We argue in favor of the explicit inclusion of suspicion as a concrete concept to be used in the analysis of audit data in order to guide the search for evidence of misuse. Our approach is similar to that of a human forensic analyst, who first notices details that seem slightly odd, and then investigates further and cross checks information in an attempt to build a coherent explanation for the observed details. We use deductive reasoning combined with expert knowledge about system behavior, potential attacks and evidence, and patterns of suspicion to link individual clues together in an automated way.A prototype implementation that was designed based on these considerations is presented, including details of how suspicions and deductions are represented, and how these structures are updated as new evidence is discovered. Finally, we describe how this algorithm performs in practice on a realistic example where five discrete pieces of evidence are brought together automatically to create a unified and coherent description of what is believed to have occurred.
Limited Print and Electronic Distribution RightsThis document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions.The RAND Corporation is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND is nonprofit, nonpartisan, and committed to the public interest. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.
We exploit the spreadsheet metaphor to make deductive problem-solving methods available to the vast population of spreadsheet end users. In particular, we show how the function-based problem-solving capabilities of spreadsheets can be extended to include logical deductive methods in a way that is consistent with the existing spreadsheet "look and feel." The foundation of our approach is the integration of a standard deductive logic system into a successful Commercial-Off-The-Shelf (COTS) spreadsheet. We have demonstrated this by designing and implementing an extension to Excel that manages the integration of Excel and a deductive logic engine based on the World Wide Web Consortium (W3C) standard ontology language OWL + SWRL. IntroductionEnd-user programmers (Nardi 1993) are people who write programs for their own use but are not employed as programmers and are usually not, in fact, trained programmers at all. They can be a teacher, engineer, physicist, secretary, accountant, or manager. They use computers as an essential tool for getting their job done but are not normally interested in programming per se. These end-user programmers currently outnumber professional programmers by more than an order of magnitude. In the U.S. alone, they are estimated to outnumber trained professional programmers by 55 million to 2.75 million in 2005(Boehm et al. 2000. The spreadsheet is the programming language of choice for the overwhelming majority of these end-users. It is widely recognized as one of the few true success stories among systems for end-user programming.Studies have shown (Nardi 1993) that the spreadsheet's key to success is the combination of computational techniques that match the user's tasks (insulating them from the low-level details forced on professional programmers) and a table-oriented interface that serves as a model for users' applications. The structured visual format for data representation turns out to play a crucial role in an end-user's ability to formulate and critique models. We can summarize the spreadsheet's power by the expression computation + presentation. One of these two components alone is not sufficient.
A blackboard model of problem solving is applied in the design of a vision system by which an autonomous land vehicle (ALV) navigates roads. The ALV vision task consists of hypothesizing objects in a scene model and verifying these hypotheses using the vehicle's sensors. Object hypothesis generation is based on an a priori map, a planned route through the map, and the current state of the scene model. Verification of an object hypothesis involves directing the sensors toward the expected location of the object, collecting evidence in support of the object, and depositing the verified object in the scene model. An object is a hierarchy of frames connected by part /whole, spatial, and inheritance relationships; these frames reside on a structured blackboard. Each level of the blackboard corresponds to a class of object in the part /whole hierarchy, with the lowest levels containing primitive sensor image features. In top -down verification, an object hypothesis posted at an upper level activates knowledge sources which generate hypotheses at lower levels representing the object's components. In bottom -up analysis, used when knowledge of the environment is limited, sensor -driven hypotheses posted at lower levels generate multiple hypotheses at higher levels. Each blackboard level is a YAPS production system, whose rules represent the knowledge sources, and whose facts are object frames modeled by Lisp Flavors. The implementation strategy thus integrates object-oriented design and production system methodology. The system has been tested successfully with the single task of building a scene model containing a straight road. New feature extractors, sensors, and objects classes are currently being added to the system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.