1 / 7

ArtificiaI Intelligence Methods for Detection and Handling of Software Behavior Anomalies

ArtificiaI Intelligence Methods for Detection and Handling of Software Behavior Anomalies. Chris Simpkins Georgia Tech Research Institute http://www.cc.gatech.edu/~simpkins/. Key Problem #1: Self-Aware Software.

Download Presentation

ArtificiaI Intelligence Methods for Detection and Handling of Software Behavior Anomalies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ArtificiaI Intelligence Methods for Detection and Handling of Software Behavior Anomalies Chris Simpkins Georgia Tech Research Institute http://www.cc.gatech.edu/~simpkins/

  2. Key Problem #1: Self-Aware Software • For Applications Community vision to work, software must “know” when something is wrong • Formally, software systems (or wrappers/monitors) must implement the function • F({features}+,g(t)) -> normal/abnormal operation • Features can be disk I/O, system calls, etc • g(t) is some characterization of the features with respect to some time-slicing • {features}+, g, and t are optimizable model parameters • F is a learnable (approximatable) function.

  3. Solving the Self-Aware Software Problem • Solution: Create intelligent agents that can monitor software behavior, learn patterns in behavior, and use this knowledge to diagnose and solve problems • Georgia Tech researchers solve similar problems in other domains: • Mutual Information Maximizing Input Clustering (MIMIC) and genetic algorithms for antenna design, neural network optimization (Isbell, Simpkins, Maloney, Kemper, Markle, Bueno) • Continuous case-based reasoning for robotic navigation, equipment condition monitoring (Ram) • Machine learning techniques to identify software execution phases in time-series data (Ozakin)

  4. Key Problem #2: Multiple Instances of Vulnerable Software • There are many instances of the same software running on multiple computers • They can fail or be attacked individually, collectively, or in any combination • Recognizing an attack may require collective knowledge of many/all software instances

  5. Solving the Multiple Instances Problem • Solution: Create multi-agent systems of intelligent, self-aware software agents which collaborate to create shared situation awareness and offer more options for dealing with problems. • Georgia Tech researchers solve similar problems in other domains: • Adaptive network intrusion detection using distributed data mining (Lee) • Social intelligence in large scale multi-agent systems: ant and bee behavior modeling (Balch, Dellaert) • RoboCup robotic soccer dogs (Balch)

  6. AI Needed to Make Application Communities Work • Key Problem #1: Making Software Self-Aware • Solution: Intelligent agents employing machine learning to detect anomalies • Key Problem #2: Multiple Copies • Solution: Compose self-aware software into collaborative multi-agent systems • Georgia Tech has solved these AI problems in other domains, can solve them for AC

  7. More Information • Georgia Tech College of Computing • http://www.cc.gatech.edu/ • Georgia Tech Information Security Center • http://www.gtisc.gatech.edu/ • Cognitive Computing Lab • http://www.ccl.cc.gatech.edu/ • BORG Lab • http://borg.cc.gatech.edu/

More Related