Abstract
In 2005 a survivable system we built was subjected to red-team evaluation. Analyzing, interpreting, and responding to the defense mechanism reports took a room of developers. In May 2008 we took part in another red-team exercise. During this exercise an autonomous reasoning engine took the place of the room of developers. Our reasoning engine uses anomaly and specification-based approaches to autonomously decide if system and mission availability is in jeopardy, and take necessary corrective actions. This extended abstract presents a brief summary of the reasoning capability we developed: how it categorizes the data into an internal representation and how it uses deductive and coherence based reasoning to decide whether a response is warranted.
This research was funded by DARPA under Navy Contract No. N00178-07-C-2003.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Freuder, E., Wallace, R.: Partial constraint satisfaction. Artificial Intelligence, special issue on constraint-based reasoning 58(1-3), 21–70 (1992)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rubel, P., Pal, P., Atighetchi, M., Benjamin, D.P., Webber, F. (2008). Anomaly and Specification Based Cognitive Approach for Mission-Level Detection and Response. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87403-4_30
Download citation
DOI: https://doi.org/10.1007/978-3-540-87403-4_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-87402-7
Online ISBN: 978-3-540-87403-4
eBook Packages: Computer ScienceComputer Science (R0)