Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Data Sharing Middleware Prototype
(DSMP) for Information Dissemination
Among Heterogeneous SourcesQuarterly Review Meeting, Sept. 30, 2008
Hairong Qi (PI), University of Tennessee
Xiaorui Wang (co-PI), Seddik Djouadi (co-PI), UT
Oak Ridge National Laboratory*
Oracle Corporation*
Microsoft Research
Rutherford Appleton Laboratory, UK*
* Oracle, Microsoft Research, and ORNL verbal commitments for in-kind support (consulting and research software)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Contact Information
• Academia– Hairong Qi, 865-974-8527, [email protected], 1508 Middle Dr., 319 Ferris Hall, EECS Department,
University of Tennessee, Knoxville, TN 37996
– Xiaorui Wang, 865-974-0627, [email protected], 421 Ferris Hall, UT
– Seddik Djouadi, 865-974-5447, [email protected], 307 Ferris Hall, UT
– Raghul Gunasekaran, 865-385-5857, [email protected], 536 SERF, UT
– Ming Chen, Ying Sun, Samir Sahyoun, Ben Taylor, UT Graduate Students
• Research Laboratories– Frank DeNap, 865-576-8786, [email protected], Oak Ridge National Laboratory, PO Box
2008, MS6085, Oak Ridge, TN 37831
– Mallikarjun Shankar, 865-574-2704, [email protected], Oak Ridge National Laboratory, POBox 2008, MS6085, Oak Ridge, TN 37831
– Steve Fisher, RAL, [email protected], Rutherford Appleton Laboratory (RAL), UK
• Industry, Private sectors– Dieter Gawlick, Ronny Fehling, Aravind Yalamanchi, 650-560-8706, {dieter.gawlick,
ronny.fehling, aravind.yalamanchi}@oracle.com, Oracle Corporation
– Vijay Dialani, Microsoft Research Center
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Collaborative Team
• Academia– University of Tennessee
– Vanderbilt University
• Research Laboratory– ORNL (Oak Ridge National Laboratory, US)
– RAL (Rutherford Appleton Laboratory, UK)
• Industry– Microsoft Research
– Oracle
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Project Description
• The objective of this project is to develop a data sharingmiddleware that is able to handle multiple distributed datasources and dynamically changing items, and to assist inreal-time information dissemination across multipleagencies for homeland security purposes.
• The ultimate target scenarios are first responders andconsequence response at the urban area of Memphis(e.g., Shelby County) with stakeholders including the FireDepartment, Weather Services, the E911 OperationsCenter, Law Enforcement Agencies, etc.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Minutes from Last Quarterly Review
Meeting• INFOD concept
– John’s example: in the event of train derailment, who are the publishers/consumers/subscribers?
– John’s comment: INFOD is to minimize the impact of a disaster by providing the right information such thatwe can make use of the first responder better, compared to the mere use of police force
– How do you know if the consumer actually receives the alerting message? And how to alert the consumer?• Cell phone and Phone
• TomTom or Garmin. E.g., consumers can be notified automatically when congestions occur
• Real-time metadata matching– How many subscriptions would overload the system?
– How many within what period of time would crash the system?
– A: Depends on the system and deadlines set
– Data Triage
• Plume estimate and prediction model– What’s the requirement for the density of sensor?
– How quickly this model can predict? - Resiliency
– John’s comment: This model would provide more accurate measure of the damage, e.g., estimate of theboundary, which can help in both the rescue mission and the post-damage clean-up. In addition, it alsohelps make decisions like if people can return home. On the other hand, existing approaches lack suchexact estimate of the situation, resulting in the first responder cannot assign appropriate resource to the rightplace.
• Action items– Set up a meeting among plume analysis groups, including UT, Y12, and ORNL
– Hood up with Y12 fusion center
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Comments from the September
Semi-Annual Review Meeting
• More clear on INFOD characteristics thistime
• Interesting project
• Take it to HSIN
• Good that we responded to commentsfrom last review meeting
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Landscape AssessmentTraditional Model
Publisher
PublisherConsumer
Consumer
Subscriber(Subscription)INFOD RegistryPublisher
Publisher
Consumer
Subscriber/Consumer
Repository
INFOD Model
• Service-oriented system (binding AFTERevent)
• Repository – data center, processing center
• Static system. Extending the system isdifficult.
• Establishes a framework for info flow
• Matches publishers and consumers basedon information needs expressed throughsubscriptions and limited by properties
• Event-based system (binding BEFOREevent)
• Registry - NOT a data (event) repository
• Better handling of dynamics. Extensibility isgood. (Vocabulary, e.g., NIEM)
Alerting system
Consumer/Publisher
Right Info Right Person @ Right Time
Push
Pull
Push
Push
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
DMIS (Disaster Management Interoperability Service)
DMIS Server
Existing Alerting Systems
Right Info Right Person @ Right Time
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
An Information Dissemination Scenario
ABC Chemicals
Fire Station
Fire Station
Hospital
Police/E911
INFOD Registry
Service
County Office
Registers asa Publisher
Registers asa Consumer
Registers asa Consumer
Registers as a Subscriber,defines subscriptionidentifying consumers anddescribes message format.
Registers as a Subscriber anddefines subscription identifyingdynamic consumers
Service Providers
Notification Messagediffers based on theentries created andthe subscriptions Notification
Message
NotificationMessage
NotificationMessage
NotificationMessage
NotificationMessage
Registers as a Subscriber,defines subscriptionbased on clientnecessities.
Matches Entities basedon entries created
Registers asa ConsumerNotification
MessageWeather Station
Registers asa Publisher
NotificationMessage
NotificationMessage
NotificationMessage
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
An Information Dissemination Scenario
ABC Chemicals
Fire Station
Fire Station
Hospital
Police
Alert Msg:Category: Fire, ChemicalSeverity: ExtremeChemical Types: XXX
Alert Msg:Category: FireUrgency: ImmediateAction: Stop
Alert Msg:Category: FireUrgency: ImmediateAction: Detour
Alert Msg:Category: FireUrgency: ExpectedAction: Evacuate
INFOD Registry
Service
Alert Msg:Category: Fire, ChemicalSeverity: Extreme, (Minor ,Moderate)Chemical Types: XXX
Sends Alert message
County Office
Alert Msg:Category: Fire, Chemical
Service Providers
Alert Msg:Category: Fire, ChemicalUrgency: Immediate
Alert Msg:Category: FireUrgency: ImmediateAction: Detour
Alert Msg:Category: Chemical FireUrgency: ImmediateAction: Evacuate
Weather Station
Alert Msg:Category: Fire, ChemicalUrgency: ImmediateChemical Types: XXX
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
11
ABC Chemicals
Fire Station
Fire Station
Hospital
Police
Alert Msg:Category: Fire, ChemicalSeverity: ExtremeChemical Types: XXX
Alert Msg:Category: FireUrgency: ImmediateAction: Stop
Alert Msg:Category: FireUrgency: ImmediateAction: Detour
Alert Msg:Category: Fire, ChemicalSeverity: Extreme, (Minor ,Moderate)Chemical Types: XXX
County Office
Alert Msg:Category: Fire, Chemical
Service Providers
Alert Msg:Category: Fire, ChemicalUrgency: Immediate
Alert Msg:Category: FireUrgency: ImmediateAction: Detour
Alert Msg:Category: Chemical FireUrgency: ImmediateAction: Evacuate
Weather Station
Alert Msg:Category: Fire, ChemicalUrgency: Immediate
Alert Msg:Category: FireUrgency: ExpectedAction: Evacuate
Alerting
System
Alerting Consumers based ondynamically changing events
An Information Dissemination Scenario
Alert Msg:Category: Chemical FireAction: Stay Indoors
Alert Msg:Category: FireUrgency: Immediate
Action: Detour East
INFOD Registry
Service
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Subscription defines the event ofinterest at the publisher, themessage to be generated inresponse to an event and helpsidentify consumers dynamically.
Entries characterize real worldentities and define constraintsidentifying other entities of interest
Also, data source entry details onthe publishers information -associated to a data vocabulary.
Subscribers and Consumers aremodeled as independent entities.Subscriptions are created by asubscriber, conforming to a subsetof consumer.
Structured Information Model,user communities are identified byproperty and data vocabularies.
INFOD Resources
Consumer
Subscription
Data Vocabulary
Data SourceEntry
Property VocabularyInstance
Creation of resource
Notification (by INFOD registry)
Reference (EPR)
Notification (by Publishers)
INFOD Registry
Entry Resource – not an entry
ConsumerPublisher
Subscriber
Property Vocabulary
PublisherEntry
SubscriberEntry
ConsumerEntry
Vocabulary instances characterizeentities and constraints areevaluated on instances created.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Matching Entities
• In generic pub/sub models – subscription only bindspublishers to consumers of information
• In INFOD, apart from the subscription, every entity(publisher, data source, consumer and subscriber) candefine constraints that grant or limit information flow.
Publisher
Entry and Properties
Consumer
Entry and Properties
Data Source
Entry and Properties
Subscriber
Entry and Properties
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Today’s Presentation Outline
• INFOD Application Integration Environment - Ben Taylor
• Real-time Metadata Matching in INFOD - Ming Chen
• Application Scenario: Chemical Plume Tracking - SamirSahyoun
• Application Scenario: Dynamic Intrusion Detection inCyber Systems - Ying Sun
• Live Demo: INFOD Web Application - RaghulGunasekaran
• Potential Extensions - Hairong Qi, Xiaorui Wang, SeddikDjouadi
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Collaborative Opportunities
• ORNL’s Shelby County Sensor Information FusionCenter– Provides a comprehensive target application scenario for INFOD
• Y-12– Privacy policy and NIEM
• ORNL’s SensorNet Group– Testbed setup
• Oracle– In-kind support
• Vanderbilt University– GME (Generic Modeling Environment)
• All the research findings and software developments areaccessible through public domains, maintained at UT– http://panda.ece.utk.edu/wiki/InfoD
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Shelby County Fusion CenterSNAPS+POM+NOAA+INFOD
GIS Situational Awareness(ArcView or Google Earth, Browsers, …)
HPAC with Live Weather Feeds
8 chem/5 rad/5video /1 weathersensors Access control
WFS,OLS,…
FilterAgents
HTTPS: XML-RPC,SOAP
Replicated storage,image, video server
Fusion Center Portal
and Viewer (Web
Server; Database; GIS
(Google); HPAC plume
modeling)
Plotting of Data
Display Video Feeds
Shelby County Sheriff
SNAPS II Mobile System
Port of Memphis
Sensors
5 chem/ 1 weather sensors
NOAA Live
Regional Weather
Consumer
Publisher
Publisher
Distributed Wide-Area
Middleware
•Prototype and Analysis
•Distributed querying and top-
down programming
•Policy-based data-sharing
•Asynchronous messaging
UT ORNL
IndustryOracle, MS
INFO-D
1
2
3 4
Application infoEmergency updatesResponder data
Contact: ORNL UT-Battelle; HT Hunter; [email protected]; 865-574-6297
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Information Flow, SCFC, ORNL
Sensors
ORNL Backup Server
1. Query
2. Data
SNAP2
2. Data
EV-DO ChannelINFOD
Registry
Video Management
Publisher/consumer
Publisher
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
GME - Generic Modeling Environment
ModelInterpreters
Meta-Model
DomainInterpreters
DomainExecutable
DomainAnalysis
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Project Timeline
• The development of the DSMP (Task 1.2) has been divided into a 4-phase implementationplan. Because of the close collaboration with Oracle, Microsoft Research, ORNL, and RAL, weare able to finish all four phases of prototype development ahead of schedule.
• Phase 1 - simplest scenario with a known data vocabulary and a trivial subscription
• Phase 2 - 2 publishers services, 2 consumer services with the addition of property vocabularies
• Phase 3 - multiple data vocabularies, publish, consumer, and subscriber services
• Phase 4 - a standard notification interface
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Budget Information
• Project budget (June 5, 2007 - May 31,2009): $400,000
• Spending as of August 31, 2008:$197,708
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Commercialization Progress
• The INFOD working group is approached byOGC (Open Geospatial Consortium) to join theconsortium. This would help getting morepublicity of the product on geospatial andlocation based services
• Potential feature to Oracle product line
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
IP STATUS
• Open source development
– Will be available through sourceforge tostimulate broader participation
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Achievements• Identified first responder as the ultimate use case scenario for DHS interest
• Finished all four phases of the prototype development (ahead of schedule)
• Finished simulation of collaborative event analysis (MS thesis)
• Proposed a new plume model with promising simulation results
• Visited Shelby County Fusion Center and discussed potential integration scenario
• Papers accepted– “Control-based real-time metadata matching for information dissemination,” 14th IEEE Int.
Conf. on Embedded and Real-Time Computing Sys and App, Taiwan, August 2008.(Acceptance rate: 26%)
– “Dynamic target classification in wireless sensor networks,” Int. Conf. on PatternRecognition (ICPR), Tampa, FL, December 8-11, 2008.
• Students graduated– Y. Sun, Dynamic Target Classification in Wireless Sensor Networks, MS Thesis, Summer
2008.
• Presentations– “INFOD Use Case Scenario & Demo,” Open Grid Forum (OGF), Feb 2008, Boston
– “An INFOD Reference Implementation,” Open Grid Forum (OGF), Oct 2007, Seattle
• Papers to be submitted– “Dynamic cyber-attack detection and classification based on the information
dissemination model”
– “Source localization of chemical plumes using stochastic approximation - plumeestimation and prediction”
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Application IntegrationEnvironment
Ben Taylor
Advisor: Xiaorui Wang
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Integration Environment
ORACLEPL/SQL
INFOD Registry Service
OC4JINFOD
Web Service
ORACLE10g
PL/SQLJavaproceduresXML
ClientEnvironment
INFOD
Spec.
PostgreSQL
Database
Clie
nt
Lib
rary
Stage1
Stage 2 – WebUtility
Web ManagementInterface
Tomcat
PublisherApp/ Service
Stage3
ConsumerApp/ Service
ClientApplications
ServletsServlets
app.jar : API for communication between applications and webutility.
Subscription
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Integration Environment
• Stage 1 (completed by Ming previously)– Java client libraries to interact with the registry per the INFOD
specification
– Libraries provide support, examples to application developers
• Stage 2 (developed by Ben since last meeting)– Web interface to create, configure and monitor entities
– Provides INFOD registry interaction prior to applicationdeployment
• Stage 3 (currently under development)– Environment to facilitate connecting an information application
with INFOD
– Provide simple example applications to demonstrate INFODusability
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD Development
• Increase support for complex constraints– Currently support simple XQuery
– Provide full support for application required complexity
• Provide capability to automate the creation of webinterfaces for specifying constraints against specificvocabularies– Domain experts should not be required to know XPath
• Defining and supporting communities– Provide support for multiple community groups within
INFOD
– Define implicit restriction of matches
– Enforcement of community boundaries
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Real-time Metadata Matching
Ming Chen
Advisor: Xiaorui Wang
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Control-based Real-time Metadata Matching
• GoalsPrimary Goal: Average responsetime of subscription reevaluationmeets within a time constraint.
Secondary Goal: Maximize thenumber of low-priority subscriptionreevaluation upon each update.
Publishers
Consumers
…
…
Web S
erv
er
Subscriptions
Scheduler
…
INFOD
Registry
Subscribers
…
We cannot trigger all subscriptions.
Hundreds even thousands of subscriptions in the
registry;
Different subscriptions have different priorities;
High-priority should be evaluated first.
The average response time cannot be
predicted;
Valuable Information at the Right Time (VIRT).
The average response time of all triggered subscriptions should be within a time constraint.
The response time of reevaluating a
subscription may vary significantly;
• Motivations
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Controller Design and Evaluation
• A feedback controller is designed andanalyzed;
• The average response time convergesto the set point in spite of workloadvariations;
• Better control accuracy and systemquality of service than two baselines;
• Theoretical analysis with extensiveexperiments on a physical test-bedverifies our conclusions.
Average response time
Updates
MonitorController
Job slaves pool
)(kr
( )n k
refR
Response
Scheduler
“Control-based real-time metadata matching for information dissemination,” 14th IEEE Int. Conf. on
Embedded and RT Comp Sys and App, Taiwan, August 2008.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Adaptive Control
Average response time
Updates
MonitorController
Scheduler
Job slaves pool
)(kr
( )n k
refR
Response
SchedulerScheduler
EstimatorDesignerModel parameters
Controller parameters
Adaptive regulator
1( ) ( 1)r k n kb=
The slope
1( ) ( 1)r k n kb=
The slope
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
MIMO Control
Average response time
Updates
MonitorController
Job slaves pool
( )x krefR
Response
SchedulerBatch
CPU utilization( )u k
( ) : p( ) and u( );
( ) : w( ) and ( );
( ) : ( ) and u( )
x k k k
u k k n k
y k r k k
How often should we trigger
subscription reevaluation to
meet the time constraint?
How many subscriptions
should we trigger each
time to meet the time
constraint?
( 1) ( ) ( )
( 1) ( ) ( )
x k Ax k Bu k
y k Cx k Du k
+ = +
+ = +
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Real-time Metadata Matching
• Adaptive control algorithm to guaranteethe control performance in spite of systemvariation; (current)
• MIMO control algorithm to meet with morechallenging updates interarrival intervals;(current)
• Apply those algorithms in the real INFOD.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Application Scenario:Chemical Plume Tracking
Samir S. Sahyoun
Advisor: Seddik M. Djouadi
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Contents
• Motivation
• Mathematical Modeling of Plumes
• Source Localization (Non Linear Least squares)
• Source Localization (Stochastic Approximation)
• Boundary Tracking and Prediction
• Mobile Sensor Dynamics and Control
• Plume Tacking Scenario using three sensors
• Applications
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
36
ABC Chemicals
Fire Station
Fire Station
Hospital
Police
County Office
ervice Providers
Weather Station
Motivation
Evacuation Route
Service Providers
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Plume Model
• The concentration (c) at any point (x, y, z)in the plume at time (t) is the solution ofthe following PDE:
• c: concentration (kg/m3)
• v: wind speed (m/s)
• Dy, Dz: eddy diffusivities (m2/sec)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Example: Steady State Gaussian
Plume
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Example: Steady State Gaussian
Plume
• c: concentration (kg/m3)
• v: wind speed (m/s)
• Q: Mass emission rate (kg/sec)
• H: Stack height (m)
• Dy, Dz: eddy diffusivities (m2/s)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Source Localization
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Source Localization
Non Linear Least Squares
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Cost Function to be Minimized
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Error with Different Signal to Noise
Ratios (S/N)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Effect of Increasing the Number of
Sensors for a 0 dB Channel
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Source Localization Using
Stochastic Approximation
Stochastic approximation techniques areiterative methods that attempt to find zerosof functions which cannot be computeddirectly, but only estimated via noisyobservations.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Source Localization
Stochastic Approximation
Kiefer-Wolfowitz algorithm is used.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Source Localization
Stochastic Approximation
• The finite difference estimate:
where
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Performance of Stochastic Approximation
Technique Compared with the Least Squares
Technique
0 10 20 30 40 50 60 70 800
200
400
600
800
1000
1200
sensors
Error(m)
LS
SA
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Location Prediction
• The time-varying 2D Gaussian plume equation isgiven by:
• c: concentration (kg/m3)
• v: wind speed (m/sec)
• Q: Mass emission rate (kg/sec)
• Dy, Dz: eddy diffusivities (m2/sec)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Location Prediction
Process Block Diagram
• LQR: Linear Quadratic Regulator
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Model for Location Estimation
and Prediction
• Stochastic state space model for plumelocation estimation:
where is the state vector,
represents the plume location, represents the plume velocity, y represents concentration measurements, w, v random noises.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Model for Location Estimation and
Prediction
• Given measurements of concentration, a Leastsquares technique is used to estimate theparameters of the stochastic state space model:
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Location Estimation and
Prediction
• For the least squares problem, find suchthat the prediction error:
is minimized.
• Kalman filter is used to estimate andpredict the states (i.e. location and plumevelocity).
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Kalman Filter Equations
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
K- Step Plume Location Prediction
K=30 minutes
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Prediction Error
(30 min. step prediction)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Sensor Dynamics and Tracking
• Each sensor is governed by the followingsystem of differential equations:
• Optimal Linear Quadratic Regulator (LQR) isused to control sensor position.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Optimal Linear Quadratic Regulator
(LQR)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Tracking Scenario - Three Sensors
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Applications
• The ideas presented here are widely applicable to a large number ofapplications
Framework can be applied to any problem where there is a spatial diffusionprocess for which there is an interest in prediction and control and wherethere are a limited number of samples and/or actuation points available.• Such applications could include, for example,– Mapping the diffusion of airborne contaminants,– Mapping the spread of water-borne contaminants.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Application Scenario: DynamicCyber-attack Detection and
Classification (Cyber Defense)
Ying Sun
Advisor: Hairong Qi
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Dynamic Target Classification
• Hypothesis– for each type of target, there exists an optimal set of features in
conjunction with a specific classifier, which can yield the bestperformance in terms of classification accuracy using leastamount of computation, measured by the number of featuresused, thus minimum response time.
• Optimal combination selection:Fitness function:
where:f1 : Time functionf2 : Accuracy functionx : combination stringy : classification algorithm
• Dynamic Target classification– base the selection of optimal combination of features and
classifiers on the “potential” appearance of a certain target
1min
2
( , )( , )
( , )
f x yF x y
f x y=
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Combination Results
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Experimental Results
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Application Description
• Cyber system is composed of computers withdifferent security levels;
• Different intrusions are given different threatlevels.
• Set up the mapping between computers withdifferent security levels and intrusion type withdifferent threat levels;
• According to the threat level of an intrusion,attacked computer will send the message torelevant computers.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Mapping
• Notation:– Four security levels:
• Security level 1 S1 Low
• Security level 2 S2
• Security level 3 S3
• Security level 4 S4 High
– Four threat levels:• Probe T1 Low
• Denial of service (DoS) T2
• Remote-to-local (R2L) T3
• User-to-root (U2R) T4 High
S4 S3 S2 S1
T4 T3 T2 T1 T4 T3 T2 T4 T3 T4
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Dynamic Intrusion Detection
• Assumption:
for each time interval, only one type of intrusion attacksthe system consecutively
• Steps:1. For the first receiving packet, use all the input features to
classify: normal or intrusion, intrusion type;
2. Once the type of intrusion is determined, use optimalcombination set to classify the rest.
3. When conflict occurs, which might indicate wrong classificationor another type of action happens, use full features to classifythe action type;
4. Return to step 2.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Cyber-defense - Workflow
Receiving packet
Type
Normal T1 T2 T3 T4
No action Send
message to
S4 computers
Send message
to S3, S4
computers
Send message
to S2, S3, S4
computers
Send message
to S1 S2, S3,
S4 computers
Dynamic Classification
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
System Architecture
INFOD
Registry
Publisher
(Attacked
Computer)
Consumer
Attack
(Event)
Cyber
system
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Near-Term Plan
• Optimal combination generation and validation(current)
• Interface with INFOD– Consumer registration (current)– Define property vocabulary and data vocabulary of
consumer (current)– Matching and setting up connection– When consumer property changes, interaction with
INFOD, reestablish connection.
• Application model testing• Performance evaluation
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
DEMOINFOD Web Application
Raghul Gunasekaran
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD Example Scenario: Tornado Relief
Campaign
• Need– Monitor activities in the affected region for a short
time period.
– Track first responders in the region – ambulances,police, fire service, doctors, etc …
– First responder needs to be aware of the resourcesavailable and contact information
• Requirements– A functional system instantly available that would
cater to the current application
– Instant setup by domain experts
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Example Scenario: Tornado Relief Campaign
INFODRegistry
Affected Region
Register vocabularies
Create Subscriptions
Entities register; create entriesand property instances
Notification messageon resource availability
Publishers and consumerscommunicate specificneeds directly
Entities updateon current status
New notificationmessages sent oncurrent resourceavailability
New Consumer
- Existing subscriptions applicable.- Notification messages sent oncurrent resource availability.
Plug and Play
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Information dissemination in 4 steps
1. Register community property and data vocabularies inthe INFOD registry
2. Define subscriptions binding entities, defining eventsand which entity needs to be alerted on which otherentities presence.
3. Entities register to the INFOD registry• Create entries
• Create and update property instances
4. Notification message sent to matched entities.
Example Scenario: Tornado Relief Campaign
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD Web Services
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD Web Services
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Property Vocabulary
Property Vocabulary Predicates Comments
Identification Identifier for the Unit/ Person/Organization
Name Name of the Unit/ Person/ Organization
Description Text Description
Location Physical location information
Contact Information Person to me contacted
Resource Type Description of the resource
Resource Location Resource Physical location information
Community User Property Vocabulary
Vocabulary predicates are an abstraction from NIEM (National Information Exchange Model)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Data Vocabulary
Data Vocabulary
Predicates
Comments
Activity Description between time period
Event Description at a specific time
Substance Description of a chemical material
Status Actual, Exercise, System, Test
Message Type Alert, Update, Cancel, Ack, Error
Scope Public, Restricted, Private,
Urgency Immediate, Expected, Future, Past
Response Type Shelter, Evacuate, Prepare, Execute, Monitor, Assess, None
Severity Extreme, Severe, Moderate, Minor
Certainty Very likely, Likely, Possible, Unlikely
Category Geo, Met, Safety, Security, Rescue, Fire, Health, Env, Transport,Infra, CBRNE, Other
Alert Message Data Vocabulary (NIEM and CAP - Common Alerting Protocol)
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD Web Services
Step 1 : Register Property andData vocabularies for a community
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD Web Services
Step 2 : Create Consumers andPublishers
Property Constraints
for $publishers in fn:collection("$$INFODpublisher")
where $ publishers
//OrganizationSubUnitName=”RedCross”
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD Web Services
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Property Constraintsfor $publisher in fn:collection("$$INFODpublishers")
where $publisher//OrganizationSubUnitName=”E911Center”
for $firstresponders in fn:collection("$$INFODconsumers")
where $ firstresponders//OrganizationSubUnitName=”RedCross”
Data Constraintsdeclare namespace $data =
http://infod.firstrespondernet.com/AlertDataVocabulary;
let $msg1 := for $firstresponders
where $data:AlertStatus = ‘Actual’ and
$data:EventCategory = ‘CBRNE’ and
$data:EventSeverity > ‘Moderate’
return {$data, $data:Instruction = ’Evacuate people in the region’ }
let $msg2 := for $firstresponders
where $data:capAlertStatus = ‘Actual’ and
$data:EventCategory = ‘Fire’ and
$data:EventSeverity > ‘Moderate’
return { $data:Substance, $data:Volume, $data:EventCategory }
Dynamic Consumer Constraint for $firstresponders
where $firstresponders//OrganizationSubUnitName=”Police”
return msg1
for $firstresponders
where firstresponders//OrganizationSubUnitName=”FireService”
return msg2
INFOD Web Services
Step 3 : Subscribers and Subscriptions
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD Web Services
Step 4 : Notification Messages
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Potential Extensions
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD - Security Considerations
• Authentication– Users establish identity with the registry
– Publishers authenticate to the consumer
– Web Service Security Specification
Role
Policy Set
Policy
Rule
Resource
& Action• Authorization– RBAC: Role-based access control policies
• INFOD users are associated with Roles
• Limit operational and resource access of users with the registry
– Add security constraints to limit or grant mapping between entitiesmatched through subscription
P1
P2
C1
C2
C3
C4
C5
P1
P2
C1
C2
C3
C4
C5
C6
P1
P2
C1
C2
C3
C4
C5
C6SubscriptionEvaluation
Securityconstraint
“INFOD Security Issues,” Design Document, October 2007.
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
INFOD - Privacy Issues
• What to share?
• How to share?
• Can we share?
• Should we share?
P1
P2
C1
C2
C3
C4
C5
P1
P2
C1
C2
C3
C4
C5
C6
P1
P2
C1
C2
C3
C4
C5
C6SubscriptionEvaluation
Securityconstraint
Privacyconstraint
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Real-Time Resilient Metadata Matching
• Integration with security constraints– Authentication and authorization constraints may contribute to
longer processing delay
– How to achieve desired response time while evaluating as manysubscriptions as possible?
• Integrated (MIMO) control of response time and CPU utilization
• Resilience to security attacks– Security attacks may trigger a huge number of subscription
reevaluation requests• E.g., fast moving plume
– Admission control: reject low-priority requests to guaranteedesired response time.
• E.g., reject weather forecast requests
– Freshness check: reject outdated requests
Managed by UT-Battelle for the U.S. Department of Energy – Supporting the Department of Homeland Security
Extended Study on Plume Tracking
• More general plume models (e.g. Eulerian models) needto be used for testing.
• In proposed approach sensors are controlled individually.However for the process to be completely autonomous,coordination of the distributed sensors is necessary.
• Build a prototype plume-tracking testbed using Mote-based distributed robots.
• Detection and source localization using a distributedsensor network.