With the explosive growth of network technologies, insider attacks have become a major concern to business operations that largely rely on computer networks. To better detect insider attacks that marginally manipulate network traffic over time, and to recover the system from attacks, in this paper we implement a temporal-based detection scheme using the sequential hypothesis testing technique. Two hypothetical states are considered: the null hypothesis that the collected information is from benign historical traffic and the alternative hypothesis that the network is under attack. The objective of such a detection scheme is to recognize the change within the shortest time by comparing the two defined hypotheses. In addition, once the attack is detected, a server migration-based system recovery scheme can be triggered to recover the system to the state prior to the attack. To understand mitigation of insider attacks, a multi-functional web display of the detection analysis was developed for real-time analytic. Experiments using real-world traffic traces evaluate the effectiveness of Detection System and Recovery (DeSyAR) scheme. The evaluation data validates the detection scheme based on sequential hypothesis testing and the server migration-based system recovery scheme can perform well in effectively detecting insider attacks and recovering the system under attack.
In this paper, we propose a solution to the cooperative path planning with limited communication problem in two phases.
In the first (offline) phase, a Pareto-optimal path problem is formulated to find a reference path and the graph cuts
minimization method is used to speedily calculate the optimal solution. In the second (online) phase, a foraging
algorithm is used to dynamically refine the reference path to meet the dynamic constraints of unmanned aerial vehicle
(UAVs), during which an open-loop feedback optimal (OLFO) controller is used to estimate the states which may be
unavailable due to infrequent battlefield information updates. Furthermore, an adaptive Markov decision process is
proposed to deal with intermittent asynchronous information flow. The method is demonstrated in a simulation for a
swarm of Unmanned Air Vehicle (UAV) teams with various communication ranges.
Over recent decades, the space environment becomes more complex with a significant increase in space debris and a
greater density of spacecraft, which poses great difficulties to efficient and reliable space operations. In this paper we
present a Hierarchical Sensor Management (HSM) method to space operations by (a) accommodating awareness
modeling and updating and (b) collaborative search and tracking space objects. The basic approach is described as
follows. Firstly, partition the relevant region of interest into district cells. Second, initialize and model the dynamics of
each cell with awareness and object covariance according to prior information. Secondly, explicitly assign sensing
resources to objects with user specified requirements. Note that when an object has intelligent response to the sensing
event, the sensor assigned to observe an intelligent object may switch from time-to-time between a strong, active signal
mode and a passive mode to maximize the total amount of information to be obtained over a multi-step time horizon and
avoid risks. Thirdly, if all explicitly specified requirements are satisfied and there are still more sensing resources
available, we assign the additional sensing resources to objects without explicitly specified requirements via an
information based approach. Finally, sensor scheduling is applied to each sensor-object or sensor-cell pair according to
the object type. We demonstrate our method with realistic space resources management scenario using NASA's General
Mission Analysis Tool (GMAT) for space object search and track with multiple space borne observers.
This paper proposes a Markov (stochastic) game theoretic level-3 data fusion approach for defensive counterspace.
Based on the Markov game theory and the advanced knowledge infrastructures for information fusion, the approach can
enhance threat detection, validation, and mitigation for future counterspace and space situational awareness (SSA)
operations. A Markov game is constructed to model the possible interactions between the dynamic and intelligent threats
and friendly satellites, and effects of various space weather conditions. To systematically solve the complicated Markov
game, a conversion from general Markov games into several Markov Decision Processes (MDPs) as well as some static
bi-matrix games is provided. The proposed Markov game model and innovative solution are demonstrated in a numerical
Prediction of adversarial course of actions (COA) is critical to many applications including: crime prediction, Unmanned
Aerial Vehicle (UAV) threat prediction, and terrorism attack prevention. Researchers have shown that integrating
behavior features (or preferences/patterns/modes) into prediction systems, which utilize random process theory and
likelihood estimation calculations, can improve prediction accuracy. However, these calculations currently assume
behavior features that are static and will not change during a long time horizon, which make such models difficult to
adapt to adversary behavior feature changes. This paper provides an approach for dynamically predicting changes of
behavior features utilizing the tenets of game theory. An example scenario and extensive simulations illustrate the
feature prediction capability of this model.
In this paper, we consider a multi-pursuer multi-evader pursuit evasion game where some evaders' maximal speeds are
higher than those of all pursuers. In multi-player pursuit evasion game, hierarchical framework is applied widely in order
to decompose the original complicated multi-player game into multiple small scale games, i.e. one-pursuer one-evader
games and multi-pursuer single-evader games. The latter is especially required for superior evaders. Although usually
only suboptimal results are obtained, the resulted decentralized approaches are favored by researchers from the point
view of communication aspect for practical applications. Based on our previous work, for a multi-pursuer single-superior-
evader game on a plane, we first study the number of pursuers which necessitates the capture. Regarding each
player as a mass point, a moving planar coordinate system is fixed on the evader. Then formation control is used for
pursuers in their pursuit strategies deriving to 1) avoid collision between pursuers; 2) reduce the distance between each
pursuer and the evader over the evolution of game; 3) keep the pursuers' angular distribution around the evader invariant
during the pursuit process and enclose the superior evader within the union of each pursuer's capture domain at the end
of game. The validity of our method is illustrated by two simulation examples.
This paper proposes an innovative data-fusion/ data-mining game theoretic situation awareness and impact assessment
approach for cyber network defense. Alerts generated by Intrusion Detection Sensors (IDSs) or Intrusion Prevention
Sensors (IPSs) are fed into the data refinement (Level 0) and object assessment (L1) data fusion components. High-level
situation/threat assessment (L2/L3) data fusion based on Markov game model and Hierarchical Entity Aggregation
(HEA) are proposed to refine the primitive prediction generated by adaptive feature/pattern recognition and capture new
unknown features. A Markov (Stochastic) game method is used to estimate the belief of each possible cyber attack
pattern. Game theory captures the nature of cyber conflicts: determination of the attacking-force strategies is tightly
coupled to determination of the defense-force strategies and vice versa. Also, Markov game theory deals with uncertainty
and incompleteness of available information. A software tool is developed to demonstrate the performance of the high
level information fusion for cyber network defense situation and a simulation example shows the enhanced understating
of cyber-network defense.