Phongphun Kijsanayothin

Tumor classification ranking from microarray data.

BackgroundGene expression profiles based on microarray data are recognized as potential diagnostic indices of cancer. Molecular tumor classifications resulted from these data and learning algorithms have advanced our understanding of genetic changes associated with cancer etiology and development. However, classifications are not always perfect and in such cases the classification rankings (likelihoods of correct class predictions) can be useful for directing further research (e.g., by deriving inferences about predictive indicators or prioritizing future experiments). Classification ranking is a challenging problem, particularly for microarray data, where there is a huge number of possible regulated genes with no known rating function. This study investigates the possibility of making tumor classification more informative by using a method for classification ranking that requires no additional ranking analysis and maintains relatively good classification accuracy.ResultsMicroarray data of 11 different types and subtypes of cancer were analyzed using MDR (Multi-Dimensional Ranker), a recently developed boosting-based ranking algorithm. The number of predictor genes in all of the resulting classification models was at most nine, a huge reduction from the more than 12 thousands genes in the majority of the expression samples. Compared to several other learning algorithms, MDR gives the greatest AUC (area under the ROC curve) for the classifications of prostate cancer, acute lymphoblastic leukemia (ALL) and four ALL subtypes: BCR-ABL, E2A-PBX1, MALL and TALL. SVM (Support Vector Machine) gives the highest AUC for the classifications of lung, lymphoma, and breast cancers, and two ALL subtypes: Hyperdiploid > 50 and TEL-AML1. MDR gives highly competitive results, producing the highest average AUC, 91.01%, and an average overall accuracy of 90.01% for cancer expression analysis.ConclusionUsing the classification rankings from MDR is a simple technique for obtaining effective and informative tumor classifications from cancer gene expression data. Further interpretation of the results obtained from MDR is required. MDR can also be used directly as a simple feature selection mechanism to identify genes relevant to tumor classification. MDR may be applicable to many other classification problems for microarray data.

On modeling software defect repair time

The ability to predict the time required to repair software defects is important for both software quality management and maintenance. Estimated repair times can be used to improve the reliability and time-to-market of software under development. This paper presents an empirical approach to predicting defect repair times by constructing models that use well-established machine learning algorithms and defect data from past software defect reports. We describe, as a case study, the analysis of defect reports collected during the development of a large medical software system. Our predictive models give accuracies as high as 93.44%, despite the limitations of the available data. We present the proposed methodology along with detailed experimental results, which include comparisons with other analytical modeling approaches.

Host-Centric Model Checking for Network Vulnerability Analysis

Research has successfully applied model checking, a formal verification technique, to automatically generate chains of vulnerability exploits that an attacker can use to reach his goal. Due to the combinatorial explosion of the chain generation problem space, model checkers do not scale well to networks containing a large number of hosts. This paper proposes a methodology that uses a host-centric modeling approach together with a monotonicity assumption to alleviate the scalability problem of model checkers. We describe the proposed approach, its limitations, and show how it can reduce the time complexity of chain generation to a quadratic polynomial of the number of hosts, both theoretically and empirically. We also compare its advantages over similar customized graph-based approaches.

Scalable Optimized Composition of Web Services with Complexity Analysis

This paper addresses a fundamental issue of web service composition. We present a simple but powerful conceptual model that leads to a scalable approach to automatically constructing a composite web service to meet its requirements by using as few services as possible. Our approach is based on a state space model that has a monotone property to allow efficient search along with efficient algorithms for pruning and simple parallelization. We provide both empirical and theoretical analyses of the proposed approach and show that it has time complexity of O(n^2), for a repository with n services. However, the approach takes linear time for sequential compositions when service applicability is performed by service discovery and thus, it is shown to give asymptotically optimal performance. Although optimality in the number of services deployed is not guaranteed, our experiments on public benchmark data sets show correct optimized solutions 100% of the time, with a reduction in the average running time, compared to a well-performed planning-based system, of better than 35% over 207 composition problems.

Automated Test Order Generation for Software Component Integration Testing

The order in which software components are tested can have a significant impact on the number of stubs required during component integration testing. This paper presents an efficient approach that applies heuristics based on a given software component test dependency graph to automatically generate a test order that requires a (near) minimal number of test stubs. Thus, the approach reduces testing effort and cost. The paper describes the proposed approach, analyses its complexity and illustrates its use. Comparison with three well known graph-based approaches, for a real-world software application, shows that only the classic Le Traon et al.’s approach and ours give an optimal number of stubs. However, experiments on randomly simulated dependency models with 100 to 10,000 components show that our approach has a significant performance advantage with a reduction in the average running time of 96.01%.

Security Analysis of Role-based Separation of Duty with Workflows

Role-based access control (RBAC) is the most predominant access control model in todays security management due to its ability to simplify authorization, and flexibility to specify and enforce protection policies. In RBAC, Separation of Duty (SoD) constrains user role authorization to protect sensitive information from frauds due to conflicts of interests. SoD constraints are commonly defined by mutually exclusive roles (MER) (e.g., bank teller and auditor). This paper proposes practical computational techniques for analyzing SoD by integrating workflows of the enterprise processes into the RBAC framework. Specifically, we present 1) an algorithm for generating MER to enforce SoD, and 2) a verification algorithm to check if a given RBAC state (role authorization and user-role assignments) satisfies a given type of SoD constraint or not. The paper discusses the details of the approach and illustrates its use in a loan application domain.

Analytical Approach to Attack Graph Analysis for Network Security

An attack graph increasingly plays an important role in network security. It shows possible paths of actions consisting of the network vulnerability exploits that can lead to security breaches. Because most attack graphs are very large and complex, much research has focused on how these graphs can be automatically and efficiently generated. However, little has been done on attack graph analysis, namely how we can use attack graphs to better protect the network. This paper addresses the latter issue. We present a suit of systematic approaches to statically analyzing attack graphs by means of reasoning mechanisms based on logical expressions and conditional preference networks. The proposed approaches are general and theoretically grounded. The paper describes the approaches in details. We show how the resulting analysis can help derive many useful decisions. For example, it can assist a security administrator in selecting most cost-effective countermeasures, based on his preference criteria, to improve the security flaws found in the attack graph. For understandability, we illustrate our approach by presenting a study of a simple and small but realistic case scenario.

Cyber-security analysis of smart grid SCADA systems with game models

Smart grid SCADA (Supervisory Control and Data Acquisition) systems are key drivers to monitor, control and manage critical processes for the delivery and transmission of electricity in smart grids. Security attacks to such systems can have devastating effects on the functionality of the smart grids leading to electrical blackouts, economic losses or even fatalities. This paper presents an analytical game theoretic approach to analyzing security of SCADA smart grids by constructing a model of sequential, nonzero sum, two-player game between an attacker and a security administrator. The distinction of our work is the proposed development of game payoff formulae. A decision analysis can then be obtained by applying backward induction technique on the game tree derived from the proposed payoffs. The paper describes the development of the game payoffs and illustrates its analysis on a real-world scenario of Sybil and node compromised attacks at the sensor level of the smart grid SCADA systems.

On securing privacy in composite web service transactions

Todays numerous online transactions are implemented as composite web services in various domains including business, healthcare, government and education. One important aspect of secured online transactions is privacy protection. This paper addresses privacy issues in composite web service transactions by providing an intelligent semi-automated privacy-aware approach to efficiently building an appropriate composite web service that (1) satisfies service functional requirements with (near) minimum number of services and information leakage, and (2) complies, as much as possible, with a customers privacy preferences and trust (in service providers when available). Furthermore, we describe details of the proposed approach and illustrates its use that exploits generic knowledge about types and sensitivity levels of information, together with specific knowledge about customer privacy preferences and trusts on certain providers.

Smart Grid security: Deriving informed decisions from cyber attack game analysis

Protection of smart grids against cyber attacks has become one of the nations top priorities. Most existing approaches have focused on intrusion detection and post-attack responses in a similar fashion to fault detection and recovery. However, attack behaviors are much more complex and less predictable than fault behaviors as an attacker often changes his course of actions during the attacks. Thus, there is a need for a systematic approach that can incorporate behaviors of attackers into the decision analysis of security management. This is especially crucial as attackers can keep advancing their techniques to outsmart security technologies. Our research aims to enhance the science of security that enables behavioral modeling as well as model extensibility. In particular, we present an analytical game theoretic approach to analyzing security of smart grid SCADA (Supervisory Control and Data Acquisition) systems by including attacker/defender behaviors in the proposed sequential, non-zero sum, and two-player game model. The paper describes the development of the game payoffs and illustrates how informed decisions can be made on a real-world scenario of attacks at the sensor level of the smart grid SCADA systems.