GTRI_B-1 ArtificiaI Intelligence Methods for Detection and Handling of Software Behavior Anomalies Chris Simpkins Georgia Tech Research Institute
GTRI_B-2 Key Problem #1: Self-Aware Software For Applications Community vision to work, software must “know” when something is wrong Formally, software systems (or wrappers/monitors) must implement the function F({features} +,g(t)) -> normal/abnormal operation Features can be disk I/O, system calls, etc g(t) is some characterization of the features with respect to some time-slicing {features} +, g, and t are optimizable model parameters F is a learnable (approximatable) function.
GTRI_B-3 Solving the Self-Aware Software Problem Solution: Create intelligent agents that can monitor software behavior, learn patterns in behavior, and use this knowledge to diagnose and solve problems Georgia Tech researchers solve similar problems in other domains: Mutual Information Maximizing Input Clustering (MIMIC) and genetic algorithms for antenna design, neural network optimization (Isbell, Simpkins, Maloney, Kemper, Markle, Bueno) Continuous case-based reasoning for robotic navigation, equipment condition monitoring (Ram) Machine learning techniques to identify software execution phases in time-series data (Ozakin)
GTRI_B-4 Key Problem #2: Multiple Instances of Vulnerable Software There are many instances of the same software running on multiple computers They can fail or be attacked individually, collectively, or in any combination Recognizing an attack may require collective knowledge of many/all software instances
GTRI_B-5 Solving the Multiple Instances Problem Solution: Create multi-agent systems of intelligent, self- aware software agents which collaborate to create shared situation awareness and offer more options for dealing with problems. Georgia Tech researchers solve similar problems in other domains: Adaptive network intrusion detection using distributed data mining (Lee) Social intelligence in large scale multi-agent systems: ant and bee behavior modeling (Balch, Dellaert) RoboCup robotic soccer dogs (Balch)
GTRI_B-6 AI Needed to Make Application Communities Work Key Problem #1: Making Software Self-Aware Solution: Intelligent agents employing machine learning to detect anomalies Key Problem #2: Multiple Copies Solution: Compose self-aware software into collaborative multi-agent systems Georgia Tech has solved these AI problems in other domains, can solve them for AC
GTRI_B-7 More Information Georgia Tech College of Computing Georgia Tech Information Security Center Cognitive Computing Lab BORG Lab