C4I Center


   STIDS 2015 Home

   Topic list
   Venue & Local info

   Keynote Speakers  
   Best Paper Award
   Agenda & Papers  
   Important dates  
   Classified Session  
   Download CFP   

Previous websites--
  STIDS 2015 Website
  STIDS 2014 Website
  STIDS 2013 Website
  STIDS 2012 Website
  STIDS 2011 Website
  STIDS 2010 Website
  OIC 2009 Website
  OIC 2008 Website

Previous proceedings--
  STIDS 2015
  STIDS 2014
  STIDS 2013
  STIDS 2012
  STIDS 2011
  STIDS 2010
  OIC 2009
  OIC 2008
  OIC 2007

C4I Home



STIDS 2015

Schedule of Events

Wednesday, November 18th
08:30 - 09:00      Registration
09:00 - 17:00 Tutorials

Thursday, November 19th
08:00 - 09:00     Registration
09:00 - 09:15     Welcome
09:15 - 10:15     Keynote Address 1

Mark Hartong
Positive Train Control Critical Infrastructure

10:15 - 10:45     Break
10:45 - 11:15    
      Joint Doctrine Ontology:
A Benchmark for Military Information Systems

paper        presentation
Peter Morosoff  
Ron Rudnicki
Jason Bryant
Robert Farrell
Barry Smith
Click for abstract

When the U.S. conducts warfare, elements of a force are drawn from different Services and work together as a single team to accomplish an assigned mission on the basis of joint doctrine. To achieve such unified action, it is necessary that specific Service doctrines be both consistent with and subservient to joint doctrine. But there are two further requirements that flow from the ways in which unified action increasingly involves not only live forces but also automated systems. First, the information technology that is used in joint warfare must be aligned with joint doctrine. Second, the separate information systems used by the different elements of a joint force must be interoperable, in the sense that data and information that is generated by each element must be usable (understandable, processable) by all the other elements that need them. Currently, such interoperability is impeded by multiple inconsistencies among the different data and software standards used by warfighters. We describe here the on-going project of creating a Joint Doctrine Ontology (JDO), which uses joint doctrine to provide shared computer-accessible content valid for any field of military endeavor, organization, and information system. JDO addresses the two previously-mentioned requirements of unified action by providing a widely applicable benchmark for use by developers of information systems that will both guarantee alignment with joint doctrine and support interoperability.

11:15 - 11:45
      Automated Ontology Creation using XML Schema

Samuel Suhas Singapogu
Paulo Costa
Mark Pullen

Click for abstract

Ontologies are commonly used to represent formal semantics in a computer system, usually capturing them in the form of concepts, relationships and axioms. Axioms convey asserted knowledge, which support inferring new knowledge through logical reasoning. For complex systems, the process of creating ontologies manually can be tedious and error-prone. Many automated methods of knowledge discovery are based on mining domain text corpus, but current state-of-the-art methods using this approach fail to properly consider semantic data embedded in XML schemata in complex systems.

This paper proposes a mapping method for identifying relevant semantic data in XML schemata, automatically structuring and representing it in the form of a draft ontology. Concepts, concept hierarchy and domain relationships from XML schema are mapped to relevant part of an OWL ontology. A part-of-speech tagging method extracts domain relationships from schema annotations. This mapping method can be applied to any system that has a well-annotated XML schema. We illustrate our process with the preliminary results obtained when creating a command and control to simulation (C2SIM) draft ontology from an XML schema.

11:45 - 12:15    
      A Probabilistic Ontology for Large-Scale IP Geolocation

paper        presentation
Kathryn Laskey
Sudhanshu Chandekar
Bernd-Peter Paris

Click for abstract

Mapping IP addresses to physical locations is important for a host of cyber security applications. Examples include identifying the origin of cyber attacks, protecting against fraud in internet commerce, screening emails for phishing, and enforcing restrictions on commerce with sanctioned countries. Simultaneous geolocation of large numbers of IP hosts is needed for cyber situation awareness. Explicit formal representation of the geospatial aspects of the cyber domain is necessary for interoperation with other cyber security capabilities. Formally representing the uncertainty inherent in geolocation supports increased accuracy via information fusion, as well as integration of geospatial inference with inference about other aspects of the cyber landscape. This paper presents a probabilistic ontology (PO) for IP geolocation. The geolocation PO is represented in the PR-OWL language, which allows an OWL ontology to be augmented with information to support uncertainty management. We show how the PR-OWL ontology supports automated construction of a Bayesian network for simultaneously geolocating a large number of IP hosts. The ultimate aim is to integrate our probabilistic ontology into a comprehensive cyber security probabilistic ontology to support cyber situation awareness, predictive modeling, and response strategy definition.

12:15 - 13:15     Lunch
13:15 - 14:15     Keynote Address 2

Bruno Sinopoli
On the Security of Cyber-Physical Systems

14:15 - 14:30 Short Break
14:30 - 15:00    
      Towards a Human Factors Ontology for Cyber Security

paper        presentation
Alessandro Oltramari
Diane Henshel
Mariana Cains
Blaine Hoffman
Click for abstract

Traditional cybersecurity risk assessment is reactive and based on business risk assessment approach. The 2014 NIST Cybersecurity Framework provides businesses with an organizational tool to catalog cybersecurity efforts and areas that need additional support. As part of an on-going effort to develop a holistic, predictive cyber security risk assessment model, the characterization of human factors, which includes human behavior, is needed to understand how the actions of users, defenders (IT personnel), and attackers affect cybersecurity risk. Trust has been found to be a crucial element affecting an individual's role within a cyber system. The use of trust as a human factor in holistic cybersecurity risk assessment relies on an understanding how differing mental models, risk postures, and social biases impact the level trust given to an individual and the biases affecting the ability to give said trust. The Human Factors Ontology illustrates the individual characteristics, situational characteristics, and relationships that influence the trust given to an individual. Furthering the incorporation of ontologies into the science of cybersecurity will help decision-makers build the foundation needed for predictive and quantitative risk assessments.

15:00 - 15:30    
      Ontology-based Adaptive Systems of Cyber Defense

Noam Ben-Asher
Alessandro Oltramari
Robert Erbacher
Cleotilde Gonzalez
Click for abstract

In this paper we outline a holistic approach for understanding and simulating human decision making in knowledge-intensive tasks. To this purpose, we integrate semantic and cognitive models in a hybrid computational architecture. The contribution of the paper is twofold: first we describe a packet-centric ontology to represent network traffic. We show how the ontology is used to describe real-world network traffic and also serve as a basis for higher level ontologies of cyber operation, threat and risk. Second, we demonstrate how the combination of the packet-centric ontology with an adaptive cognitive agent with learning capabilities, can be used to understand the human defender reasoning processes when monitoring network traffic. Through simulation experiments we evaluated the proposed hybrid computational architecture and demonstrate its ability to successfully detect malicious port scanning within legitimate network traffic. We discuss the implications of these findings for improving our understanding of the cognitive processes and knowledge requirements of the cyber defender, as well as the possible use of the hybrid architecture as a cognitively inspired decision support tool.

15:30 - 15:45 Short Break
15:45 - 16:15    
      Enabling New Technologies for Cyber Security Defense
with the ICAS Cyber Security Ontology

Malek Ben Salem
Chris Wacek
Click for abstract

Incident response teams that are charged with breach discovery and containment face several challenges, the most important of which is access to pertinent data. Our TAPIO (Targeted Attack Premonition using Integrated Operational data) tool is designed to solve this problem by automatically extracting data from across the enterprise into a fully linked semantic graph and making it accessible in real time. Automated data translation reduces the costs to deploy and extend the system, while presenting data as a linked graph gives analysts a powerful tool for rapidly exploring the causes and effects of a particular event. At the heart of this tool is a cyber security ontology that is specially constructed to enable the TAPIO tool to automatically ingest data from a wide range of data sources, and which provides semantic relationships across the landscape of an enterprise network. In this paper we present this ontology, describe some of the decisions made during its development, and outline how it enables automated mapping technologies of the TAPIO system.

16:15 - 16:45    
    Similarity in Semantic Graphs: Combining
Structural, Literal, and Ontology-based Measures

paper        presentation
Lindsey Vanderlyn
Carl Andersen
Plamen Petrov
Click for abstract

Semantic graphs provide a valuable way to represent data while preserving real world meaning. As these graphs become more popular for storing large quantities of data, it is important to have methods of determining similarity between nodes in the graph. This paper extends previous structural similarity algorithms by taking advantage of meaning contained in a graph's literals and the graph's ontology and allowing users to control how much each type of similarity effects overall scores. Preliminary tests indicate that including these sources of similarity increases scores in way that is better aligned with human intuition.

16:45 - 17:00    
    A Semantic Approach to Reachability Matrix

Nicole Dalia Cilia
Noemi Scarpato
Marco Romano

Click for abstract

The Cyber Security is a crucial aspect of networks management.The Reachability Matrix computation is one of the main challenge in this field. This paper presents an intelligent solution in order to address the Reachability Matrix computational problem.

17:00 - 17:15 Short Break
17:00 - 18:30    
    Poster Session / Social Event      

Friday, November 20th
08:50 - 09:00     Announcements  
09:00 - 10:00     Keynote Address 3
Alexander Kott
The Unbearable Lightness in the Meaning of Cyber Risk

10:00 - 10:30     Break
10:30 - 11:00    
      Towards an Operational Semantic Theory
of Cyber Defense Against
Advanced Persistent Threats

paper        presentation
Steven Meckl
Gheorghe Tecuci
Mihai Boicu
Dorin Marcu
Click for abstract

This paper presents current work on developing an operational semantic theory of cyber defense against advanced persistent threats (APTs), which is grounded in cyber threat analytics, science of evidence, knowledge engineering, and machine learning. After introducing advanced persistent threats, it overviews a systematic APT detection framework and the corresponding APT detection models, the formal representation and learning of these models in the knowledge base of a cognitive agent, and the development and integration of such agents into a specific cyber security operation center.

11:00 - 11:30    
    Genetic Counseling Using Workflow-based EMRs

Bo Yu
Duminda Wijesekera
Paulo Costa
Sharath Hiremegalore     
Click for abstract

Widespread use of genetic tests for medical treatment and clinical genetic counseling--as a cost-effective treatment for an increasing number of hereditary disorders--has led to study of privacy and disclosure issues, and has compelled governments to limit disclosure of test results. To the best of our knowledge, no clinical workflows for genetic counseling apply applicable information disclosure laws have been documented and enforced in Electronic Medical Records (EMRs).To fill this void, herein we model a representative genetic counseling workflow and show how to simultaneously enforce privacy and informed consents in an open-source EMR. Our prototype provides workflow-guided counseling as well as consent management that enforces state and federal law-compliant genetic information sharing.

11:30 - 13:00 Luncheon
13:00 - 14:00     Keynote Address 4
James Momoh
Resilent Power Grids

14:00 - 14:15 Short Break
14:15 - 14:45    
    Controlled and Uncontrolled English for
Ontology Editing

Brian Donohue
Kutach Douglas
Amardeep Bhattal
Dave Braines
Geeth de Mel
Robert Ganger
Tien Pham
Ron Rudnicki
Barry Smith
Click for abstract

Ontologies formally represent reality in a way that limits ambiguity and facilitates automated reasoning and data fusion, but is often daunting to the non-technical user. Thus, many researchers have endeavored to hide the formal syntax and semantics of ontologies behind the constructs of Controlled Natural Languages (CNLs), which retain the formal properties of ontologies while simultaneously presenting that information in a comprehensible natural language format.

In this paper, we build upon previous work in this field by evaluating prospects of implementing International Technology Alliance Controlled English (ITA-CE) as a middleware for ontology editing. We also discuss at length a prototype of a natural language conversational interface application designed to facilitate ontology editing via the formulation of CNL constructs.

14:45 - 15:15    
      Toward Representing and Recognizing
Cyber-Physical Elements in Competition
Using Event Semantics

Alonza Mumford
Duminda Wijesekera
Paulo Costa

Click for abstract

The Federal Aviation Administration (FAA) is observing an increasing number of incidents involving recreational drones, and imagining a future where every drone will be equipped with an Automatic Dependent Surveillance-Broadcast (ADS-B) transponder that communicates and cooperates with the FAA's Next Generation (NextGen) Aviation Cyber-Physical System in order to help mitigate aerial collision risk [1]. This exemplar application involves human or autonomous agents interacting within some sort of cyber-physical system where competition or cooperation between cyber-physical elements exist. We anticipate that the use of higher-level abstractions will be required for modeling human or autonomous agent's interactions within these types of systems in order to make sense of the observations derived from sensor data.

In this paper, we articulate an approach that uses event semantics to represent the temporal, spatial, factor, and outcome features of activities generated by competing or cooperating agents functioning within a cyber-physical environment. We use those semantics, along with observations of activity, to model higher-level activity abstractions and to help perform strategy recognition from a concrete, competition-oriented scenario reflected in a real-world, game dataset comprised of more than a half million events involving nearly 8500 unique agents. The strength of the approach is grounded in a specification of event semantics for our concrete multi-agent, competitive game ontology using Resource Description Framework Schema (RDFS) and Ontology Web Language (OWL). By leveraging these Semantic Web languages, we anticipate that the use of event semantics to describe cooperative or competitive agent interactions within cyber-physical systems will become more predominant in the future.

15:15 - 15:30            Award and Final Remarks      

Last updated: 11/19/2015