We describe the Scyllarus system, which performs Intrusion Detection System (IDS) fusion, using Bayes nets and qualitative probability. IDSes are systems that sense intrusions in computer networks and hosts. IDS fusion is the problem of fusing reports from multiple IDSes scattered around a computer network we wish to defend, into a coherent overall picture of network status. Scyllarus treats the problem of IDS fusion as an abduction problem, formalized using Bayes nets and Knowledge-based Model Construction (KBMC). Because of the coarseness of the data available, Scyllarus uses a qualitative framework, based on System-Z+. Qualitative Bayes nets allow Scyllarus to exploit the trengths of probabilistic reasoning, without excessive knowledge acquisition and without committing to a misleading level of accuracy in its conclusions.

We describe a novel architecture for network de-fense designed for scaling to very high data rates (100 Gb/s) and very large user populations. Scaling requires both efficient attack detection algorithms as well as appropriate an execution envi-ronment. Our architecture considers the time budget of traffic data extraction and algorithmic processing, provides a suite of detection algorithms—each designed to present different and complementary views of the data—that generate many “traffic events,” and reduces false positives by correlating these traffic events into benign or malicious hypotheses.

Over the past several months, we have been engaged in the definition and implementation of automated planning capabilities for supporting NASA operations personnel in planning and executing operations on the International Space Station (ISS). For this activity, we have chosen to use the Action Notation Modeling Language (ANML). In this process, we have exercised much of ANML’s considerable flexibility, including exploring several different means of specifying goal decomposition, rather than the task decomposition directly supported in ANML. We have also encountered unexpected semantic ambiguities in the language, for example related to the use of functional fluents with non-numeric ranges. In this paper, we briefly describe the domain, then discuss the modeling challenges arising in this domain and how we have used ANML to address those challenges, and some lessons learned about ANML in the process.

A system and method of efficiently and effectively triaging an image that may include one or more target entities. The image is divided into a plurality of individual image chips, and each image chip is successively displayed to a user for a presentation time period. Data are collected from the user at least while each image chip is being displayed. For each image chip, a probability that the image chip at least includes a target entity is assigned, based at least in part on the collected data. The image is then displayed with the assigned probabilities overlaid thereon.

Over the past several months, we have been engaged in layering planning information onto execution procedures for supporting NASA operations personnel in planning and executing activities on the International Space Station (ISS). The procedures are captured in the Procedural Representation Language (PRL). The planning information is to be integrated with the procedural information using a PRL authoring system. This paper describes an initial design for eliciting planning information by the domain experts who created the procedures. The goal is to generate actions in standard planning languages that automated planners can use to generate executable plans. Of particular note is that the resulting action representations support both goal and action HTN decompositions.

Embodiments of the present invention relate to methods, devices, and systems to monitor activity. One method to monitor activity includes monitoring a sensor activated by an individual. The method also includes recording activation of the sensor, determining a behavior routine of the individual based on recorded activations of the sensor, and analyzing the recorded sensor activations to determine a behavior routine. The method also includes identifying a change in the behavior routine based on the analysis of the recorded sensor activations.

A specific and currently relevant issue motivating the notion of ruggedized software is the confluence of the threat of cyber attacks and our increased dependence on software systems in enterprise as well as tactical situations. Software services that are essential for mission success must not only withstand normal wear and tear, stresses and accidental failures, they also must endure the stresses and failures caused by malicious activities and continue to remain usable. The Crumple Zone (CZ), a software shock absorber that absorbs attack effects before they cause significant system failures, is an architectural construct that we have developed and are maturing iteratively. We argue that the CZ is an important building block for constructing ruggedized software for supporting network-centric operations. In this paper we discuss the CZ in the context of Service-Oriented Architecture (SOA) and describe a configuration that has been realized and demonstrated.

US Patent Number 8,195,599
The present disclosure includes methods, devices, and systems for inferring system-level properties. One or more embodiments include generating a constraint model based on a system model having a number of components at different levels of abstraction and on a number of verified component properties. The constraint model can include a number of mission constraints modeling one or more mission requirements, a number of system constraints modeling one or more system-level properties, mid a number of component constraints modeling one or more component properties. One or more embodiments can include analyzing the constraint model with a constraint solver to determine whether one or more particular system-level properties can be inferred from the constraint model.

We are concerned with the problem of optimizing network resource allocations to mission tasks. The model includes unreliable network assets, multiple mission tasks and phases,and the possibility of over-provisioning one or more tasks as a means of increasing the likelihood of task success. In this paper, we describe an implemented approach to optimizing network resources so as to optimize the expected utility of the mission. This differs significantly from previous work on cloud and network management, where the objective was to optimize some operational measure of the network itself, rather than the effect of network failures on a specific task. The work described here is preliminary: we describe the problem and the approach, define an architecture, and present the current state of the implementation.

The present disclosure includes systems and methods for route planning. As an example, a computer implemented method for route planning can include generating a first portion of a planned route between a first location and a second location by assembling a set of previously traversed route segments each corresponding to one or more of a number of previously traversed routes, aggregating the set of previously traversed route segments with a number of route segments determined by a model-based route planning subsystem and corresponding to a second portion of the planned route, and causing the planned route to be provided to a display of a computing device.