- Full text PDF available (17)
We report on the results of applying classical planning techniques to the problem of analyzing computer network vul-nerabilities. Specifically, we are concerned with the generation of Adversary Courses of Action, which are extended sequences of exploits leading from some initial state to an attacker's goal. In this application, we have demonstrated the… (More)
This paper presents an abductive probabilistic algorithm for task tracking/intent inference. It then describes experiments and analysis of the complexity of the algorithm showing a number of conclusions. The most interesting is that empirically the algorithm scales linearly in the number of plans within the plan library.
A limiting factor for the application of IDA methods in many domains is the incompleteness of data repositories. Many records have fields that are not filled in, especially, when data entry is manual. In addition, a significant fraction of the entries can be erroneous and there may be no alternative but to discard these records. But every cell in a database… (More)
We present a general and systematic method for neural network design based on the genetic algorithm. The technique works in conjunction with network learning rules, addressing aspects of the network's gross architecture, connectivity, and learning rule parameters. Networks can be optimiled for various application-specific criteria, such as learning speed,… (More)
A serious problem in mining industrial data bases is that they are often incomplete, and a significant amount of data is missing, or erroneously entered. This paper explores the use of machine-learning based alternatives to standard statistical data completion (data imputation) methods, for dealing with missing data. We have approached the data completion… (More)
This paper describes the SCYLLARUS approach to fusing reports from multiple intrusion detection systems (ID-Ses) to provide an overall approach to intrusion situation awareness. The overall view provided by SCYLLARUS centers around the site's security goals, aggregating large numbers of individual IDS reports based on their impact The overall view reduces… (More)
Coordinating multiple overlapping defense mechanisms, at differing levels of abstraction, is fraught with the potential for misconfiguration, so there is strong motivation to generate policies for those mechanisms from a single specification in order to avoid that risk. This paper presents our experience and the lessons learned as we developed, validated… (More)