MENU
STIDS 2015 Home
About--
Topic list
Organization
Venue & Local info
Registration
Program--
Keynote Speakers
Tutorials
Best Paper Award
Agenda & Papers
Programme
Submission
Important dates
Classified Session
Download CFP
Previous websites--
STIDS 2015 Website
STIDS 2014 Website
STIDS 2013 Website
STIDS 2012 Website
STIDS 2011 Website
STIDS 2010 Website
OIC 2009 Website
OIC 2008 Website
Previous proceedings--
STIDS 2015
STIDS 2014
STIDS 2013
STIDS 2012
STIDS 2011
STIDS 2010
OIC 2009
OIC 2008
OIC 2007
C4I
Home
|
SEMANTIC
TECHNOLOGY FOR
INTELLIGENCE,
DEFENSE, AND
SECURITY
STIDS 2015
Schedule of Events
Wednesday, November 18th
| 08:30 - 09:00 |
|
Registration |
|
|
|
|
| 09:00 - 17:00 |
|
Tutorials |
Thursday, November 19th
| 08:00 - 09:00 |
|
Registration |
|
|
|
| 09:00 - 09:15 |
|
Welcome |
|
|
|
| 09:15 - 10:15 |
|
Keynote Address 1 |
|
Mark Hartong
Positive Train Control Critical Infrastructure
presentation
|
|
|
|
| 10:15 - 10:45 |
|
Break |
|
|
|
| 10:45 - 11:15 |
|
| |
|
Joint Doctrine Ontology:
A Benchmark for Military Information Systems
Interoperability
paper
presentation
|
Peter Morosoff
Ron Rudnicki
Jason Bryant
Robert Farrell
Barry Smith
|
|
Click for abstract
When the U.S. conducts warfare, elements of a force are drawn from different Services and work together as a single team to accomplish an assigned mission on the basis of joint doctrine. To achieve such unified action, it is necessary that specific Service doctrines be both consistent with and subservient to joint doctrine. But there are two further requirements that flow from the ways in which unified action increasingly involves not only live forces but also automated systems. First, the information technology that is used in joint warfare must be aligned with joint doctrine. Second, the separate information systems used by the different elements of a joint force must be interoperable, in the sense that data and information that is generated by each element must be usable (understandable, processable) by all the other elements that need them. Currently, such interoperability is impeded by multiple inconsistencies among the different data and software standards used by warfighters. We describe here the on-going project of creating a Joint Doctrine Ontology (JDO), which uses joint doctrine to provide shared computer-accessible content valid for any field of military endeavor, organization, and information system. JDO addresses the two previously-mentioned requirements of unified action by providing a widely applicable benchmark for use by developers of information systems that will both guarantee alignment with joint doctrine and support interoperability.
|
| 11:15 - 11:45 |
|
| |
|
Automated Ontology Creation using XML Schema
Elements
paper
|
Samuel Suhas Singapogu
Paulo Costa
Mark Pullen
|
|
Click for abstract
Ontologies are commonly used to represent formal semantics in a computer system, usually capturing them in the form of concepts, relationships and axioms. Axioms convey asserted knowledge, which support inferring new knowledge through logical reasoning. For complex systems, the process of creating ontologies manually can be tedious and error-prone. Many automated methods of knowledge discovery are based on mining domain text corpus, but current state-of-the-art methods using this approach fail to properly consider semantic data embedded in XML schemata in complex systems.
This paper proposes a mapping method for identifying relevant semantic data in XML schemata, automatically structuring and representing it in the form of a draft ontology. Concepts, concept hierarchy and domain relationships from XML schema are mapped to relevant part of an OWL ontology. A part-of-speech tagging method extracts domain relationships from schema annotations. This mapping method can be applied to any system that has a well-annotated XML schema. We illustrate our process with the preliminary results obtained when creating a command and control to simulation (C2SIM) draft ontology from an XML schema.
|
|
|
|
| 11:45 - 12:15 |
|
| |
|
A Probabilistic Ontology for Large-Scale IP Geolocation
paper
presentation
|
Kathryn Laskey
Sudhanshu Chandekar
Bernd-Peter Paris
|
|
Click for abstract
Mapping IP addresses to physical locations is important for a host of cyber security applications. Examples include identifying the origin of cyber attacks, protecting against fraud in internet commerce, screening emails for phishing, and enforcing restrictions on commerce with sanctioned countries. Simultaneous geolocation of large numbers of IP hosts is needed for cyber situation awareness. Explicit formal representation of the geospatial aspects of the cyber domain is necessary for interoperation with other cyber security capabilities. Formally representing the uncertainty inherent in geolocation supports increased accuracy via information fusion, as well as integration of geospatial inference with inference about other aspects of the cyber landscape. This paper presents a probabilistic ontology (PO) for IP geolocation. The geolocation PO is represented in the PR-OWL language, which allows an OWL ontology to be augmented with information to support uncertainty management. We show how the PR-OWL ontology supports automated construction of a Bayesian network for simultaneously geolocating a large number of IP hosts. The ultimate aim is to integrate our probabilistic ontology into a comprehensive cyber security probabilistic ontology to support cyber situation awareness, predictive modeling, and response strategy definition.
|
|
|
|
| 12:15 - 13:15 |
|
Lunch |
|
|
|
| 13:15 - 14:15 |
|
Keynote Address 2 |
|
Bruno Sinopoli
On the Security of Cyber-Physical Systems
|
|
|
|
| 14:15 - 14:30 | |
Short Break |
|
|
|
| |
|
| 14:30 - 15:00 |
|
|
| |
|
Towards a Human Factors Ontology for Cyber Security
paper
presentation
|
Alessandro Oltramari
Diane Henshel
Mariana Cains
Blaine Hoffman
|
|
Click for abstract
Traditional cybersecurity risk assessment is reactive and based on business risk assessment approach. The 2014 NIST Cybersecurity Framework provides businesses with an organizational tool to catalog cybersecurity efforts and areas that need additional support. As part of an on-going effort to develop a holistic, predictive cyber security risk assessment model, the characterization of human factors, which includes human behavior, is needed to understand how the actions of users, defenders (IT personnel), and attackers affect cybersecurity risk. Trust has been found to be a crucial element affecting an individual's role within a cyber system. The use of trust as a human factor in holistic cybersecurity risk assessment relies on an understanding how differing mental models, risk postures, and social biases impact the level trust given to an individual and the biases affecting the ability to give said trust. The Human Factors Ontology illustrates the individual characteristics, situational characteristics, and relationships that influence the trust given to an individual. Furthering the incorporation of ontologies into the science of cybersecurity will help decision-makers build the foundation needed for predictive and quantitative risk assessments.
|
| 15:00 - 15:30 |
| |
| |
|
Ontology-based Adaptive Systems of Cyber Defense
paper
|
Noam Ben-Asher
Alessandro Oltramari
Robert Erbacher
Cleotilde Gonzalez
|
|
Click for abstract
In this paper we outline a holistic approach for understanding and simulating human decision making in knowledge-intensive tasks. To this purpose, we integrate semantic and cognitive models in a hybrid computational architecture. The contribution of the paper is twofold: first we describe a packet-centric ontology to represent network traffic. We show how the ontology is used to describe real-world network traffic and also serve as a basis for higher level ontologies of cyber operation, threat and risk. Second, we demonstrate how the combination of the packet-centric ontology with an adaptive cognitive agent with learning capabilities, can be used to understand the human defender reasoning processes when monitoring network traffic. Through simulation experiments we evaluated the proposed hybrid computational architecture and demonstrate its ability to successfully detect malicious port scanning within legitimate network traffic. We discuss the implications of these findings for improving our understanding of the cognitive processes and knowledge requirements of the cyber defender, as well as the possible use of the hybrid architecture as a cognitively inspired decision support tool.
|
|
|
|
| 15:30 - 15:45 |
|
Short Break |
|
|
|
| 15:45 - 16:15 |
| |
| |
|
Enabling New Technologies for Cyber Security Defense
with the ICAS Cyber Security Ontology
paper
|
Malek Ben Salem
Chris Wacek
|
|
Click for abstract
Incident response teams that are charged with breach discovery and containment face several challenges, the most important of which is access to pertinent data. Our TAPIO (Targeted Attack Premonition using Integrated Operational data) tool is designed to solve this problem by automatically extracting data from across the enterprise into a fully linked semantic graph and making it accessible in real time. Automated data translation reduces the costs to deploy and extend the system, while presenting data as a linked graph gives analysts a powerful tool for rapidly exploring the causes and effects of a particular event. At the heart of this tool is a cyber security ontology that is specially constructed to enable the TAPIO tool to automatically ingest data from a wide range of data sources, and which provides semantic relationships across the landscape of an enterprise network. In this paper we present this ontology, describe some of the decisions made during its development, and outline how it enables automated mapping technologies of the TAPIO system.
|
| 16:15 - 16:45 |
| |
|
|
Similarity in Semantic Graphs: Combining
Structural, Literal, and Ontology-based Measures
paper
presentation
|
Lindsey Vanderlyn
Carl Andersen
Plamen Petrov
|
|
Click for abstract
Semantic graphs provide a valuable way to represent data while preserving real world meaning. As these graphs become more popular for storing large quantities of data, it is important to have methods of determining similarity between nodes in the graph. This paper extends previous structural similarity algorithms by taking advantage of meaning contained in a graph's literals and the graph's ontology and allowing users to control how much each type of similarity effects overall scores. Preliminary tests indicate that including these sources of similarity increases scores in way that is better aligned with human intuition.
|
| 16:45 - 17:00 |
| |
|
|
A Semantic Approach to Reachability Matrix
Computation
paper
|
Nicole Dalia Cilia
Noemi Scarpato
Marco Romano
|
|
Click for abstract
The Cyber Security is a crucial aspect of networks management.The Reachability Matrix computation is one of the main challenge in this field. This paper presents an intelligent solution in order to address the Reachability Matrix computational problem.
|
|
|
|
| 17:00 - 17:15 |
|
Short Break |
|
|
|
| 17:00 - 18:30 |
|
|
| |
Poster Session / Social Event
|
|
|
|
Friday, November 20th
| 08:50 - 09:00 |
|
Announcements |
|
|
|
|
| 09:00 - 10:00 |
|
Keynote Address 3 |
|
Alexander Kott
The Unbearable Lightness in the Meaning of Cyber Risk
|
|
|
|
| 10:00 - 10:30 |
|
Break |
|
|
|
| 10:30 - 11:00 |
|
| |
|
Towards an Operational Semantic Theory
of Cyber Defense Against
Advanced Persistent Threats
paper
presentation
|
Steven Meckl
Gheorghe Tecuci
Mihai Boicu
Dorin Marcu
|
|
Click for abstract
This paper presents current work on developing an operational semantic theory of cyber defense against advanced persistent threats (APTs), which is grounded in cyber threat analytics, science of evidence, knowledge engineering, and machine learning. After introducing advanced persistent threats, it overviews a systematic APT detection framework and the corresponding APT detection models, the formal representation and learning of these models in the knowledge base of a cognitive agent, and the development and integration of such agents into a specific cyber security operation center.
|
| 11:00 - 11:30 |
|
|
|
Genetic Counseling Using Workflow-based EMRs
paper
|
Bo Yu
Duminda Wijesekera
Paulo Costa
Sharath Hiremegalore
|
|
Click for abstract
Widespread use of genetic tests for medical treatment and clinical genetic counseling--as a cost-effective treatment for an increasing number of hereditary disorders--has led to study of privacy and disclosure issues, and has compelled governments to limit disclosure of test results. To the best of our knowledge, no clinical workflows for genetic counseling apply applicable information disclosure laws have been documented and enforced in Electronic Medical Records (EMRs).To fill this void, herein we model a representative genetic counseling workflow and show how to simultaneously enforce privacy and informed consents in an open-source EMR. Our prototype provides workflow-guided counseling as well as consent management that enforces state and federal law-compliant genetic information sharing.
|
|
|
|
| 11:30 - 13:00 |
|
Luncheon |
|
|
|
| 13:00 - 14:00 |
|
Keynote Address 4 |
|
James Momoh
Resilent Power Grids
|
|
|
|
| 14:00 - 14:15 |
|
Short Break |
|
|
|
| 14:15 - 14:45 |
|
|
|
Controlled and Uncontrolled English for
Ontology Editing
paper
|
Brian Donohue
Kutach Douglas
Amardeep Bhattal
Dave Braines
Geeth de Mel
Robert Ganger
Tien Pham
Ron Rudnicki
Barry Smith
|
|
Click for abstract
Ontologies formally represent reality in a way that limits ambiguity and facilitates automated reasoning and data fusion, but is often daunting to the non-technical user. Thus, many researchers have endeavored to hide the formal syntax and semantics of ontologies behind the constructs of Controlled Natural Languages (CNLs), which retain the formal properties of ontologies while simultaneously presenting that information in a comprehensible natural language format.
In this paper, we build upon previous work in this field by evaluating prospects of implementing International Technology Alliance Controlled English (ITA-CE) as a middleware for ontology editing. We also discuss at length a prototype of a natural language conversational interface application designed to facilitate ontology editing via the formulation of CNL constructs.
|
|
|
|
| 14:45 - 15:15 |
| |
| |
|
Toward Representing and Recognizing
Cyber-Physical Elements in Competition
Using Event Semantics
paper
|
Alonza Mumford
Duminda Wijesekera
Paulo Costa
|
|
Click for abstract
The Federal Aviation Administration (FAA) is observing an increasing number of incidents involving recreational drones, and imagining a future where every drone will be equipped with an Automatic Dependent Surveillance-Broadcast (ADS-B) transponder that communicates and cooperates with the FAA's Next Generation (NextGen) Aviation Cyber-Physical System in order to help mitigate aerial collision risk [1]. This exemplar application involves human or autonomous agents interacting within some sort of cyber-physical system where competition or cooperation between cyber-physical elements exist. We anticipate that the use of higher-level abstractions will be required for modeling human or autonomous agent's interactions within these types of systems in order to make sense of the observations derived from sensor data.
In this paper, we articulate an approach that uses event semantics to represent the temporal, spatial, factor, and outcome features of activities generated by competing or cooperating agents functioning within a cyber-physical environment. We use those semantics, along with observations of activity, to model higher-level activity abstractions and to help perform strategy recognition from a concrete, competition-oriented scenario reflected in a real-world, game dataset comprised of more than a half million events involving nearly 8500 unique agents. The strength of the approach is grounded in a specification of event semantics for our concrete multi-agent, competitive game ontology using Resource Description Framework Schema (RDFS) and Ontology Web Language (OWL). By leveraging these Semantic Web languages, we anticipate that the use of event semantics to describe cooperative or competitive agent interactions within cyber-physical systems will become more predominant in the future.
|
|
|
|
| 15:15 - 15:30 |
|
Award and Final Remarks |
|
|
|
|
|
|
|
(
(
(
(