70 likes | 168 Views
ArtificiaI Intelligence Methods for Detection and Handling of Software Behavior Anomalies. Chris Simpkins Georgia Tech Research Institute http://www.cc.gatech.edu/~simpkins/. Key Problem #1: Self-Aware Software.
E N D
ArtificiaI Intelligence Methods for Detection and Handling of Software Behavior Anomalies Chris Simpkins Georgia Tech Research Institute http://www.cc.gatech.edu/~simpkins/
Key Problem #1: Self-Aware Software • For Applications Community vision to work, software must “know” when something is wrong • Formally, software systems (or wrappers/monitors) must implement the function • F({features}+,g(t)) -> normal/abnormal operation • Features can be disk I/O, system calls, etc • g(t) is some characterization of the features with respect to some time-slicing • {features}+, g, and t are optimizable model parameters • F is a learnable (approximatable) function.
Solving the Self-Aware Software Problem • Solution: Create intelligent agents that can monitor software behavior, learn patterns in behavior, and use this knowledge to diagnose and solve problems • Georgia Tech researchers solve similar problems in other domains: • Mutual Information Maximizing Input Clustering (MIMIC) and genetic algorithms for antenna design, neural network optimization (Isbell, Simpkins, Maloney, Kemper, Markle, Bueno) • Continuous case-based reasoning for robotic navigation, equipment condition monitoring (Ram) • Machine learning techniques to identify software execution phases in time-series data (Ozakin)
Key Problem #2: Multiple Instances of Vulnerable Software • There are many instances of the same software running on multiple computers • They can fail or be attacked individually, collectively, or in any combination • Recognizing an attack may require collective knowledge of many/all software instances
Solving the Multiple Instances Problem • Solution: Create multi-agent systems of intelligent, self-aware software agents which collaborate to create shared situation awareness and offer more options for dealing with problems. • Georgia Tech researchers solve similar problems in other domains: • Adaptive network intrusion detection using distributed data mining (Lee) • Social intelligence in large scale multi-agent systems: ant and bee behavior modeling (Balch, Dellaert) • RoboCup robotic soccer dogs (Balch)
AI Needed to Make Application Communities Work • Key Problem #1: Making Software Self-Aware • Solution: Intelligent agents employing machine learning to detect anomalies • Key Problem #2: Multiple Copies • Solution: Compose self-aware software into collaborative multi-agent systems • Georgia Tech has solved these AI problems in other domains, can solve them for AC
More Information • Georgia Tech College of Computing • http://www.cc.gatech.edu/ • Georgia Tech Information Security Center • http://www.gtisc.gatech.edu/ • Cognitive Computing Lab • http://www.ccl.cc.gatech.edu/ • BORG Lab • http://borg.cc.gatech.edu/