O. Patrick Kreidl

An Efficient Message-Passing Algorithm for Optimizing Decentralized Detection Networks

A promising feature of emerging wireless sensor networks is the opportunity for each spatially-distributed node to measure its local state and transmit only information relevant to effective global decision-making. An equally important design objective, as a result of each nodes finite power, is for measurement processing to satisfy explicit constraints on, or perhaps make selective use of, the distributed algorithmic resources. We formulate this dual-objective design problem within the Bayesian decentralized detection paradigm, modeling resource constraints by a directed acyclic network with low-rate, unreliable communication links. Existing team theory establishes when necessary optimality conditions reduce to a convergent iterative algorithm to be executed offline (i.e., before measurements are processed). Even so, this offline algorithm has exponential complexity in the number of nodes and its distributed implementation assumes a fully-connected communication network. We state conditions by which the offline algorithm admits an efficient message-passing interpretation, featuring linear complexity in the number of nodes and a natural distributed implementation. We experiment with a simulated network of binary detectors, applying the message-passing algorithm to optimize the achievable tradeoff between global detection performance and network-wide online communication. The empirical analysis also exposes a design tradeoff between constraining in-network processing to preserve resources (per online measurement) and then having to consume resources (per offline reorganization) to maintain effective detection performance

Analysis of a Markov decision process model for intrusion tolerance

We consider a simplest Markov decision process model for intrusion tolerance, assuming that (i) each attack proceeds through one or more steps before the systems security fails and (ii) defensive responses targeting these intermediate steps may only sometimes thwart the attack. Our analysis shows that, even in the ideal case of perfect detectors, it can be sub-optimal in the long run to employ defensive responses while under attack; that is, depending on attack dynamics and response effectiveness, the total overhead of ongoing defensive countermeasures can exceed the total risk of intermittent security failures. Simulation experiments reveal that a tradeoff between these two types of costs persists in the realistic case of imperfect detectors. These experiments also shed light on (i) the extent to which increasing sensor uncertainty monotonically degrades achievable performance and (ii) the loss from optimum performance of two popular rule-based policies for response selection.

Security analysis of the Bootstrap protocol for deny-by-default Mobile Ad-hoc Networks

In previous work, we proposed a “Bootstrap” protocol for establishing neighbor relationships, between two mobile nodes in a mission critical deny-by-default Mobile Ad-hoc Network. In this paper, we formally characterize the security properties of this Bootstrap protocol, striving to answer the following questions: 1) To what extent can an adversary undermine the correctness and performance of the Bootstrap protocol? 2) To what extent can the Bootstrap protocol be improved in anticipation of an adversary? Our analyses employ a combination of formal logic and two standard automated model checkers, SPIN and PRISM. Two types of threats are considered, which we call the subverted node and the subverted link. In the subverted link analysis, we further categorize the adversary into two variants, which we call dark-red or light-red in correspondence with having detailed Bootstrap-protocol-specific knowledge or only generic neighbor setup knowledge, respectively. The subverted node analysis shows that the adversary cannot TCP-SYN-flood-like attack nor deadlock the good node within the Bootstrap protocol. The subverted link analysis shows that the adversary cannot undermine the correctness of the protocol, in the sense that the protocols performance is only degraded in a bounded manner by the dark-red adversary or in a benign manner by the light-red adversary.

A Network Security Classification Game

We consider a network security classification game in which a strategic defender decides whether an attacker is a strategic spy or a naive spammer based on an observed sequence of attacks on file- or mail-servers. The spammer’s goal is attacking the mail-server, while the spy’s goal is attacking the file-server as much as possible before detection. The defender observes for a length of time that trades-off the potential damage inflicted during the observation period with the ability to reliably classify the attacker. Through empirical analyses, we find that when the defender commits to a fixed observation window, often the spy’s best response is either full-exploitation mode or full-confusion mode. This discontinuity prevents the existence of a pure Nash equilibrium in many cases. However, when the defender can condition the observation time based on the observed sequence, a Nash equilibrium often exists.

Decentralized Detection in Undirected Network Topologies

Consider the well-studied decentralized Bayesian detection problem with the twist of an undirected network topology, each edge representing a bidirectional (and perhaps unreliable) finite-rate communication link between two distributed sensor nodes. Every node operates in parallel, processing any particular local measurement in two (discrete) decision stages: the first selects the symbols (if any) transmitted to its immediate neighbors and the second, upon receiving the symbols (or lack thereof) from the same neighbors, decides the value of its local state. We adapt the team solution already known for directed acyclic networks and establish conditions such that the iterative numerical algorithm to collectively optimize the local decision rules admits an efficient message-passing interpretation, featuring an asynchronous distributed implementation in which total computation and communication overhead scales only linearly with the number of nodes. In sharp contrast to the directed case, this message-passing algorithm retains its global correctness and convergence guarantees without restrictions on the network topology.

Decentralized detection in sensor network architectures with feedback

We study a decentralized detection architecture in which each of a set of sensors transmits a highly compressed summary of its observations (a binary message) to a fusion center, which then decides on one of two alternative hypotheses. In contrast to the star (or “parallel”) architecture considered in most of the literature, we allow a subset of the sensors to both transmit their messages to the fusion center and to also broadcast them to the remaining sensors. We focus on the following architectural question: is there a significant performance improvement when we allow such a message broadcast? We consider the error exponent (asymptotically, in the limit of a large number of sensors) for the Neyman-Pearson formulation of the detection problem. We prove that the sharing of messages does not improve the optimal error exponent.

Quantifying Surface Roughness of Weathered Rock - Examples from Granite and Limestone

It is well established within the geotechnical community that weathering affects rock in a variety of ways. Weathering not only degrades engineering properties but also changes the surface appearance. Weathering classifications are partially based on the qualitative assessment of the surface appearance of rock. This study focuses on quantifying surface roughness of weathered rock. Surface textures of both granite and limestone specimens were collected using a commercially available laboratory laser scanning system. Point clouds were analyzed using two different techniques to assess surface roughness. Granite surfaces were assessed using triangulated point clouds and surface normal vectors. Limestone surfaces were assessed using statistical methods to describe deviations from a cylindrical shape. The most highly weathered granite had the largest range of surface normal vector orientation. Less weathered granites had smaller ranges of surface normal vector orientation. Results from weathered limestones were more ambiguous. The least weathered specimens had very small deviations from a perfect cylinder whereas the most weathered specimens had the greatest deviation from a perfect cylinder. However, no clear distinction could be made between deviations from a perfect cylinder for intermediate stages of weathering for limestone specimens. Close range laser scanning was able to capture surface textures from both granite and limestone specimens, however, relationships between weathering grade and surface texture were only statistically significant for granite specimens.

Segmentation of cracks in X-ray CT images of tested macroporous plaster specimens

Precise segmentation of cracks is essential to characterize the structural properties of a rock specimen under compressive force. A two-dimensional internal cross-sectional image of rock can be created using X-ray computed tomography (CT scanning). Cracks in rocks usually have very poor local contrast which makes it difficult to detect and segment cracks from the background using existing popular edge detection algorithms. In this paper, we propose a two-dimensional matched filtering technique followed by local entropy based thresholding, morphological operators and length filtering to detect and segment cracks from the cross-sectional images of rock. The proposed algorithm is tested on several macroporous plaster specimens. Experimental results demonstrate the effectiveness and robustness of the algorithm compared to hand-labeled ground truth segmentations.

On optimal decisions in an introduction-based reputation protocol

Consider a network environment with no central authority in which each node gains value when transacting with behaving nodes but risks losing value when transacting with misbehaving nodes. One recently proposed mechanism for curbing the harm by misbehaving nodes is that of an introduction-based reputation protocol [1]: transactions are permitted only between two nodes who consent to being connected through introduction via a third node. This paper models the main decision process in this protocol, namely that of continuing/closing an active connection, as a sequential detection problem in which each stage corresponds to a transaction that is (perhaps erroneously) classified as either benign or harmful. It is shown that the optimal decision takes the form of a reputation threshold policy, the exact threshold determined by a Bellman equation that admits a tractable iterative solution.

6th workshop on recent advances in intrusion tolerance and reSilience (WRAITS 2012)

Now entering its sixth consecutive year, the last four being in conjunction with DSN, the primary theme of WRAITS is “intrusion tolerance” (IT for short). IT starts with the premise that software-based components will always contain bugs and misconfigurations that can be discovered, exposed and enabled by the increasingly new ways in which distributed and networked computer systems are being created today. IT acknowledges that it is impossible to completely prevent intrusions and attacks, and it is often impossible to accurately detect the act of intrusion and stop it early enough. Intrusion tolerant systems therefore must have the means to continue to operate correctly despite attacks and intrusions, and deny the attacker/intruder the success they seek as much as possible. For instance, an intrusion tolerant system may suffer loss of service or resources due to the attack but it may continue to provide critical services in a degraded mode or trigger automatic mechanisms to regain and recover the compromised services and resources. Other descriptions used for similar themed research include Survivability, Resilience, Trustworthy Systems, Byzantine Fault Tolerance, and Autonomic Self-Healing Systems. Indeed, this years workshop has been slightly renamed from its predecessors (by also including “reSilience” in the title) to explicitly underscore the breadth of the topics involved.