Center of Excellence in Command, Control, Communications, and Intelligence
Permanent URI for this community
The Center of Excellence in Command, Control, Communications, and Intelligence at George Mason University was established under the direction of Dr.Harry Van Trees in July 1989 in order to provide an intellectual base for the command , control, communications, and intelligence area. Dr.Mark Pullen, who became the Center's Director in 2005, has continued its emphasis on bringing academic expertise to the needs of the U.S. military and related government and commercial applications of information technology. The Center conducts a broad spectrum R&D and educational program in C4I. The program is accomplished by bringing together a multidisciplinary group consisting of academic faculty, research staff, and fellows in residence from industry and government.
Browse
Browsing Center of Excellence in Command, Control, Communications, and Intelligence by Author "AlGhamdi, Ghazi"
Results Per Page
Sort Options
Item Bayesian ontologies in AI systems(2006-07-30T03:10:44Z) Costa, Paulo C. G.; Laskey, Kathryn B.; AlGhamdi, GhaziOntologies have become ubiquitous in current-generation information systems. An ontology is an explicit, formal representation of the entities and relationships that can exist in a domain of application. Following a well-trodden path, initial research in computational ontology has neglected uncertainty, developing almost exclusively within the framework of classical logic. As appreciation grows of the limitations of ontology formalisms that cannot represent uncertainty, the demand from user communities increases for ontology formalisms with the power to express uncertainty. Support for uncertainty is essential for interoperability, knowledge sharing, and knowledge reuse. Bayesian ontologies are used to describe knowledge about a domain with its associated uncertainty in a principled, structured, sharable, and machine-understandable way. This paper considers Multi-Entity Bayesian Networks (MEBN) as a logical basis for Bayesian ontologies, and describes PR-OWL, a MEBN-based probabilistic extension to the ontology language OWL. To illustrate the potentialities of Bayesian probabilistic ontologies in the development of AI systems, we present a case study in information security, in which ontology development played a key role.Item Detecting Threatening Behavior Using Bayesian Networks(2006-03-06T15:11:39Z) AlGhamdi, Ghazi; Laskey, Kathryn B.; Wang, Xun; Barbará, Daniel; Shackelford, Thomas; Wright, Edward J.; Fitzgerald, JulieThis paper presents an innovative use of human behavior models for detecting insider threats to information systems. While most work in information security concerns detecting and responding to intruders, violations of system security policy by authorized computer users present a major threat to information security. A promising approach to detection and response is to model behavior of normal users and threats, and apply sophisticated inference methods to detect patterns of behavior that deviate from normal behavior in ways suggesting a possible security threat. This paper presents an approach, based on multi-entity Bayesian networks, to modeling user queries and detecting situations in which users in sensitive positions may be accessing documents outside their assigned areas of responsibility. Such unusual access patterns might be characteristic of users attempting illegal activities such as disclosure of classified information. We present a scalable proof of concept behavior model, provide an experimental demonstration of its ability to detect unusual access patterns in simulated situations, and describe future plans to increase the realism and fidelity of the model.Item DTB Project: A Behavioral Model for Detecting Insider Threats(MITRE Corporation, 2005-05) Costa, Paulo C. G.; Laskey, Kathryn B.; AlGhamdi, Ghazi; Barbará, Daniel; Shackelford, Thomas; Mirza, Sepideh; Revankar, MehulThis paper describes the Detection of Threat Behavior (DTB) project, a joint effort being conducted by George Mason University (GMU) and Information Extraction and Transport, Inc. (IET). DTB uses novel approaches for detecting insiders in tightly controlled computing environments. Innovations include a distributed system of dynamically generated document-centric intelligent agents for document control, object oriented hybrid logic-based and probabilistic modeling to characterize and detect illicit insider behaviors, and automated data collection and data mining of the operational environment to continually learn and update the underlying statistical and probabilistic nature of characteristic behaviors. To evaluate the DTB concept, we are conducting a human subjects experiment, which we will also include in our discussion.Item Modeling Insider Behavior Using Multi-Entity Bayesian Networks(2006-03-06T15:01:08Z) AlGhamdi, Ghazi; Laskey, Kathryn B.; Wright, Edward J.; Barbará, Daniel; Chang, K.C.This paper tackles a key aspect of the information security problem: modeling the behavior of insider threats. The specific problem addressed by this paper is the identification of malicious insider behavior in trusted computing environments. Although most security techniques in intrusion detection systems (IDS’s) focus on protecting the system boundaries from outside attacks, defending against an insider who attempts to misuse privileges is an equally significant problem for network security. It is usually assumed that users who are given access to network resources can be trusted. However, the eighth annual CSI/FBI 2003 report found that insider abuse of network access was the most cited form of attack or abuse. 80% of respondents were concerned about insider abuse, although 92% of the responding organizations employed some form of access control mechanism [7]. Therefore, though insider users are legally granted access to network resources, it is essential to protect against misuse by insiders. This paper presents a scalable model to represent insider behavior. We provide simulation experiments to demonstrate the ability of the model to detect threat behavior. Information security objectives can be accomplished through a layered approach that represents several lines of defense. This approach constitutes one of these lines of defense.