Jun 17, 2007 - Threat Detection System (TDS). ⢠Given event, check for threat. ⢠Artificial Immune System (AIS). A. ⢠Online One-Class Support Vector Machine.
Addressing Object Safety with Collaborative Learning Agents: A Framework
Brian Quanz and Costas Tsatsoulis Information and Telecommunication Technology Center University of Kansas
A KTEC Center of Excellence
1
Outline • INTRODUCTION & MOTIVATION • FRAMEWORK • EVALUATION • CONCLUSION • REFERENCES
A KTEC Center of Excellence
2
What is Object Safety? • Physical Objects • Improving sensing and computing technology
Smart Objects
Agents in determining their own safety
• “Safe” or “Danger” states depending on domain • Problem Statement: Develop algorithms enabling objects to determine their safety from sensors, prior knowledge and experience, and communication
•
Examples A KTEC Center of Excellence
3
Examples with Physical Objects • Transport Chain Security: • Objects: Containers, cargo, packages, goods. • Threats: Theft, damage, tampering, unauthorized additions, etc.
• Chemical Hazard Detection: • Objects: Chemical Barrels • Threats: Volatile chemical proximity, mishandling, environment
• Valuable Goods Protection: • Objects:: Valuable goods (e.g. in a store) • Threats: Theft, mishandling, etc.
A KTEC Center of Excellence
4
Motivating Application • Transport Chain Security • Government and businesses increasing interest
• Key idea: Central Security -e.g. video monitor
A KTEC Center of Excellence
Distributed Security -Cargo maintains own security
5
Related Work: Brief Overview • Object safety: Rule-based systems • Context awareness, ubiquitous computing, event detection in sensor networks: • Generally concerned with utility of user or global events as opposed to individual objects
• Intrusion detection in networks, Self-healing – Artificial Immune Systems (AIS), belief sharing • See paper for more details A KTEC Center of Excellence
6
Some Key Components of an Ideal Agent • • • • •
Adapt to new and changing threats Detect previously unknown threats Utilize prior knowledge/experience Change threat perceptions: Situated knowledge Utilize communication with other agents : sharing knowledge /beliefs
• General Framework for Object Safety • Apply to particular applications A KTEC Center of Excellence
7
General Framework: Overview • Case-based Reasoning (CBR) system • Utilize similar situations
• Event String Generation • Translate sensor data, streaming or otherwise
• Threat Detection System (TDS) • Given event, check for threat • A Artificial Immune System (AIS) • Online One-Class Support Vector Machine
• Belief sharing • Learn from other agents and confirm threats
A KTEC Center of Excellence
8
Framework System Flow • Sensor Level : Events / Time series processing • Individual Agent : Threat Detection (Learning) • Agent Context : Case-based reasoning •
Agent Group : Belief sharing
More complex A KTEC Center of Excellence
9
Framework Overview: Interactions
Note: Base Station Domain dependent Track situations Handle threats A KTEC Center of Excellence
10
Event String Generation • Capture patterns over time
• Piecewise Aggregate Approximation • Simple, efficient, online • Extension: max. & min.
• String length, window size • A KTEC Center of Excellence
Threat Detection 11
Threat Detection System (TDS) T • Manual case and rule construction difficult: • lack of object experts, incomplete enumeration, etc.
• Use what is available: normal object behavior/experience • Automatic learning : utilize previous knowledge • Online learning : adapt, real-time • One-class learning : detect unknown threats • One method that fits : Artificial Immune System
A KTEC Center of Excellence
12
Artificial Immune System - AIS • Modelled after human immune system • Lymphocytes – protein strings • Tolerization in thymus; match any self-proteins they die
• Extend real-valued AIS to online setting
A KTEC Center of Excellence
• Negative Selection •
t_1a, t_1b, etc. thresholds
13
Alternative: Online One-Class Support Vector Machine
• Popular for anomaly detection • Handles high-dimensional data, a possibility • Left: Example, linear kernel • For different feature mapping (kernel): smallest hyper-sphere enclosing data in feature space A KTEC Center of Excellence
14
2D Example: SVM and AIS • SVM : 50 points stored total
• AIS : 20 detectors, 50 points stored
• Java applet online: http://www.ittc.ku.edu/~bquanz/tds.html
• Choosing TDS
Case-based Reasoning System
A KTEC Center of Excellence
15
Case-Based Reasoning (CBR) • Situated knowledge • Use past experience • Attributes describe environment, expected normal behavior • Separates human description from threat concept
• New Situation – Closest matching situation and threat concept loaded • For agents in same situation: sharing beliefs A KTEC Center of Excellence
16
Sharing Beliefs • Belief Sharing : Useful for objects in same situation: • Under-developed threat concept, uncertain situation • Overcome false positives – weak detectors for resource constrained
• Layer of confirmation • Distributed Sequential Hypothesis Testing: • Pass event string – Neighbor agents test • Ratio of confirmation high enough – threat confirmed
• Evaluate ability to learn from neighbors, and other components : Testing Framework A KTEC Center of Excellence
17
Evaluation: Testing Framework • Generate Object Safety Data Set • Real Sensor Data • In-lab collection: • Artificial scenarios modeled after transport chain security
• Real world collection: • Rail demo planned in conjunction with SensorNet at KU
• Test framework and components through simulation with collected data A KTEC Center of Excellence
18
Evaluation: Testing Framework • Sun SPOTs • Processing and sensing for an object • X, Y, X acceleration, Light, and Temperature
A KTEC Center of Excellence
19
Sample: Data For Object Removed from Container
A KTEC Center of Excellence
20
Conclusion • Addressing the problem of how objects endowed with processing, communication, and sensing capabilities can determine their safety • General Framework for Object Safety: A casebase of threat detection systems with a mechanism for sharing knowledge
A KTEC Center of Excellence
21
Thank you! Supported by: Office of Naval Research (ONR) - Award Number N00014-07-1-1042
Thanks to: SensorNet group at ITTC, University of Kansas http://www.ittc.ku.edu/sensornet/
Questions? A KTEC Center of Excellence
22
References • • •
•
•
•
•
[1] M. Strohbach, G. Kortuem, and H. Gellersen, "Cooperative Artefacts - A Framework for Embedding Knowledge in Real World Objects." [2] M. Strohbach, H. Gellersen, G. Kortuem et al., "Cooperative artefacts: Assessing real world situations with embedded technology." [3] D. Dobre, and E. Bajic, “Smart object design for active security management of hazardous products,” in DIPSO 2007 1st International Workshop on Design and Integration Principles for Smart Objects In Conjunction with the Ninth International Conference on Ubiquitous Computing (Ubicomp 2007), Innsbruck, Austria, 2007. [4] A. Dey, and G. Abowd, Towards a Better Understanding of Context and ContextAwareness, Technical Report GIT-GVU-99-22, College of Computing, Georgia Institute of Technology, Atlanta, Georgia, 1999. [5] M. Baldauf, S. Dustdar, and F. Rosenberg, “A Survey on Context-Aware Systems,” International Journal of Ad Hoc and Ubiquitous Computing, vol. 2, no. 4, pp. 263-277, 17 June 2007, 2007. [6] F. Kawsar, K. Fujinami, and T. Nakajima, “Augmenting everyday life with sentient artefacts,” in Proceedings of the 2005 joint conference on Smart objects and ambient intelligence: innovative context-aware services: usages and technologies, Grenoble, France, 2005. [7] Q. Huaifeng, and Z. Xingshe, “Context aware sensornet,” in Proceedings of the 3rd international workshop on Middleware for pervasive and ad-hoc computing, Grenoble, France, 2005.
A KTEC Center of Excellence
23
References •
• •
•
• • •
[8] S. Madden, M. Franklin, J. Hellerstein et al., “The design of an acquisitional query processor for sensor networks,” SIGMOD '03: Proceedings of the 2003 ACM SIGMOD international conference on Management of data, pp. 491-502, 2003. [9] C. Intanagonwiwat, R. Govindan, and D. Estrin, "Directed diffusion: a scalable and robust communication paradigm for sensor networks." pp. 56-67. [10] X. Wenwei, L. Qiong, C. Lei et al., “Contour map matching for event detection in sensor networks,” in Proceedings of the 2006 ACM SIGMOD international conference on Management of data, Chicago, IL, USA, 2006. [11] S. Rajasegarar, C. Leckie, M. Palaniswami et al., “Quarter Sphere Based Distributed Anomaly Detection in Wireless Sensor Networks,” in IEEE International Conference on Communications (IEEE ICC 2007), Glasgow, Scotland, 2007. [12] M. Zoumboulakis, and G. Roussos, "Escalation: Complex Event Detection in Wireless Sensor Networks." [13] A. Tavakoli, J. Zhang, and S. H. Son, "Group-Based Event Detection in Undersea Sensor Networks." [14] S. G. Cheetancheri, J. M. Agosta, D. H. Dash et al., “A distributed host-based worm detection system,” in Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, New York, NY, USA, 2006.
A KTEC Center of Excellence
24
References • • • • • • •
• •
[15] D. H. Dash, B. Kveton, J. M. Agosta et al., "When gossip is good: Distributed probabilistic inference for detection of slow network intrusions." [16] T. Singliar, and D. Dash, "COD: Online Temporal Clustering for Outbreak Detection." pp. 633-638. [17] S. A. Hofmeyr, and S. Forrest, “Architecture for an Artificial Immune System,” Evolutionary Computation, vol. 8, no. 4, pp. 443-473, 2000. [18] U. Aickelin, and J. Greensmith, Sensing Danger: Innate Immunology for Intrusion Detection, Elsevier, 2007. [19] S. M. Garrett, “How Do We Evaluate Artificial Immune Systems?,” Evol. Comput., vol. 13, no. 2, pp. 145-177, 2005. [20] M. Glickman, J. Balthrop, and S. Forrest, “A Machine Learning Evaluation of an Artificial Immune System,” Evol. Comput., vol. 13, no. 2, pp. 179-212, 2005. [21] C. Tsatsoulis, and A. Williams, "Case-Based Reasoning," Knowledge-Based Systems Techniques and Applications (Volume 3: Computer Techniques), C. T. Leondes, ed., pp. 807-837: Academic Press, 2000. [22] G. Riley. "CLIPS: A tool for building expert systems," 2008; . [23] T. Stibor, and J. Timmis, “Comments on real-valued negative selection vs. real-valued positive selection and one-class SVM,” in Congress on Evolutionary Computation 2007, Singapore, 2007.
A KTEC Center of Excellence
25
References • •
•
•
• • •
[24] Z. Ji, and D. Dasgupta, “Revisiting Negative Selection Algorithms,” Evolutionary Computation, vol. 15, no. 2, pp. 223-251, 2007. [25] W. Luo, X. Wang, and X. Wang, "A Novel Fast Negative Selection Algorithm Enhanced by State Graphs," Artificial Immune Systems, Lecture Notes in Computer Science, pp. 168-181: Springer Berlin / Heidelberg, 2007. [26] J. Lin, E. Keogh, S. Lonardi et al., “A symbolic representation of time series, with implications for streaming algorithms,” in Proceedings of the 8th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery, San Diego, California, 2003. [27] E. Keogh, K. Chakrabarti, M. Pazzani et al., “Dimensionality Reduction for Fast Similarity Search in Large Time Series Databases,” Knowledge and Information Systems, vol. 3, no. 3, pp. 263-286, 2001. [28] B.-K. Yi, and C. Faloutsos, “Fast Time Sequence Indexing for Arbitrary Lp Norms,” in Proceedings of the 26th International Conference on Very Large Data Bases, 2000. [29] B. Lkhagva, Y. Suzuki, and K. Kawagoe, “Extended SAX: Extension of Symbolic Aggregate Approximation for Financial Time Series Data Representation,” in DEWS2006, 2006. [30] "Project Sun SPOT: Sun Small Programmable Object Technologies," 2008; .
A KTEC Center of Excellence
26
