Massimiliano Albanese

A Constrained Probabilistic Petri Net Framework for Human Activity Detection in Video

Recognition of human activities in restricted settings such as airports, parking lots and banks is of significant interest in security and automated surveillance systems. In such settings, data is usually in the form of surveillance videos with wide variation in quality and granularity. Interpretation and identification of human activities requires an activity model that a) is rich enough to handle complex multi-agent interactions, b) is robust to uncertainty in low-level processing and c) can handle ambiguities in the unfolding of activities. We present a computational framework for human activity representation based on Petri nets. We propose an extension-Probabilistic Petri Nets (PPN)-and show how this model is well suited to address each of the above requirements in a wide variety of settings. We then focus on answering two types of questions: (i) what are the minimal sub-videos in which a given activity is identified with a probability above a certain threshold and (ii) for a given video, which activity from a given set occurred with the highest probability? We provide the PPN-MPS algorithm for the first problem, as well as two different algorithms (naive PPN-MPA and PPN-MPA) to solve the second. Our experimental results on a dataset consisting of bank surveillance videos and an unconstrained TSA tarmac surveillance dataset show that our algorithms are both fast and provide high quality results.

Cauldron mission-centric cyber situational awareness with defense in depth

The cyber situational awareness of an organization determines its effectiveness in responding to attacks. Mission success is highly dependent on the availability and correct operation of complex computer networks, which are vulnerable to various types of attacks. Today, situational awareness capabilities are limited in many ways, such as inaccurate and incomplete vulnerability analysis, failure to adapt to evolving networks and attacks, inability to transform raw data into cyber intelligence, and inability for handling uncertainty. We describe advanced capabilities for mission-centric cyber situational awareness, based on defense in depth, provided by the Cauldron tool. Cauldron automatically maps all paths of vulnerability through networks, by correlating, aggregating, normalizing, and fusing data from a variety of sources. It provides sophisticated visualization of attack paths, with automatically generated mitigation recommendations. Flexible modeling supports multi-step analysis of firewall rules as well as host-to-host vulnerability, with attack vectors inside the network as well as from the outside. We describe alert correlation based on Caldron attack graphs, along with analysis of mission impact from attacks.

Time-efficient and cost-effective network hardening using attack graphs

Attack graph analysis has been established as a powerful tool for analyzing network vulnerability. However, previous approaches to network hardening look for exact solutions and thus do not scale. Further, hardening elements have been treated independently, which is inappropriate for real environments. For example, the cost for patching many systems may be nearly the same as for patching a single one. Or patching a vulnerability may have the same effect as blocking traffic with a firewall, while blocking a port may deny legitimate service. By failing to account for such hardening interdependencies, the resulting recommendations can be unrealistic and far from optimal. Instead, we formalize the notion of hardening strategy in terms of allowable actions, and define a cost model that takes into account the impact of interdependent hardening actions. We also introduce a near-optimal approximation algorithm that scales linearly with the size of the graphs, which we validate experimentally.

A Multimedia Recommender System

The extraordinary technological progress we have witnessed in recent years has made it possible to generate and exchange multimedia content at an unprecedented rate. As a consequence, massive collections of multimedia objects are now widely available to a large population of users. As the task of browsing such large collections could be daunting, Recommender Systems are being developed to assist users in finding items that match their needs and preferences. In this article, we present a novel approach to recommendation in multimedia browsing systems, based on modeling recommendation as a social choice problem. In social choice theory, a set of voters is called to rank a set of alternatives, and individual rankings are aggregated into a global ranking. In our formulation, the set of voters and the set of alternatives both coincide with the set of objects in the data collection. We first define what constitutes a choice in the browsing domain and then define a mechanism to aggregate individual choices into a global ranking. The result is a framework for computing customized recommendations by originally combining intrinsic features of multimedia objects, past behavior of individual users, and overall behavior of the entire community of users. Recommendations are ranked using an importance ranking algorithm that resembles the well-known PageRank strategy. Experiments conducted on a prototype of the proposed system confirm the effectiveness and efficiency of our approach.

Scalable analysis of attack scenarios

Attack graphs have been widely used for attack modeling, alert correlation, and prediction. In order to address the limitations of current approaches - scalability and impact analysis - we propose a novel framework to analyze massive amounts of alerts in real time, and measure the impact of current and future attacks. Our contribution is threefold. First, we introduce the notion of generalized dependency graph, which captures how network components depend on each other, and how the services offered by an enterprise depend on the underlying infrastructure. Second, we extend the classical definition of attack graph with the notion of timespan distribution, which encodes probabilistic knowledge of the attackers behavior. Finally, we introduce attack scenario graphs, which combine dependency and attack graphs, bridging the gap between known vulnerabilities and the services that could be ultimately affected by the corresponding exploits. We propose efficient algorithms for both detection and prediction, and show that they scale well for large graphs and large volumes of alerts. We show that, in practice, our approach can provide security analysts with actionable intelligence about the current cyber situation, enabling them to make more informed decisions.

A multimedia recommender integrating object features and user behavior

Despite the great amount of work done in the last decade, retrieving information of interest from a large multimedia repository still remains an open issue. In this paper, we propose an intelligent browsing system based on a novel recommendation paradigm. Our approach combines usage patters with low-level features and semantic descriptors in order to predict users’ behavior and provide effective recommendations. The proposed paradigm is very general and can be applied to any type of multimedia data. In order to make the recommender system even more flexible, we introduce the concept of multichannel browser, i.e. a browser that allows concurrent browsing of multiple media channels. We implemented a prototype of the proposed system and tested the effectiveness of our approach in a virtual museum scenario. Experimental results have proved that the system greatly enhances users’ experience, thus encouraging further research in this direction.

Web personalization based on static information and dynamic user behavior

The explosive growth of the web is at the basis of the great interest into web usage mining techniques in both commercial and research areas. In this paper, a web personalization strategy based on pattern recognition techniques is presented. This strategy takes into account both static information, by means of classical clustering algorithms, and dynamic behavior of a user, proposing a novel and effective re-classification algorithm. Experiments have been carried out in order to validate our approach and evaluate the proposed algorithm.

Discovering the Top-k Unexplained Sequences in Time-Stamped Observation Data

There are numerous applications where we wish to discover unexpected activities in a sequence of time-stamped observation data-for instance, we may want to detect inexplicable events in transactions at a website or in video of an airport tarmac. In this paper, we start with a known set A of activities (both innocuous and dangerous) that we wish to monitor. However, in addition, we wish to identify “unexplained” subsequences in an observation sequence that are poorly explained (e.g., because they may contain occurrences of activities that have never been seen or anticipated before, i.e., they are not in A). We formally define the probability that a sequence of observations is unexplained (totally or partially) w.r.t. A. We develop efficient algorithms to identify the top-k Totally and partially unexplained sequences w.r.t. A. These algorithms leverage theorems that enable us to speed up the search for totally/partially unexplained sequences. We describe experiments using real-world video and cyber-security data sets showing that our approach works well in practice in terms of both running time and accuracy.

A moving target defense approach for protecting resource-constrained distributed devices

Techniques aimed at continuously changing a systems attack surface, usually referred to as Moving Target Defense (MTD), are emerging as powerful tools for thwarting cyber attacks. Such mechanisms increase the uncertainty, complexity, and cost for attackers, limit the exposure of vulnerabilities, and ultimately increase overall resiliency. In this paper, we propose an MTD approach for protecting resource-constrained distributed devices through fine-grained reconfiguration at different architectural layers. In order to show the feasibility of our approach in real-world scenarios, we study its application to Wireless Sensor Networks (WSNs), introducing two different reconfiguration mechanisms. Finally, we show how the proposed mechanisms are effective in reducing the probability of successful attacks.

Fast Activity Detection: Indexing for Temporal Stochastic Automaton-Based Activity Models

Today, numerous applications require the ability to monitor a continuous stream of fine-grained data for the occurrence of certain high-level activities. A number of computerized systems-including ATM networks, web servers, and intrusion detection systems-systematically track every atomic action we perform, thus generating massive streams of timestamped observation data, possibly from multiple concurrent activities. In this paper, we address the problem of efficiently detecting occurrences of high-level activities from such interleaved data streams. A solution to this important problem would greatly benefit a broad range of applications, including fraud detection, video surveillance, and cyber security. There has been extensive work in the last few years on modeling activities using probabilistic models. In this paper, we propose a temporal probabilistic graph so that the elapsed time between observations also plays a role in defining whether a sequence of observations constitutes an activity. We first propose a data structure called “temporal multiactivity graph” to store multiple activities that need to be concurrently monitored. We then define an index called Temporal Multiactivity Graph Index Creation (tMAGIC) that, based on this data structure, examines and links observations as they occur. We define algorithms for insertion and bulk insertion into the tMAGIC index and show that this can be efficiently accomplished. We also define algorithms to solve two problems: the “evidence” problem that tries to find all occurrences of an activity (with probability over a threshold) within a given sequence of observations, and the “identification” problem that tries to find the activity that best matches a sequence of observations. We introduce complexity reducing restrictions and pruning strategies to make the problem-which is intrinsically exponential-linear to the number of observations. Our experiments confirm that tMAGIC has time and space complexity linear to the size of the input, and can efficiently retrieve instances of the monitored activities.