C4I Center


   STIDS 2016 Home

   Topic list
   Venue & Local info

   Keynote Speakers  
   Best Paper Award
   Agenda & Papers  
   Important dates  
   Classified Session  
   Download CFP   

Previous websites--
  STIDS 2015 Website
  STIDS 2014 Website
  STIDS 2013 Website
  STIDS 2012 Website
  STIDS 2011 Website
  STIDS 2010 Website
  OIC 2009 Website
  OIC 2008 Website

Previous proceedings--
  STIDS 2015
  STIDS 2014
  STIDS 2013
  STIDS 2012
  STIDS 2011
  STIDS 2010
  OIC 2009
  OIC 2008
  OIC 2007

C4I Home



STIDS 2016

Schedule of Events

Monday, November 14th
09:00 - 09:30    Registration
09:30 - 17:00    Tutorial

Tuesday, November 15th
08:00 - 09:00    Registration
09:00 - 09:15    Welcome
09:15 - 10:30    Keynote Address 1

Leo Obrst and Mark Underwood
A Whistle-stop Tour of Ontology-based Solutions to Improve Situational Awareness for a Dull, Dirty, Diverse IoT

10:30 - 10:45 Break
10:45 - 11:25    Scalable Semantically Driven Decision Trees for Crime Data

Shawn Johnson
George Karabatis
Click for abstract

When dealing with large volumes of data in organizations, there is always a need to associate data with its appropriate meaning, since the same data object may have different meaning to different users. This creates a problem of delivering search results that is different from a requester’s intended purpose. To solve this problem, we propose a parallelizable framework capable of capturing user specified constraints that are both semantically relevant to a search/domain in question as well as contextually relevant to a user and/or organization.

11:25 - 12:05     Using Ontologies to Quantify Attack Surfaces

paper        presentation
Michael Atighetchi
Borislava Simidchieva
Fusun Yaman
Thomas Eskridge
Marco Carvalho
Captain Nicholas Paltzer

Click for abstract

Abstract—Cyber defenders face the problem of selecting and configuring the most appropriate defenses to protect a given network of systems supporting a certain set of missions against cyber attacks. Cyber defenders have very little visibility into security/cost tradeoffs between individual defenses and a poor understanding of how multiple defenses interact, which, in turn, leads to systems that are insecure or too overloaded with security processing to provide necessary mission functionality. We have been developing a reasoning framework, called Attack Surface Reasoning (ASR), which enables cyber defenders to explore quantitative tradeoffs between security and cost of various compositions of cyber defense models. ASR automatically quantifies and compares cost and security metrics across multiple attack surfaces, covering both mission and system dimensions. In addition, ASR automatically identifies opportunities for mini- mizing attack surfaces, e.g., by removing interactions that are not required for successful mission execution. In this paper, we present the ontologies used for attack surface reasoning. In particular, this includes threat models describing important aspects of the target networked systems together with abstract definitions of adversarial activities. We also describe modeling of cyber defenses with a particular focus on Moving Target Defenses (MTDs), missions, and metrics. We demonstrate the usefulness and applicability of the ontologies by presenting instance models from a fictitious deployment, and show how the models support the overall functionality of attack surface reasoning.

12:05 - 13:30 Lunch
13:30 - 14:10    Developing an Ontology for Individual and Organizational Sociotechnical Indicators of Insider Threat Risk

paper        presentation
Frank Greitzer
Muhammad Imran
Justin Purl
Elise Axelrad
Yung Mei
Leong, D. E.
Sunny Becker
Kathryn Laskey
Paul Sticha
Click for abstract

Human behavioral factors are fundamental to understanding, detecting and mitigating insider threats, but to date insufficiently represented in a formal ontology. We report on the design and development of an ontology that emphasizes individual and organizational sociotechnical factors, and incorporates technical indicators from previous work. We compare our ontology with previous research and describe use cases to demonstrate how the ontology may be applied. Our work advances current efforts toward development of a comprehensive knowledge base to support advanced reasoning for insider threat mitigation.

14:10 - 14:50    A Holistic Approach to Evaluate Cyber Threats

Márcio Conte Monteiro
Thalysson Sarmento
Alexandre Barreto
Paulo Costa
Click for abstract

Several vulnerability databases and standards are currently available for assessing the degree of security of IT infrastructures in general. These standards focus on different aspects of the systems, while generally failing to provide support for holistic analyses - a key aspect in ensuring a secure IT infrastructure. This work aims to address this gap by presenting a new methodology for evaluating the overall security risks of a networked system that adopts an ontology-based approach we presented in previous work. We leverage current security standards and databases, while also considering the human factors to build a broader and interconnected view. Our methodology is meant to achieve a more realistic picture of the network security, hence improving situation awareness for its administrators. To illustrate our approach, this paper brings a case study applying the new methodology to a few target networks. The proof of concept is meant to underscore the methodology’s effectiveness in assessing the security of the whole network.

14:50 - 15:05 Break
15:05 - 15:45    An Extended Maritime Domain Awareness Probabilistic Ontology Derived from Human-aided Multi-Entity Bayesian Networks Learning

Cheol Young Park
Kathryn Laskey
Paulo Costa
Click for abstract

Ontologies have been commonly associated with representing a domain using deterministic information. Probabilistic Ontologies extend this capability by incorporating formal probabilistic semantics. PR-OWL is a language that extends OWL with semantics based on Multi-Entity Bayesian Networks (MEBN), a Bayesian probabilistic logic. Developing probabilistic ontologies can be greatly facilitated by the use of a modeling framework such as the Uncertainty Modeling Process for Semantic Technology (UMP-ST). An example of using UMP- ST was the development of a probabilistic ontology to support PROGNOS (PRobabilistic OntoloGies for Net-Centric Operational Systems), a system that supports Maritime Domain Awareness (MDA). The PROGNOS probabilistic ontology provides semantically aware uncertainty management to support fusion of heterogeneous input and probabilistic assessment of situations to improve MDA. However, manually developing and maintaining a probabilistic ontology is a labor-intensive and insufficiently agile process. Greater automation through a combination of reference models and machine learning methods may enhance agility in probabilistic situation awareness (PSAW) systems. For this reason, a process for Human-aided MEBN Learning in PSAW (HMLP) was suggested. In previous work, we used UMP-ST to develop the PROGNOS probabilistic ontology. This paper presents an extended PROGNOS probabilistic ontology developed using HMLP. The contribution of this research is to introduce the extended PROGNOS probabilistic ontology and present a comparison between two processes (UMP- ST and HMLP).

15:45 - 16:25    PR-OWL Decision: Toward Reusable Ontology Language for Decision Making under Uncertainty

Shou Matsumoto
Kathryn Laskey
Paulo Costa
Click for abstract

Decision making is a big topic in Intelligence, Defense, and Security fields. However, very little work can be found in the literature about ontology languages that simultaneously support decision making under uncertainty, abstractions/generalizations with first-order expressiveness, and forward/backward compatibility with OWL—a standard language for ontologies. This work proposes PR-OWL Decision, a language which extends PR-OWL—an extension of OWL to support uncertainty—to support first-order expressiveness, decision making under uncertainty, and backward/forward compatibility with OWL and PR-OWL.

16:25 - 16:45 Break
16:45 - 18:30     Poster Session / Social Event

Wednesday, November 16th
09:00 - 09:15    Announcements
09:15 - 10:30    Keynote Address 2

Erik Blasch - Air Force Research Laboratories
Semantic Technologies Research for Data Fusion Applications at AFRL

10:30 - 10:45 Break
10:45 - 11:25    Sharing Data under Genetic Privacy Laws

Michael Reep
Bo Yu
Duminda Wijesekera
Paulo Costa
Click for abstract

Clinical medical practice and biomedical research utilize genetic information for specific purposes. Irrespective of the purpose of obtaining genetic material, methodologies for protecting the privacy of patients/donors in both clinical and research settings have not kept pace with rapid genetic advances. When the usage of genetic information is not predicated on the latest laws and policies, the result places all-important patient/donor privacy at risk. Some methodologies err on the side of overly stringent policies that may inhibit research and open- ended diagnostic activity, whereas an opposite approach advocates a high-degree of openness that can jeopardize patient privacy, identifying patient relatives and erode the doctor-patient privilege. As a solution, we present a unique approach that is based on the premise that acceptable clinical treatment regimens are captured in workflows used by caregivers and researchers and therefore their associated purpose can be extracted from these workflows. We combine these purposes with applicable consents (derived from applicable laws) to ascertain the releasability of genetic information. Given that federal, state and institutional laws govern the use, retention and sharing of genetic information, we create a three-level rule hierarchy to apply the laws to a request and auto-generate consents prior to releasing. We prototype our system using open source tools, while ensuring that the results can be added to existing Electronic Medical Records (EMR) systems.

11:25 - 12:05     Effects-Based Air Operations Planning Framework: A knowledge-based simulation approach

André Costa
Paulo Costa

Click for abstract

Planning air warfare operations has always been a complex endeavor. However, as technology evolves at an increasingly fast pace, so does the complexity of managing its resources. In modern air operations, planners have to deal with a highly changing environment influenced by enemy air defenses, weather forecasts, among many other factors, demanding much effort to handle the great number of constraints and uncertainties presented by them. As a result, a number of decision-support systems have emerged attempting to facilitate the planning of air warfare operations. These systems usually rely on a wide variety of methodologies, which sometimes present a challenge in themselves when it comes to assessing the feasibility and effectiveness of the produced plans. Computer simulations are a practical way of providing this assessment, usually by running the resulting plans multiple times and checking the results against key criteria. Yet, establishing the right criteria, properly accounting for the “fog of war,” and avoiding impractical simulation run times and costs are still major challenges. This paper addresses such challenges by proposing the development of a decision- support framework that combines ontology-based agile knowledge and a simulation-based mission planning methodology that accounts for the inherent uncertainties that air operations face. We avoid costly computation times required by simulation- intensive course-of-action analyzers by initially pruning the solution space through ontological reasoning. Moreover, the approach complies with the Effects-Based Approach to Operations, having a clear correspondence of processes with it. The explanations are focused on a specific scenario concerning intelligence, surveillance, and reconnaissance operations.

12:05 - 13:30 Lunch
13:30 - 13:55    Extended Abstract: A Practical Approach to Data Modeling using CCO

paper        presentation
Rod Moten
Bill Barnhill
Click for abstract

In this paper, we present work in progress on using the Information Domain ontologies of CCO (Common Core Ontologies) as a domain model for land combat. Our goal is to use the domain model as a common semantics for multiple land combat logical models. In the paper, we show how our domain model can be mapped to different logical models in a manner that is less labor intensive than the approach commonly used by users of CCO. We demonstrate our approach by describing how our domain model, which is a domain ontology of CCO, is mapped to logical models created in Ecore and NIEM (National Information Exchange Model).

13:55 - 14:20     Semantic Cyberthreat Modelling

paper        presentation
Siri Bromander
Audun Jøsang
Martin Eian
Click for abstract

Cybersecurity is a complex and dynamic area where multiple actors act against each other through computer net- works largely without any commonly accepted rules of engagement. Well-managed cybersecurity operations need a clear terminology to describe threats, attacks and their origins. In addition, cybersecurity tools and technologies need semantic models to be able to automatically identify threats and to predict and detect attacks. This paper reviews terminology and models of cybersecurity operations, and proposes approaches for semantic modelling of cybersecurity threats and attacks.

14:20 - 14:35    Michael Dean Best Paper Award
14:35 - 14:50    Final Remarks

Thursday, November 17th
09:00 - 17:00    Classified Session

Last updated: 11/22/2016