Entity

Time filter

Source Type

Algiers, Algeria

Rubin S.H.,Space and Naval Warfare Systems Center Pacific | Bouabana-Tebibel T.,LCSI Laboratory
Studies in Computational Intelligence | Year: 2015

Software security is increasingly a concern as cyber-attacks become more frequent and sophisticated. This chapter presents an approach to counter this trend and make software more resistant through redundancy and diversity. The approach, termed Novel Naval Cyber Strategies (NNCS), addresses how to immunize component-based software. The software engineer programs defining component rule bases using a schema-based Very High Level Language (VHLL). Chance and ordered transformation are dynamically balanced in the definition of diverse components. The system of systems is shown to be relatively immune to cyber-attacks; and, as a byproduct, yield this capability for effective component generalization. This methodology offers exponential increases in cyber security; whereas, conventional approaches can do no better than linear. A sample battle management application—including rule randomization—is provided. © Springer International Publishing Switzerland 2016. Source


Rubin S.H.,SSC PAC 71730 | Bouabana-Tebibel T.,LCSI Laboratory
Intelligent Systems Reference Library | Year: 2016

The problem addressed, in this chapter, pertains to how to represent and apply knowledge to best facilitate its extension and use in problem solving. Unlike deductive logics (e.g., the predicate calculus), an inherent degree of error is allowed for so as to greatly enlarge the inferential space. This allowance, in turn, implies the application of heuristics (e.g., multiple analogies) to problem solving as well as their indirect use in inferring the heuristics themselves. This chapter is motivated by the science of inductive inference. Examples of state-space search, linguistic applications, and a focus methodology for generating novel knowledge (components) for wartime engagement for countering (cyber) threats (WAMS) are provided. © Springer International Publishing Switzerland 2016. Source


Bouzar-Benlabiod L.,LCSI Laboratory | Benferhat S.,University of Artois | Bouabana-Tebibel T.,LCSI Laboratory
Studies in Computational Intelligence | Year: 2013

Intrusion Detection Systems (IDS) are very important tools for network monitoring. However, they often produce a large quantity of alerts. The security operator who analyses IDS alerts is quickly overwhelmed. Alert correlation is a process applied to the IDS alerts in order to reduce their number. In this paper, we propose a new approach for logical based alert correlation which integrates the security operator's knowledge and preferences in order to present to him only the most suitable alerts. The representation and the reasoning on these knowledge and preferences are done using a new logic called Instantiated First Order Qualitative Choice Logic (IFO-QCL). Our modeling shows an alert as an interpretation which allows us to have an efficient algorithm that performs the correlation process in a polynomial time. Experimental results are achieved on data collected from a real system monitoring. The result is a set of stratified alerts satisfying the operators criteria. © Springer International Publishing Switzerland 2013. Source


Bouzar-Benlabiod L.,LCSI Laboratory | Benferhat S.,University of Artois | Bouabana-Tebibel T.,LCSI Laboratory
Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE | Year: 2013

Intrusion Detection Systems (IDS) are important tools for network monitoring. However, they produce a large quantity of alerts. The security operator that analyses IDS alerts is quickly overwhelmed. Alert correlation is a process applied to the IDS alerts in order to reduce their number. In this paper, we propose a new approach for logical based alert correlation which integrates the security operator's knowledge and preferences. The goal is to present to the security operator only the most suitable alerts. The representation and the reasoning on these knowledge and preferences are done using a new logic called Instantiated First Order Qualitative Choice Logic (IFO-QCL). Our algorithm performs the correlation process in a polynomial time. Experimentation are achieved on data collected from a real system monitoring. The result is a set of stratified alerts satisfying the operators criteria. Copyright © 2013 by Knowledge Systems Institute Graduate School. Source


Bouzar-Benlabiod L.,LCSI Laboratory | Benferhat S.,University of Artois | Bouabana-Tebibel T.,LCSI Laboratory
Intelligent Data Analysis | Year: 2014

Intrusion Detection Systems (IDS) are necessary and important tools for monitoring information systems. However they produce a huge quantity of alerts. Alerts correlation is a process that reduces the number of alerts reported by intrusion detection systems. In this paper, we propose a new algorithm for a logical-based alerts correlation approach that integrates: security operator's knowledge and preferences. The representation and the reasoning on these knowledge and preferences are done using a new logic called Instantiated First Order Qualitative Choice Logic (IFO-QCL). Our modeling views an alert as an interpretation which allows us to have an efficient algorithm that performs the correlation process in a polynomial time. This paper also provides experimental results which are achieved on datasets issued from a real monitoring system. Source

Discover hidden collaborations