Dallas Snider

A Knowledge-Based System Approach for Extracting Abstractions from Service Oriented Architecture Artifacts

Rule-based methods have traditionally been applied to develop knowledge-based systems that replicate expert performance on a deep but narrow problem domain. Knowledge engineers capture expert knowledge and encode it as a set of rules for automating the expert’s reasoning process to solve problems in a variety of domains. We describe the development of a knowledge-based system approach to enhance program comprehension of Service Oriented Architecture (SOA) software. Our approach uses rule-based methods to automate the analysis of the set of artifacts involved in building and deploying a SOA composite application. The rules codify expert knowledge to abstract information from these artifacts to facilitate program comprehension and thus assist Software Engineers as they perform system maintenance activities. A main advantage of the knowledge-based approach is its adaptability to the heterogeneous and dynamically evolving nature of SOA environments.

A process to transfer Fail2ban data to an adaptive enterprise intrusion detection and prevention system

In this paper, we describe a process that has been developed to transfer network intrusion data captured by Fail2ban to an adaptive enterprise intrusion detection and prevention system. The process involves software agents that we have created that are interconnected to a central behavior analysis database service where each software agent records attack meta-information collected during previous intrusion attempts. These distributed agents are the first phase of an overall plan to create a smarter network defense system through the collection and analysis of network signatures generated by real security threats. The central database to which the agents report warehouses and analyzes the meta-information collected by the interconnected agents. The agents can then utilize both instantaneous and historical data by integrating rules derived from the data collection and analysis process into intrusion prevention policies. The final result will be a modular and scalable network defense system that should be more responsive and adaptable to imminent threats.

Creating a cost-effective air-to-ground network simulation environment

Todays warfighter is increasingly dependent on networked systems and information from unmanned aerial vehicles to provide up-to-the-minute conditions on the battlefield; therefore the network must continually perform at optimum levels. One of the problems encountered in complex air-to-ground networks is that all possible hardware, software and network configurations that will be encountered in the field cannot be pretested; therefore there is a need to provide a method for studying the interaction among diverse hardware and software components and identifying potential network bottlenecks in air-to-ground networks and their causes before they become critical. In this paper, we demonstrate our accomplishments in building a robust and scalable simulation of an air-to-ground network environment based on wired and wireless network emulation using widely available software tools. We will also present our design for data capture and evaluation that support hypothetical, what-if scenarios for testing network performance bottlenecks.

A tool set for managing virtual network configurations

Software defined networks and network function virtualization are providing much needed agility to network and system administrators attempting to meet ever changing demands from their stakeholders. However, there exists a need for tools to assist in the configuration, deployment, testing and knowledge transfer of these networks and their components. In this paper, we present our plans to develop a set of open source tools to assist with the aforementioned tasks. The goal is to apply existing disparate pieces of technology so they may work together to assist with the management of virtual network environments.

Knowledge Elicitation and Conceptual Modeling to Foster Security and Trust in SOA System Evolution

Software systems based upon Service-Oriented Architecture (SOA) are often large, heterogeneous and difficult to understand. Evolving such systems presents some unique challenges. For example, it is critical to understand the impacts on trust relationships and security as SOA systems evolve. A substantial body of work exists on the idea of knowledge elicitation and management through the creation of knowledge models, which are created to represent the conceptual knowledge of experts. Knowledge modeling based upon concept maps is an efficient process and knowledge representation scheme that holds potential to assist planning in evolving SOA systems. This chapter contains two examples of knowledge modeling in support of SOA system evolution. The first example is an academic study that illustrates the use of knowledge modeling to create a software security assurance case. The second example, which is the main focus of this chapter, pertains to the ongoing evolution of a large, real-world Sustainment Management System software suite named PAVER™. This software is being modified to allow third-party add-in functionality to interact with the base system and to create a SOA federation with other enterprise systems. This article contains a description of a knowledge elicitation and modeling effort to identify trust concerns as this increasingly large and complex federation evolves.

Similarity measures in smart building electrical demand data

With the increase in smart, LEED-certified buildings there comes an increase in the amount of time-series data generated by the sensor networks within these buildings. Extracting useful information from the sensor network data can pose a challenge. While diurnal and seasonal patterns of electrical demand are well known from traditional metering systems, smart building sensor networks can provide insight into abnormalities or previously unknown patterns in electrical demand. In this paper, we demonstrate how to mine the data for these unknowns through the analysis of the frequency components of the time-series electrical demand data. The data for this study was collected from an LEED-certified building over twelve consecutive months with separate data feeds for the electrical demand from the heating, A/C, ventilation, lighting and miscellaneous systems. We employed Fourier methods to transform the data from the time domain to the frequency domain and then used similarity measures to look for similarities and outliers among the differing systems.

Defining threats across organizational boundaries

Threats against systems are continually changing and evolving. The ability to secure systems against them is an ongoing battle. One of the most difficult responsibilities that security experts face is the need to take the intangible threats and complex security information and explain it to stakeholders with enough clarity as to allow for decision making. There are typically, multiple levels of stakeholders, needing various levels of brevity or insight in order to react to the information. The Chief Executive Officer (CEO) needs brevity, the lead security engineer needs enough information in order to make technical trade-offs.Both Bayesian networks and concept mapping are based on patterns. They both look to provide insight into information based on pattern relations. Bayesian networks provide a method to look at the probabilities associated with events occurring. Concept maps show perceived regularities in events or objects by the use of labels. The use of concept maps has been shown to provide a means of describing complex ideas in a simple manner, such as is necessary when dealing with higher levels of management. Bayesian networks can be used to describe the detailed probabilities of something occurring, as is useful when working with engineers. The purpose of this paper is to show how the hybrid use of concept maps and Bayesian networks to outline the same information can be useful for providing threat information across organizational boundaries.