Abstract
In 2005 a survivable system we built was subjected to red-team evaluation. Analyzing, interpreting, and responding to the defense mechanism reports took a room of developers. In May 2008 we took part in another red-team exercise. During this exercise an autonomous reasoning engine took the place of the room of developers. Our reasoning engine uses anomaly and specification-based approaches to autonomously decide if system and mission availability is in jeopardy, and take necessary corrective actions. This extended abstract presents a brief summary of the reasoning capability we developed: how it categorizes the data into an internal representation and how it uses deductive and coherence based reasoning to decide whether a response is warranted.
This research was funded by DARPA under Navy Contract No. N00178-07-C-2003.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Freuder, E., Wallace, R.: Partial constraint satisfaction. Artificial Intelligence, special issue on constraint-based reasoning 58(1-3), 21–70 (1992)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rubel, P., Pal, P., Atighetchi, M., Benjamin, D.P., Webber, F. (2008). Anomaly and Specification Based Cognitive Approach for Mission-Level Detection and Response. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87403-4_30
Download citation
DOI: https://doi.org/10.1007/978-3-540-87403-4_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-87402-7
Online ISBN: 978-3-540-87403-4
eBook Packages: Computer ScienceComputer Science (R0)