Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107865
R. Sawilla, D. Wiemer
Modern militaries rely heavily on computer networks and they have become a part of the critical infrastructure that must be protected. Computer networks, both military and non-military, are constantly being attacked and data about new vulnerabilities and attacks must be analyzed and processed at a speed that enables timely mitigation. The ARMOUR Technology Demonstration Project (TDP) is a five-year activity that will demonstrate automated Computer Network Defence (CND) capabilities based on the Observe, Orient, Decide and Act (OODA) decision process. We present the ARMOUR TDP Concept of Operations and Architecture, and promote an open source integration framework for collaborative development.
{"title":"Automated computer network defence technology demonstration project (ARMOUR TDP): Concept of operations, architecture, and integration framework","authors":"R. Sawilla, D. Wiemer","doi":"10.1109/THS.2011.6107865","DOIUrl":"https://doi.org/10.1109/THS.2011.6107865","url":null,"abstract":"Modern militaries rely heavily on computer networks and they have become a part of the critical infrastructure that must be protected. Computer networks, both military and non-military, are constantly being attacked and data about new vulnerabilities and attacks must be analyzed and processed at a speed that enables timely mitigation. The ARMOUR Technology Demonstration Project (TDP) is a five-year activity that will demonstrate automated Computer Network Defence (CND) capabilities based on the Observe, Orient, Decide and Act (OODA) decision process. We present the ARMOUR TDP Concept of Operations and Architecture, and promote an open source integration framework for collaborative development.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130771887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107840
T. Breaux, Catherine B. Lotrionte
Cyber security increasingly depends on advance notice of emerging threats as individuals, groups or nations attempt to exfiltrate information or disrupt systems and services. Advance notice relies on having access to the right information at the right time. This information includes trace digital evidence, distributed across public and private networks that are governed by various privacy policies, inter-agency agreements, federal and state laws and international treaties. To enable rapid and assured information sharing that protects privacy, the US government needs a means to balance privacy with the need to share. In this paper, we review US laws and policies governing government surveillance and describe key elements for a privacy management framework that seeks to enable government investigations while protecting privacy in a systematic way. The framework aligns existing Federal investigative guidelines for attributing a cyberattack with concerns for automated decision making that arise from the Fourth Amendment “reasonable expectation of privacy” and several fair information practice principles. We discuss technical challenges for those seeking to implement this framework.
{"title":"Towards a privacy management framework for distributed cybersecurity in the new data ecology","authors":"T. Breaux, Catherine B. Lotrionte","doi":"10.1109/THS.2011.6107840","DOIUrl":"https://doi.org/10.1109/THS.2011.6107840","url":null,"abstract":"Cyber security increasingly depends on advance notice of emerging threats as individuals, groups or nations attempt to exfiltrate information or disrupt systems and services. Advance notice relies on having access to the right information at the right time. This information includes trace digital evidence, distributed across public and private networks that are governed by various privacy policies, inter-agency agreements, federal and state laws and international treaties. To enable rapid and assured information sharing that protects privacy, the US government needs a means to balance privacy with the need to share. In this paper, we review US laws and policies governing government surveillance and describe key elements for a privacy management framework that seeks to enable government investigations while protecting privacy in a systematic way. The framework aligns existing Federal investigative guidelines for attributing a cyberattack with concerns for automated decision making that arise from the Fourth Amendment “reasonable expectation of privacy” and several fair information practice principles. We discuss technical challenges for those seeking to implement this framework.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"131 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132436791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107908
V. Gottemukkula, S. Saripalle, Reza Derakshani, S. P. Tankasala
Noting the advantages of texture-based features over the structural descriptors of vascular trees, we investigated texture-based features from gray level cooccurrence matrix (GLCM) and various wavelet packet energies to classify retinal vasculature for biometric identification. Wavelet packet energy features were generated by Daubechies, Coiflets and Reverse Biorthogonal wavelets. Two different entropy methods, Shannon and logarithm of energy, were used to prune wavelet packet decomposition trees. Next, wrapper methods were used for classification-guided feature selection. Features were ranked based on area under the receiver operating curves, Bhattacharya, and t-test metrics. Using the ranked lists, wrapper methods were used in conjunction with Naïve Bayesian, k-nearest neighbor (k-NN), and Support Vector Machine (SVM) classifiers. Best results were achieved by using features from Reverse Biorthogonal 2.4 wavelet packet decomposition in conjunction with a nearest neighbor classifier, yielding a 3-fold cross validation accuracy of 99.42% with a sensitivity and specificity of 98.33% and 99.47% respectively.
{"title":"A texture-based method for identificaiton of retinal vasculature","authors":"V. Gottemukkula, S. Saripalle, Reza Derakshani, S. P. Tankasala","doi":"10.1109/THS.2011.6107908","DOIUrl":"https://doi.org/10.1109/THS.2011.6107908","url":null,"abstract":"Noting the advantages of texture-based features over the structural descriptors of vascular trees, we investigated texture-based features from gray level cooccurrence matrix (GLCM) and various wavelet packet energies to classify retinal vasculature for biometric identification. Wavelet packet energy features were generated by Daubechies, Coiflets and Reverse Biorthogonal wavelets. Two different entropy methods, Shannon and logarithm of energy, were used to prune wavelet packet decomposition trees. Next, wrapper methods were used for classification-guided feature selection. Features were ranked based on area under the receiver operating curves, Bhattacharya, and t-test metrics. Using the ranked lists, wrapper methods were used in conjunction with Naïve Bayesian, k-nearest neighbor (k-NN), and Support Vector Machine (SVM) classifiers. Best results were achieved by using features from Reverse Biorthogonal 2.4 wavelet packet decomposition in conjunction with a nearest neighbor classifier, yielding a 3-fold cross validation accuracy of 99.42% with a sensitivity and specificity of 98.33% and 99.47% respectively.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131072472","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107860
Winston Li, Pan Kamal
To meet the significant increase in civil air traffic demand in the National Airspace System (NAS), the Federal Aviation Administration (FAA) is cooperating with other departments to develop Next Generation Air Transportation System (NextGen). NextGen will greatly increase the NAS capacity, efficiency, safety, flexibility, and environmental protection. Aviation Security is one of the core components in NextGen. Without security protection, all NextGen functions will be vulnerable to various attacks and cannot work robustly. In this paper, we propose an Integrated Aviation Security (IAS) framework for defense-in-depth of various aspects of NextGen security such as cyber security and aircraft anti-hijacking. IAS uses a multi-layered, cross-component, and multi-planed (data plane and control plane) structure. Multiple components in NextGen such as communication, navigation, surveillance, air traffic management, aircraft anti-hijacking, access control, biometrics, risk analysis and management, etc, are processed integratedly through information fusion to enhance the security performance of each module. We will present a detailed implementation approach of IAS including the AlertEnterprise based Integrated Risk Management (IRM) Model, defense-in-depth of communication, navigation, surveillance, and aircraft anti-hijacking. Compared with disparate systems, the proposed IAS has much higher security performance to be effective against both outsider and insider threats.
{"title":"Integrated aviation security for defense-in-depth of next generation air transportation system","authors":"Winston Li, Pan Kamal","doi":"10.1109/THS.2011.6107860","DOIUrl":"https://doi.org/10.1109/THS.2011.6107860","url":null,"abstract":"To meet the significant increase in civil air traffic demand in the National Airspace System (NAS), the Federal Aviation Administration (FAA) is cooperating with other departments to develop Next Generation Air Transportation System (NextGen). NextGen will greatly increase the NAS capacity, efficiency, safety, flexibility, and environmental protection. Aviation Security is one of the core components in NextGen. Without security protection, all NextGen functions will be vulnerable to various attacks and cannot work robustly. In this paper, we propose an Integrated Aviation Security (IAS) framework for defense-in-depth of various aspects of NextGen security such as cyber security and aircraft anti-hijacking. IAS uses a multi-layered, cross-component, and multi-planed (data plane and control plane) structure. Multiple components in NextGen such as communication, navigation, surveillance, air traffic management, aircraft anti-hijacking, access control, biometrics, risk analysis and management, etc, are processed integratedly through information fusion to enhance the security performance of each module. We will present a detailed implementation approach of IAS including the AlertEnterprise based Integrated Risk Management (IRM) Model, defense-in-depth of communication, navigation, surveillance, and aircraft anti-hijacking. Compared with disparate systems, the proposed IAS has much higher security performance to be effective against both outsider and insider threats.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115708647","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107919
Ling-Jyh Chen, Chia-Wei Li, Yu-Te Huang, C. Shih
In this paper, we present a novel solution called Internet Footprint Investigation (IFI) for the rapid detection of network outages after a natural or man-made disaster. IFI is comprised of two components: 1) the Active Network Probing (ANP) module, which proactively probes the network infrastructure to detect geographic areas that may be disconnected; and 2) the Reactive Footprint Search (RFS) module, a reactive mechanism that improves the accuracy of the ANP results by incorporating the footprints of location-based social networks (LBSNs) established after a disaster occurs. Using Typhoon Morakot, which struck Taiwan in August 2009, as a case study, we implement the IFI system and evaluate its feasibility in a real-world scenario. We observe that the accuracy of existing IP geolocation services is unsatisfactory, and posit that localized IP geolocation services should be deployed and maintained all the times. Moreover, we demonstrate how existing LBSNs can be used to search for disaster victims in areas reported by ANP, and identify so-called “critical areas,” which have no Internet activity, for priority inspection. The proposed IFI solution is simple and effective, and it can be deployed worldwide.
{"title":"A rapid method for detecting geographically disconnected areas after disasters","authors":"Ling-Jyh Chen, Chia-Wei Li, Yu-Te Huang, C. Shih","doi":"10.1109/THS.2011.6107919","DOIUrl":"https://doi.org/10.1109/THS.2011.6107919","url":null,"abstract":"In this paper, we present a novel solution called Internet Footprint Investigation (IFI) for the rapid detection of network outages after a natural or man-made disaster. IFI is comprised of two components: 1) the Active Network Probing (ANP) module, which proactively probes the network infrastructure to detect geographic areas that may be disconnected; and 2) the Reactive Footprint Search (RFS) module, a reactive mechanism that improves the accuracy of the ANP results by incorporating the footprints of location-based social networks (LBSNs) established after a disaster occurs. Using Typhoon Morakot, which struck Taiwan in August 2009, as a case study, we implement the IFI system and evaluate its feasibility in a real-world scenario. We observe that the accuracy of existing IP geolocation services is unsatisfactory, and posit that localized IP geolocation services should be deployed and maintained all the times. Moreover, we demonstrate how existing LBSNs can be used to search for disaster victims in areas reported by ANP, and identify so-called “critical areas,” which have no Internet activity, for priority inspection. The proposed IFI solution is simple and effective, and it can be deployed worldwide.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124295770","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107885
Joseph E. Chipuk, Carolyn L. Mazzitelli, J. Kendall, Stephen D. Straight, Melissa A. Reaves, Sara C. Chamberlin
Self-curing polysiloxane polymers have been developed for the forensic collection of latent signatures of explosives, organophosphates, and their degradation products. These polymeric materials penetrate the sample substrate as viscous liquids and subsequently harden to a semi-soft solid that can be peeled away from the substrate to extract signatures via the non-covalent interaction of the newly formed polymeric material with the analytes buried within the substrate. This paper discusses experiments aimed at altering the chemical and physical properties of the polysiloxane sampling materials to optimize signature recovery from porous substrates. The utility of this approach is demonstrated by the collection of explosives, organophosphates, and their degradation products from within concrete. The recovery of these signatures using the self curing polymeric formulations is compared to current operational sampling alternatives such as adhesive fingerprint lifters and swabs. Demonstration of the preparation, extraction, and analytical methods for the detection of the target compounds is also be presented.
{"title":"Tunable, self-curing polymers for the forensic collection of latent signatures from within porous materials","authors":"Joseph E. Chipuk, Carolyn L. Mazzitelli, J. Kendall, Stephen D. Straight, Melissa A. Reaves, Sara C. Chamberlin","doi":"10.1109/THS.2011.6107885","DOIUrl":"https://doi.org/10.1109/THS.2011.6107885","url":null,"abstract":"Self-curing polysiloxane polymers have been developed for the forensic collection of latent signatures of explosives, organophosphates, and their degradation products. These polymeric materials penetrate the sample substrate as viscous liquids and subsequently harden to a semi-soft solid that can be peeled away from the substrate to extract signatures via the non-covalent interaction of the newly formed polymeric material with the analytes buried within the substrate. This paper discusses experiments aimed at altering the chemical and physical properties of the polysiloxane sampling materials to optimize signature recovery from porous substrates. The utility of this approach is demonstrated by the collection of explosives, organophosphates, and their degradation products from within concrete. The recovery of these signatures using the self curing polymeric formulations is compared to current operational sampling alternatives such as adhesive fingerprint lifters and swabs. Demonstration of the preparation, extraction, and analytical methods for the detection of the target compounds is also be presented.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"8 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120935602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107851
J. Walker, Travis Jones, R. Blount
Cyber security threats require rapid identification of imminent or potential attacks to support deterrence and protection. Thomas Friedman theorized that technology has leveled or “flattened” the global playing field that once existed. This flattening has happened as a result of what he calls the “triple convergence” of platform, process and people. However, there is a general lack of understanding about how to describe, assess the complex and dynamic nature of cyber security related information to improve overall cyber security task performance. Ever since the first computer virus traversed the Internet it has been apparent that attacks can spread rapidly across national boundaries. This paper presents research that utilize bioinformatics techniques, to forecast cyber security attacks by identifying emerging threats based on analysis of computer infection, and incursions models based on human disease models.
{"title":"Visualization, modeling and predictive analysis of cyber security attacks against cyber infrastructure-oriented systems","authors":"J. Walker, Travis Jones, R. Blount","doi":"10.1109/THS.2011.6107851","DOIUrl":"https://doi.org/10.1109/THS.2011.6107851","url":null,"abstract":"Cyber security threats require rapid identification of imminent or potential attacks to support deterrence and protection. Thomas Friedman theorized that technology has leveled or “flattened” the global playing field that once existed. This flattening has happened as a result of what he calls the “triple convergence” of platform, process and people. However, there is a general lack of understanding about how to describe, assess the complex and dynamic nature of cyber security related information to improve overall cyber security task performance. Ever since the first computer virus traversed the Internet it has been apparent that attacks can spread rapidly across national boundaries. This paper presents research that utilize bioinformatics techniques, to forecast cyber security attacks by identifying emerging threats based on analysis of computer infection, and incursions models based on human disease models.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"338 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116337511","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107867
M. Saxon, Richard Rossman, Kevin Yontosh, Gregory Merboth
Battelle is the systems integrator on the Hazard Mitigation, Materiel and Equipment Restoration (HaMMER) Advanced Technology Demonstration (ATD) which is demonstrating integrated systems of decontaminants, applicators, and processes for recovery after a chemical or biological (CB) attack. Solutions have been developed using live agent testing and feedback from the user community. The HaMMER ATD is funded by the DTRA Joint Science and Technology Office and sponsored by the U.S. Pacific Command. The Joint Project Manager for Protection is the Transition Manager, and the U.S. Army Edgewood Chemical Biological Center serves as the Technical Manager. The HaMMER ATD focuses on three areas: • Agent disclosure — to provide a visual indication of the extent of contamination • Strippable coatings — pre-applied to mitigate contact and vapor hazards • Custom decontamination solutions that provide a dial-a-decon capability To date, the work has identified technologies that, when collectively applied, reduce or eliminate CB hazards following an attack. Technologies are grouped into suites targeted for mobile, stationary, and preparatory employment. HaMMER products will be considered for transition into the Decontamination Family of Systems (DFoS), using HaMMER test results for risk reduction. Beyond testing new technologies and systems, the program also provides a test bed to introduce new test protocols and operational methods. The HaMMER FoS consists of mobile, stationary, and support suites. The mobile suites focus on technologies that can be carried and employed on-the-move, while the stationary suite focuses on technologies that can be deployed to support field operations. The support suite provides the capability to apply preparatory measures prior to mission deployment. For the military, program benefits include: • New components and technologies that may replace or supplement existing decontamination equipment under current doctrine (near-term) • New FoS employed under new Concept of Operations (CONOPS) (mid-term) • Flexible configurations to address specific problems and operational needs • Incorporation of user feedback to ensure the suitability of the products These benefits and lessons learned from the program are easily translated into similar benefits for emergency responders and other homeland security professionals.
{"title":"Hazard Mitigation, Materiel and Equipment Restoration (HaMMER) Advanced Technology Demonstration (ATD)","authors":"M. Saxon, Richard Rossman, Kevin Yontosh, Gregory Merboth","doi":"10.1109/THS.2011.6107867","DOIUrl":"https://doi.org/10.1109/THS.2011.6107867","url":null,"abstract":"Battelle is the systems integrator on the Hazard Mitigation, Materiel and Equipment Restoration (HaMMER) Advanced Technology Demonstration (ATD) which is demonstrating integrated systems of decontaminants, applicators, and processes for recovery after a chemical or biological (CB) attack. Solutions have been developed using live agent testing and feedback from the user community. The HaMMER ATD is funded by the DTRA Joint Science and Technology Office and sponsored by the U.S. Pacific Command. The Joint Project Manager for Protection is the Transition Manager, and the U.S. Army Edgewood Chemical Biological Center serves as the Technical Manager. The HaMMER ATD focuses on three areas: • Agent disclosure — to provide a visual indication of the extent of contamination • Strippable coatings — pre-applied to mitigate contact and vapor hazards • Custom decontamination solutions that provide a dial-a-decon capability To date, the work has identified technologies that, when collectively applied, reduce or eliminate CB hazards following an attack. Technologies are grouped into suites targeted for mobile, stationary, and preparatory employment. HaMMER products will be considered for transition into the Decontamination Family of Systems (DFoS), using HaMMER test results for risk reduction. Beyond testing new technologies and systems, the program also provides a test bed to introduce new test protocols and operational methods. The HaMMER FoS consists of mobile, stationary, and support suites. The mobile suites focus on technologies that can be carried and employed on-the-move, while the stationary suite focuses on technologies that can be deployed to support field operations. The support suite provides the capability to apply preparatory measures prior to mission deployment. For the military, program benefits include: • New components and technologies that may replace or supplement existing decontamination equipment under current doctrine (near-term) • New FoS employed under new Concept of Operations (CONOPS) (mid-term) • Flexible configurations to address specific problems and operational needs • Incorporation of user feedback to ensure the suitability of the products These benefits and lessons learned from the program are easily translated into similar benefits for emergency responders and other homeland security professionals.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117068147","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107886
R. Daley, Thomas Millar, M. Osorno
Cyber threats are becoming increasingly sophisticated and subtle, making them even harder to detect and contain, and the number of critical, often simultaneous cyber incidents continues to rise at an alarming rate. In this environment, coordinated incident handling across a variety of organizations and incidents is essential for effective response. Current approaches use linear processes developed to handle single incidents with little attention paid to simultaneous or complex attacks encompassing many incidents, to coordination with other organizations, or the ability to scale to the size necessary for large, cross-cutting incidents. We have developed a coordination model for cyber incident management that provides enough structure to enable cooperative operations, but is sufficiently abstract to enable the organizational autonomy and customization essential for effective response for all types of organizations. It is easily understood, straightforward to apply, and versatile enough to overlay on existing organizational processes and structures, both for small, local activities as well as large, cross-organizational ones. This model will enable faster recognition and more rapid escalation of important cyber incidents as well as improving knowledge about such incidents for organizational peers across the community, further enhancing their local response capabilities.
{"title":"Operationalizing the coordinated incident handling model","authors":"R. Daley, Thomas Millar, M. Osorno","doi":"10.1109/THS.2011.6107886","DOIUrl":"https://doi.org/10.1109/THS.2011.6107886","url":null,"abstract":"Cyber threats are becoming increasingly sophisticated and subtle, making them even harder to detect and contain, and the number of critical, often simultaneous cyber incidents continues to rise at an alarming rate. In this environment, coordinated incident handling across a variety of organizations and incidents is essential for effective response. Current approaches use linear processes developed to handle single incidents with little attention paid to simultaneous or complex attacks encompassing many incidents, to coordination with other organizations, or the ability to scale to the size necessary for large, cross-cutting incidents. We have developed a coordination model for cyber incident management that provides enough structure to enable cooperative operations, but is sufficiently abstract to enable the organizational autonomy and customization essential for effective response for all types of organizations. It is easily understood, straightforward to apply, and versatile enough to overlay on existing organizational processes and structures, both for small, local activities as well as large, cross-organizational ones. This model will enable faster recognition and more rapid escalation of important cyber incidents as well as improving knowledge about such incidents for organizational peers across the community, further enhancing their local response capabilities.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125729430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-12-19DOI: 10.1109/THS.2011.6107915
Charlie K. Dagli, K. Brady, Daniel C. Halbert
Missing or degraded information continues to be a significant practical challenge facing automatic face representation and recognition. Generally, existing approaches seek either to generatively invert the degradation process or find discriminative representations that are immune to it. Ideally, the solution to this problem exists between these two perspectives. To this end, in this paper we show the efficacy of using probabilistic linear subspace models (in particular variational probabilistic PCA) for both modeling and recognizing facial data under disguise or occlusion. From a discriminative perspective, we verify the efficacy of this approach for attenuating the effect of missing data due to disguise and non-linear speculars in several verification experiments. From a generative view, we show its usefulness in not only estimating missing information, but also understanding facial covariates for image reconstruction. In addition, we present a least-squares connection to the maximum likelihood solution under missing data and show its intuitive connection to the geometry of the subspace learning problem.
{"title":"Face recognition despite missing information","authors":"Charlie K. Dagli, K. Brady, Daniel C. Halbert","doi":"10.1109/THS.2011.6107915","DOIUrl":"https://doi.org/10.1109/THS.2011.6107915","url":null,"abstract":"Missing or degraded information continues to be a significant practical challenge facing automatic face representation and recognition. Generally, existing approaches seek either to generatively invert the degradation process or find discriminative representations that are immune to it. Ideally, the solution to this problem exists between these two perspectives. To this end, in this paper we show the efficacy of using probabilistic linear subspace models (in particular variational probabilistic PCA) for both modeling and recognizing facial data under disguise or occlusion. From a discriminative perspective, we verify the efficacy of this approach for attenuating the effect of missing data due to disguise and non-linear speculars in several verification experiments. From a generative view, we show its usefulness in not only estimating missing information, but also understanding facial covariates for image reconstruction. In addition, we present a least-squares connection to the maximum likelihood solution under missing data and show its intuitive connection to the geometry of the subspace learning problem.","PeriodicalId":228322,"journal":{"name":"2011 IEEE International Conference on Technologies for Homeland Security (HST)","volume":"152 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114381903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: