1 / 16

COLLEGE OF INFORMATION SCIENCES AND TECHNOLOGY

COLLEGE OF INFORMATION SCIENCES AND TECHNOLOGY. ARO Workshop on Cyber Situation Awareness RPD-inspired Hypothesis Reasoning for Cyber Situation Awareness November 14, 2007 John Yen, Mike McNeese, and Peng Liu. Overview. Cognitive Foundation: RPD Model

floria
Download Presentation

COLLEGE OF INFORMATION SCIENCES AND TECHNOLOGY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COLLEGE OF INFORMATION SCIENCES AND TECHNOLOGY ARO Workshop on Cyber Situation AwarenessRPD-inspired Hypothesis Reasoning for Cyber Situation AwarenessNovember 14, 2007John Yen, Mike McNeese, and Peng Liu NCSD-ADS-DOC-3810-2.0-20070412

  2. Overview • Cognitive Foundation: RPD Model • RPD-enabled Collaborative Agents: R-CAST • Hypothesis Reasoning in R-CAST • Similarity-based Activation of Hypothesis • Gathering Missing Relevant Information

  3. Recognition-Primed Decision • A cognitive model of human decision-making under time pressure. • A naturalistic decision-making model • A holistic decision-making model • Includes gathering relevant information • Captures the entire decision making process, not just the “decision point”. • An adaptive decision-making process • Includes detecting changes in the environment so that decisions can be adapted.

  4. Three Types of Relevant Informationin RPD Model start Situation analysis Investigation Feature matching miss information complete anomalies detected information Evaluate option Expectancy monitor not workable workable Implement option Learning end • Missing Cues • Criteria for Evaluating Options • Expectancy Adapted from G.A. Klein 1989

  5. RPD-enabled Agents: R-CAST Investigation in RPD Information Manager in R-CAST R-CAST RPDModel

  6. Hypothesis Reasoning • Hypothesis guides the seeking of relevant information.

  7. Hypothesis Reasoning in R-CAST

  8. Similarity-based Activation of Hypotheses • Based on similarity-based matching with cues of “Experience” • Allows for partial matching • Cues can be associated with weights • Variable bindings of hypotheses are established by the matching process. Experience e1 Cue: C1 C3 C5 Hypothesize B

  9. Similarity-based Matching for Hypothesis Activation e12 Hypothesis Type D Hypothesis Type A e5 e6 e14 Hypothesis Type C e4 e10 Recommended Hypothesis e3 e7 e9 X e8 Hypothesis Type B e1 e2 Closest Experiences For Alternative Hypotheses Current Situation

  10. Hypothesis Activation • Shows the hypothesis that matches the current situation best • Presents option analysis for alternative hypotheses Matching cues of the recommended hypothesis Matching cues of alternative hypothesis Cuesnot applicable for a hypothesis Unknown cues relevant for a hypothesis

  11. Option Analysis for Alternative Hypotheses • Shows what conditions would have resulted in alternative hypothese • Blue cells indicate conditions identical to the current situations • Example: • If C3 did not occur, the recommended hypothesis would have been A

  12. Overview • Cognitive Foundation: RPD Model • RPD-enabled Collaborative Agents: R-CAST • Hypothesis Reasoning in R-CAST • Similarity-based Activation of Hypothesis • Gathering Missing Relevant Information • Automated Update/Refine of Hypothesis

  13. R-CAST Automates Gathering Relevant Information Four sources of information for matching with experiences • Facts in knowledge base • Inference rules in knowledge base • External services • Hypothesis Hypothesis Manager Experience C5? Cues C1 C3 C5 RPD Decision Model Information Manager Communication Manager C9 Service C3 ? C9 ? Hypothesis B Knowledge Base Facts Inference Rules C1 C3 C9

  14. Gather Missing InformationThrough Backward Reasoning and Hypothesis Experience Cues RPD Decision Model Information Manager C3 Inference Rules Information Requirement Decision F Hypothesize B D Missing Information C3 G E Known Missing Information H Known Request: E Agent Hypothesize F

  15. Summary • RPD-based agents enable similarity-based activation of hypotheses • Allow for incomplete information • Enable comparison with alternative hypotheses • Reasoning about missing relevant information • Through backward inference • Potential for Cyber Situation Awareness • Using hypothesis reasoning to infer missing information • Using hypothesis reasoning to reduce false positive alerts. Current Efforts • A novel integration of Bayes Net with predicate logic for missing information reasoning. • Refinement of hypotheses through reasoning about their variable bindings.

More Related