in most working and proposed multiagent systems, the problems of identifying and locating agents ... more in most working and proposed multiagent systems, the problems of identifying and locating agents that can provide specific services are of major concern. A broker or matchmaker service is often proposed as a solution. These systems use keywords drawn from application domain ontologies to specify agent services, usually framed within some sort of knowledge representation language. However, we believe that keywords and ontologies cannot be defined and interpreted precisely enough to make brokering or matchmaking among agents sufficiently robust in a truly distributed, heterogeneous, multiagent computing environment. This creates matching conflicts between, a client agent's requested functionality and a service agent's actual functionality. We propose a new form of interagent communication, called functional validation, specifically designed to solve such matching conflicts. In this paper we introduce the functional validation concept, analyze the possible situations that can arise in validation problems and formalize the mathematical framework around which further work can be done.
ABSTRACT This report summarizes our preliminary eorts at applying the methodology and techniques ... more ABSTRACT This report summarizes our preliminary eorts at applying the methodology and techniques of agent-based systems engineering (ABSE) to the problem of designing and operating Intelligent Roads and Vehicles Systems (IRVS). First, we briey summarize the key elements of both agent-based systems engineering and IRVS. We then show how the taxonomy of ABSE applies to the IRVS concept and how some performance metrics can be introduced. The report concludes with plans for continued work in this direction.
International Journal of Cooperative Information Systems, Mar 1, 2006
Ontologies are developed to describe data semantics on the Semantic Web. Given the distributed na... more Ontologies are developed to describe data semantics on the Semantic Web. Given the distributed nature and scale of the Semantic Web, a large number of ontologies with different terminologies and structures will be created to describe the same concepts and domains. Without semantic mapping, information fluidity within the Web could be blocked at the boundaries of these ontologies. Therefore, ontology mapping is needed to translate datasets represented by disparate ontologies. We believe that over time communities will incrementally build an ontology mapping between select ontologies based on their own communication interests. How will these interest-driven mapping activities eventually change semantic interoperability and information fluidity across the Web? This paper proposes metrics to quantify information fluidity and builds an analytical model with "small-world" graph theory to analyze the growth of the Semantic Web. Further with this model, we analyze how information fluidity can evolve by "marketdriven" semantic mapping activities occurring across the Web. Our results can be useful in evaluating mapping efforts needed for large-scale heterogeneous information systems. One conclusion, based on this model, is that the development of decentralized ontology mappings can lead to significant information fluidity within the Semantic Web.
Nonparametric versions of hidden Markov models, what we call weak models, are robust for process ... more Nonparametric versions of hidden Markov models, what we call weak models, are robust for process detection and easy to construct, as the assumption of knowing precise probabilities in HMMs is weakened to {0,1}-values of reachabilities. Weak models are shown to be equivalent to DFAs/ NFAs. The concept of minimal unifilar weak model (μ-WM) is introduced. The spectral radius of the transition matrix of μ-WM determines the growth rate of acceptable observation sequences. An absolute weak model distance is defined for model clustering purpose, while a relative distance is a measure of how fast the performance of detection gets improved as more observations arrive. Convergence of the distance measures is proved.
One significant drawback to currently available security products is their inabilty to correlate ... more One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.
In the past decade, research in neurocomputing has been divided into two relatively wellde ned tr... more In the past decade, research in neurocomputing has been divided into two relatively wellde ned tracks: one track dealing with cognition and the other with behavior. Cognition deals with organizing, classifying and recognizing sensory stimuli. Behavior is more dynamic, involving sequences of actions and changing interactions with an external environment. The mathematicaltechniques that apply to these areas, at least from the point of neurocomputing, appear to have been quite separate as well. The purpose of this paper is to give a n o verview of some recent p o werful mathematical results in behavioral neurocomputing, speci cally the concept of Q-learning due to C. Watkins, and some new extensions. Finally, w e propose ways in which the mathematics of cognition and the mathematics of behavior can move closer to build more uni ed systems of information processing and action.
In this paper we present a new server monitoring method based on a new and powerful approach to d... more In this paper we present a new server monitoring method based on a new and powerful approach to dynamic data analysis: Process Query Systems (PQS). PQS enables userspace monitoring of servers and, by using advanced behavioral models, makes accurate and fast decisions regarding server and service state. Data to support state estimation come from multiple sensor feeds located within a server network. By post-processing a system's state estimates, it becomes possible to identify, isolate and/or restart anomalous systems, thus avoiding cross-infection or prolonging performance degradation. The PQS system we use is a generic process detection software platform. It builds on the wide variety of system-level information that past autonomic computing research has studied by implementing a highly flexible, scalable and efficient process-based analytic engine for turning raw system information into actionable system and service state estimates. 1
... of hosts is presented in [8], which reviews benefits and challenges in using passive and ... ... more ... of hosts is presented in [8], which reviews benefits and challenges in using passive and ... We have described several ideas, approaches and implementa-tions of network sensing for mobile agents. ... focus of his MS the-sis is on developing extensions for the Mobile IP protocol to ...
Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, 2019
Organizations increasingly rely on complex networked systems to maintain operational efficiency. ... more Organizations increasingly rely on complex networked systems to maintain operational efficiency. While the widespread adoption of network-based IT solutions brings significant benefits to both commercial and government organizations, it also exposes them to an array of novel threats. Specifically, malicious actors can use networks of compromised and remotely controlled hosts, known as botnets, to execute a number of different cyber-attacks and engage in criminal or otherwise unauthorized activities. Most notably, botnets can be used to exfiltrate highly sensitive data from target networks, including military intelligence from government agencies and proprietary data from enterprise networks. What makes the problem even more complex is the recent trend towards stealthier and more resilient botnet architectures, which depart from traditional centralized architectures and enable botnets to evade detection and persist in a system for extended periods of time. A promising approach to botnet detection and mitigation relies on Adaptive Cyber Defense (ACD), a novel and game-changing approach to cyber defense. We show that detecting and mitigating stealthy botnets is a multi-faceted problem that requires addressing multiple related research challenges, and show how an ACD approach can help us address these challenges effectively.
Gilbert Strang’s most recent textbook is remarkable on several fronts. Published in 2019, it cont... more Gilbert Strang’s most recent textbook is remarkable on several fronts. Published in 2019, it contains the key linear algebra and optimization techniques at the forefront of active data-science and machine learning practice today. This is an appropriate choice of content because while state-of-the-art machine learning applications can change each month (as in reinforcement learning, language translation, game playing, or image classification), the underlying mathematical concepts and algorithms do not. Some topics (such as numerical algorithms for various tensor problems) are so recent that they are only now being presented as textbook material. This book is an offspring of a current Massachusetts Institute of Technology (MIT) mathematics course, Matrix Methods in Data Analysis and Signal Processing, which, in turn, was greatly influenced by a current University of Michigan electrical engineering and computer science course, Matrix Methods for Signal Processing, Data Analysis, and Ma...
This talk will review several fundamental and general ideas surrounding decentralized algorithms ... more This talk will review several fundamental and general ideas surrounding decentralized algorithms and how they occur in a variety of computing and engineering fields. Of specific interest are convergence rates and limitations on asynchronicity which will be reviewed. Several applications of and implications for social systems simulation and modeling will be presented and conjectured. This talk will begin with tutorial material and lead to some recent research results and problems.
network conditions. With the growing demand for wireless, satellite, and other highly volatile co... more network conditions. With the growing demand for wireless, satellite, and other highly volatile computer communications networks, however, applica- tions that are robust in the presence of network volatility must be designed and built. Net- work-robust applications are of great interest in military situations today, and we expect that interest to grow in industrial and eventually consumer environments as well. Mobile agents are one way to realize such applications, especially when used in a wireless envi- ronment. This article discusses issues and results related to the problem of making com- puter applications network-aware and reactive to changing network conditions. It contains a short overview of our work on mobile agents as well as a tutorial on network sensing from the agent perspective. Some prototypes of network-sensing systems and network- .. aware mobile-agent applications are- presented.
in most working and proposed multiagent systems, the problems of identifying and locating agents ... more in most working and proposed multiagent systems, the problems of identifying and locating agents that can provide specific services are of major concern. A broker or matchmaker service is often proposed as a solution. These systems use keywords drawn from application domain ontologies to specify agent services, usually framed within some sort of knowledge representation language. However, we believe that keywords and ontologies cannot be defined and interpreted precisely enough to make brokering or matchmaking among agents sufficiently robust in a truly distributed, heterogeneous, multiagent computing environment. This creates matching conflicts between, a client agent's requested functionality and a service agent's actual functionality. We propose a new form of interagent communication, called functional validation, specifically designed to solve such matching conflicts. In this paper we introduce the functional validation concept, analyze the possible situations that can arise in validation problems and formalize the mathematical framework around which further work can be done.
ABSTRACT This report summarizes our preliminary eorts at applying the methodology and techniques ... more ABSTRACT This report summarizes our preliminary eorts at applying the methodology and techniques of agent-based systems engineering (ABSE) to the problem of designing and operating Intelligent Roads and Vehicles Systems (IRVS). First, we briey summarize the key elements of both agent-based systems engineering and IRVS. We then show how the taxonomy of ABSE applies to the IRVS concept and how some performance metrics can be introduced. The report concludes with plans for continued work in this direction.
International Journal of Cooperative Information Systems, Mar 1, 2006
Ontologies are developed to describe data semantics on the Semantic Web. Given the distributed na... more Ontologies are developed to describe data semantics on the Semantic Web. Given the distributed nature and scale of the Semantic Web, a large number of ontologies with different terminologies and structures will be created to describe the same concepts and domains. Without semantic mapping, information fluidity within the Web could be blocked at the boundaries of these ontologies. Therefore, ontology mapping is needed to translate datasets represented by disparate ontologies. We believe that over time communities will incrementally build an ontology mapping between select ontologies based on their own communication interests. How will these interest-driven mapping activities eventually change semantic interoperability and information fluidity across the Web? This paper proposes metrics to quantify information fluidity and builds an analytical model with "small-world" graph theory to analyze the growth of the Semantic Web. Further with this model, we analyze how information fluidity can evolve by "marketdriven" semantic mapping activities occurring across the Web. Our results can be useful in evaluating mapping efforts needed for large-scale heterogeneous information systems. One conclusion, based on this model, is that the development of decentralized ontology mappings can lead to significant information fluidity within the Semantic Web.
Nonparametric versions of hidden Markov models, what we call weak models, are robust for process ... more Nonparametric versions of hidden Markov models, what we call weak models, are robust for process detection and easy to construct, as the assumption of knowing precise probabilities in HMMs is weakened to {0,1}-values of reachabilities. Weak models are shown to be equivalent to DFAs/ NFAs. The concept of minimal unifilar weak model (μ-WM) is introduced. The spectral radius of the transition matrix of μ-WM determines the growth rate of acceptable observation sequences. An absolute weak model distance is defined for model clustering purpose, while a relative distance is a measure of how fast the performance of detection gets improved as more observations arrive. Convergence of the distance measures is proved.
One significant drawback to currently available security products is their inabilty to correlate ... more One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.
In the past decade, research in neurocomputing has been divided into two relatively wellde ned tr... more In the past decade, research in neurocomputing has been divided into two relatively wellde ned tracks: one track dealing with cognition and the other with behavior. Cognition deals with organizing, classifying and recognizing sensory stimuli. Behavior is more dynamic, involving sequences of actions and changing interactions with an external environment. The mathematicaltechniques that apply to these areas, at least from the point of neurocomputing, appear to have been quite separate as well. The purpose of this paper is to give a n o verview of some recent p o werful mathematical results in behavioral neurocomputing, speci cally the concept of Q-learning due to C. Watkins, and some new extensions. Finally, w e propose ways in which the mathematics of cognition and the mathematics of behavior can move closer to build more uni ed systems of information processing and action.
In this paper we present a new server monitoring method based on a new and powerful approach to d... more In this paper we present a new server monitoring method based on a new and powerful approach to dynamic data analysis: Process Query Systems (PQS). PQS enables userspace monitoring of servers and, by using advanced behavioral models, makes accurate and fast decisions regarding server and service state. Data to support state estimation come from multiple sensor feeds located within a server network. By post-processing a system's state estimates, it becomes possible to identify, isolate and/or restart anomalous systems, thus avoiding cross-infection or prolonging performance degradation. The PQS system we use is a generic process detection software platform. It builds on the wide variety of system-level information that past autonomic computing research has studied by implementing a highly flexible, scalable and efficient process-based analytic engine for turning raw system information into actionable system and service state estimates. 1
... of hosts is presented in [8], which reviews benefits and challenges in using passive and ... ... more ... of hosts is presented in [8], which reviews benefits and challenges in using passive and ... We have described several ideas, approaches and implementa-tions of network sensing for mobile agents. ... focus of his MS the-sis is on developing extensions for the Mobile IP protocol to ...
Adversarial and Uncertain Reasoning for Adaptive Cyber Defense, 2019
Organizations increasingly rely on complex networked systems to maintain operational efficiency. ... more Organizations increasingly rely on complex networked systems to maintain operational efficiency. While the widespread adoption of network-based IT solutions brings significant benefits to both commercial and government organizations, it also exposes them to an array of novel threats. Specifically, malicious actors can use networks of compromised and remotely controlled hosts, known as botnets, to execute a number of different cyber-attacks and engage in criminal or otherwise unauthorized activities. Most notably, botnets can be used to exfiltrate highly sensitive data from target networks, including military intelligence from government agencies and proprietary data from enterprise networks. What makes the problem even more complex is the recent trend towards stealthier and more resilient botnet architectures, which depart from traditional centralized architectures and enable botnets to evade detection and persist in a system for extended periods of time. A promising approach to botnet detection and mitigation relies on Adaptive Cyber Defense (ACD), a novel and game-changing approach to cyber defense. We show that detecting and mitigating stealthy botnets is a multi-faceted problem that requires addressing multiple related research challenges, and show how an ACD approach can help us address these challenges effectively.
Gilbert Strang’s most recent textbook is remarkable on several fronts. Published in 2019, it cont... more Gilbert Strang’s most recent textbook is remarkable on several fronts. Published in 2019, it contains the key linear algebra and optimization techniques at the forefront of active data-science and machine learning practice today. This is an appropriate choice of content because while state-of-the-art machine learning applications can change each month (as in reinforcement learning, language translation, game playing, or image classification), the underlying mathematical concepts and algorithms do not. Some topics (such as numerical algorithms for various tensor problems) are so recent that they are only now being presented as textbook material. This book is an offspring of a current Massachusetts Institute of Technology (MIT) mathematics course, Matrix Methods in Data Analysis and Signal Processing, which, in turn, was greatly influenced by a current University of Michigan electrical engineering and computer science course, Matrix Methods for Signal Processing, Data Analysis, and Ma...
This talk will review several fundamental and general ideas surrounding decentralized algorithms ... more This talk will review several fundamental and general ideas surrounding decentralized algorithms and how they occur in a variety of computing and engineering fields. Of specific interest are convergence rates and limitations on asynchronicity which will be reviewed. Several applications of and implications for social systems simulation and modeling will be presented and conjectured. This talk will begin with tutorial material and lead to some recent research results and problems.
network conditions. With the growing demand for wireless, satellite, and other highly volatile co... more network conditions. With the growing demand for wireless, satellite, and other highly volatile computer communications networks, however, applica- tions that are robust in the presence of network volatility must be designed and built. Net- work-robust applications are of great interest in military situations today, and we expect that interest to grow in industrial and eventually consumer environments as well. Mobile agents are one way to realize such applications, especially when used in a wireless envi- ronment. This article discusses issues and results related to the problem of making com- puter applications network-aware and reactive to changing network conditions. It contains a short overview of our work on mobile agents as well as a tutorial on network sensing from the agent perspective. Some prototypes of network-sensing systems and network- .. aware mobile-agent applications are- presented.
Uploads
Papers by George Cybenko