generating force level situation hypotheses from vehicle tracks and other evidence generated by level 1 firsion systems. This paper presenis an overview of our technical approach with applications from recent projects.
Response to cyber attack is a decision made in the face of risk and uncertainty. Uncertainty, both in our understanding of the current situation and our capacity to predict exactly the results of alternate responses, requires the ability to entertain multiple hypotheses about the actual state of system security, attacker intent, and response effects. Risk management for catastrophic or near-catastrophic breaches of security or loss of service (either through system compromise or overly aggressive response) requires the evaluation of tradeofls among competing objectives. Security Situation Assessment and Response Evaluation (SSARE) is a mixed-initiative computer software system for wide-area cyber attack detection, situation assessment, and response evaluation. SSARE is designed to detect a large-scale attack in progress, display an assessment of the situation, and identi& effective responses, including automated context and risk-sensitive policy adaptations. The core of our technical approach is (1) development of attack, attacker, mission, systems, and infrastructure element models; (2) application of IET-developed information fusion and dynamic situation assessment technology; and (3) decision-theoretic evaluation of responses.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.