Visible to the public Data-Driven Model-Based Decision-Making - July 2017Conflict Detection Enabled

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): William Sanders, Masooda Bashir, David Nicol, and Aad Van Moorsel*

Researchers: Ken Keefe, Mohamad Noureddine, Charles Morriset* and Rob Cain* (*Newcastle Univ., UK)

This refers to Hard Problems, released November 2012.

  • Predictive Security Metrics - System security analysis requires a holistic approach that considers the behavior of non-human subsystem, bad actors or adversaries, and expected human participants such as users and system administrators. We are developing the HITOP modeling formalism to formally describe the behavior of human participants and how their decisions affect overall system performance and security. With this modeling methodology and the tool support we are developing, we will produce quantitative security metrics for cyber-human systems.
  • Human Behavior - Modeling and evaluating human behavior is challenging, but it is an imperative component in security analysis. Stochastic modeling serves as a good approximation of human behavior, but we intend to do more with the HITOP method, which considers a task based process modeling language that evaluates a human's opportunity, willingness, and capability to perform individual tasks in their daily behavior. Partnered with an effective data collection strategy to validate model parameters, we are working to provide a sound model of human behavior.

Papers published in this quarter as a result of this research. Include title, author(s), venue published/presented, and a short description or abstract. Identify which hard problem(s) the publication addressed. Papers that have not yet been published should be reported in region 2 below.

  • John C. Mace, Nippun Thekkummal, Charles Morisset, and Aad van Moorsel, "ADaCS: A tool for Analysing Data Collection Strategies", 14th European Performance Engineering Workshop (EPEW 2017), Berlin, Germany, September 7-8, 2017, to appear.


We have implemented a data collection strategy optimization tool for parameterized models. We named the tool ADaCS, (Analysing Data Collection Strategies). ADaCS is an extension of the probabilistic model checker PRISM which facilitates the constriction and efficient analysis of probabilistic and parameterized models such as Markov decision processes. Given a data sampling budget, ADaCS computes how much data per parameter should be collected from multiple data sources to provide the most accurate output of the system modeled in PRISM's high-level state based modeling language. We consider using attack trees and server energy consumption as case studies to illustrate the effectiveness of ADaCS. In its basic form ADaCS automatically analysis all possible data collection strategies and selects the optimal one. Computing an optimal strategy in this way is computationally expensive so we explore ways to make our tool more efficient by introducing heuristics to reduce the strategy exploration space when finding the best strategy.

We prepared a paper presenting the work described in our previous quarterly report on automatic model generation. We submitted the paper to the International Conference on Critical Information Infrastructures Security (CRITIS).

We began to create a simulation framework to explore how the performance and security of a cyber-system is impacted given different adversary strategies. The simulation framework uses Mobius ADVISE models as a base, but will allow for different adversary decision algorithms to be evaluated and compared in addition to the base Markov decision process adversary decision algorithm currently used in the Mobius modeling tool.

We have begun developing a framework that allows a user to make informed decisions on design changes, and we have started work on a Prolog interpreter that helps in the analysis and modification of system designs. We believe that Prolog's pattern-matching behavior allows automatic, non-trivial changes to a system design.