Visible to the public Biblio

Filters: Keyword is Automated Response Actions  [Clear All Filters]
2021-06-24
Hughes, Kieran, McLaughlin, Kieran, Sezer, Sakir.  2020.  Dynamic Countermeasure Knowledge for Intrusion Response Systems. 2020 31st Irish Signals and Systems Conference (ISSC). :1–6.
Significant advancements in Intrusion Detection Systems has led to improved alerts. However, Intrusion Response Systems which aim to automatically respond to these alerts, is a research area which is not yet advanced enough to benefit from full automation. In Security Operations Centres, analysts can implement countermeasures using knowledge and past experience to adapt to new attacks. Attempts at automated Intrusion Response Systems fall short when a new attack occurs to which the system has no specific knowledge or effective countermeasure to apply, even leading to overkill countermeasures such as restarting services and blocking ports or IPs. In this paper, a countermeasure standard is proposed which enables countermeasure intelligence sharing, automated countermeasure adoption and execution by an Intrusion Response System. An attack scenario is created on an emulated network using the Common Open Research Emulator, where an insider attack attempts to exploit a buffer overflow on an Exim mail server. Experiments demonstrate that an Intrusion Response System with dynamic countermeasure knowledge can stop attacks that would otherwise succeed with a static predefined countermeasure approach.
Wesemeyer, Stephan, Boureanu, Ioana, Smith, Zach, Treharne, Helen.  2020.  Extensive Security Verification of the LoRaWAN Key-Establishment: Insecurities Patches. 2020 IEEE European Symposium on Security and Privacy (EuroS P). :425–444.
LoRaWAN (Low-power Wide-Area Networks) is the main specification for application-level IoT (Internet of Things). The current version, published in October 2017, is LoRaWAN 1.1, with its 1.0 precursor still being the main specification supported by commercial devices such as PyCom LoRa transceivers. Prior (semi)-formal investigations into the security of the LoRaWAN protocols are scarce, especially for Lo-RaWAN 1.1. Moreover, amongst these few, the current encodings [4], [9] of LoRaWAN into verification tools unfortunately rely on much-simplified versions of the LoRaWAN protocols, undermining the relevance of the results in practice. In this paper, we fill in some of these gaps. Whilst we briefly discuss the most recent cryptographic-orientated works [5] that looked at LoRaWAN 1.1, our true focus is on producing formal analyses of the security and correctness of LoRaWAN, mechanised inside automated tools. To this end, we use the state-of-the-art prover, Tamarin. Importantly, our Tamarin models are a faithful and precise rendering of the LoRaWAN specifications. For example, we model the bespoke nonce-generation mechanisms newly introduced in LoRaWAN 1.1, as well as the “classical” but shortdomain nonces in LoRaWAN 1.0 and make recommendations regarding these. Whilst we include small parts on device-commissioning and application-level traffic, we primarily scrutinise the Join Procedure of LoRaWAN, and focus on version 1.1 of the specification, but also include an analysis of Lo-RaWAN 1.0. To this end, we consider three increasingly strong threat models, resting on a Dolev-Yao attacker acting modulo different requirements made on various channels (e.g., secure/insecure) and the level of trust placed on entities (e.g., honest/corruptible network servers). Importantly, one of these threat models is exactly in line with the LoRaWAN specification, yet it unfortunately still leads to attacks. In response to the exhibited attacks, we propose a minimal patch of the LoRaWAN 1.1 Join Procedure, which is as backwards-compatible as possible with the current version. We analyse and prove this patch secure in the strongest threat model mentioned above. This work has been responsibly disclosed to the LoRa Alliance, and we are liaising with the Security Working Group of the LoRa Alliance, in order to improve the clarity of the LoRaWAN 1.1 specifications in light of our findings, but also by using formal analysis as part of a feedback-loop of future and current specification writing.
Nilă, Constantin, Patriciu, Victor.  2020.  Taking advantage of unsupervised learning in incident response. 2020 12th International Conference on Electronics, Computers and Artificial Intelligence (ECAI). :1–6.
This paper looks at new ways to improve the necessary time for incident response triage operations. By employing unsupervised K-means, enhanced by both manual and automated feature extraction techniques, the incident response team can quickly and decisively extrapolate malicious web requests that concluded to the investigated exploitation. More precisely, we evaluated the benefits of different visualization enhancing methods that can improve feature selection and other dimensionality reduction techniques. Furthermore, early tests of the gross framework have shown that the necessary time for triage is diminished, more so if a hybrid multi-model is employed. Our case study revolved around the need for unsupervised classification of unknown web access logs. However, the demonstrated principals may be considered for other applications of machine learning in the cybersecurity domain.
Abirami, R., Wise, D. C. Joy Winnie, Jeeva, R., Sanjay, S..  2020.  Detecting Security Vulnerabilities in Website using Python. 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC). :844–846.
On the current website, there are many undeniable conditions and there is the existence of new plot holes. If data link is normally extracted on each of the websites, it becomes difficult to evaluate each vulnerability, with tolls such as XS S, SQLI, and other such existing tools for vulnerability assessment. Integrated testing criteria for vulnerabilities are met. In addition, the response should be automated and systematic. The primary value of vulnerability Buffer will be made of predefined and self-formatted code written in python, and the software is automated to send reports to their respective users. The vulnerabilities are tried to be classified as accessible. OWASP is the main resource for developing and validating web security processes.
Dmitrievich, Asyaev Grigorii, Nikolaevich, Sokolov Aleksandr.  2020.  Automated Process Control Anomaly Detection Using Machine Learning Methods. 2020 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). :0536–0538.
The paper discusses the features of the automated process control system, defines the algorithm for installing critical updates. The main problems in the administration of a critical system have been identified. The paper presents a model for recognizing anomalies in the network traffic of an industrial information system using machine learning methods. The article considers the network intrusion dataset (raw TCP / IP dump data was collected, where the network was subjected to multiple attacks). The main parameters that affect the recognition of abnormal behavior in the system are determined. The basic mathematical models of classification are analyzed, their basic parameters are reviewed and tuned. The mathematical model was trained on the considered (randomly mixed) sample using cross-validation and the response was predicted on the control (test) sample, where the model should determine the anomalous behavior of the system or normal as the output. The main criteria for choosing a mathematical model for the problem to be solved were the number of correctly recognized (accuracy) anomalies, precision and recall of the answers. Based on the study, the optimal algorithm for recognizing anomalies was selected, as well as signs by which this anomaly can be recognized.
Teplyuk, P.A., Yakunin, A.G., Sharlaev, E.V..  2020.  Study of Security Flaws in the Linux Kernel by Fuzzing. 2020 International Multi-Conference on Industrial Engineering and Modern Technologies (FarEastCon). :1–5.
An exceptional feature of the development of modern operating systems based on the Linux kernel is their leading use in cloud technologies, mobile devices and the Internet of things, which is accompanied by the emergence of more and more security threats at the kernel level. In order to improve the security of existing and future Linux distributions, it is necessary to analyze the existing approaches and tools for automated vulnerability detection and to conduct experimental security testing of some current versions of the kernel. The research is based on fuzzing - a software testing technique, which consists in the automated detection of implementation errors by sending deliberately incorrect data to the input of the fuzzer and analyzing the program's response at its output. Using the Syzkaller software tool, which implements a code coverage approach, vulnerabilities of the Linux kernel level were identified in stable versions used in modern distributions. The direction of this research is relevant and requires further development in order to detect zero-day vulnerabilities in new versions of the kernel, which is an important and necessary link in increasing the security of the Linux operating system family.
Ulrich, Jacob, Rieger, Craig, Grandio, Javier, Manic, Milos.  2020.  Cyber-Physical Architecture for Automated Responses (CyPhAAR) Using SDN in Adversarial OT Environments. 2020 Resilience Week (RWS). :55–63.
The ability to react to a malicious attack starts with high fidelity recognition, and with that, an agile response to the attack. The current Operational Technology (OT) systems for a critical infrastructure include an intrusion detection system (IDS), but the ability to adapt to an intrusion is a human initiated response. Orchestrators, which are coming of age in the financial sector and allow for levels of automated response, are not prevalent in the OT space. To evolve to such responses in the OT space, a tradeoff analysis is first needed. This tradeoff analysis should evaluate the mitigation benefits of responses versus the physical affects that result. Providing an informed and automated response decision. This paper presents a formulation of a novel tradeoff analysis and its use in advancing a cyber-physical architecture for automated responses (CyPhAAR).
Maneebang, Kotchakorn, Methapatara, Kanokpol, Kudtongngam, Jasada.  2020.  A Demand Side Management Solution: Fully Automated Demand Response using OpenADR2.0b Coordinating with BEMS Pilot Project. 2020 International Conference on Smart Grids and Energy Systems (SGES). :30–35.
Per the National Energy Policy, Demand Side Management (DSM) is one of the energy conservations that performs a function to manage electric power of demand-side resources. One of the DSM solutions is a demand response program, which is a part of Thailand Smart Grid Action Plan 2017 - 2021. Demand response program such as peak demand reduction plays a role in both the management of the electricity crisis and enhance energy security. This paper presents a pilot project for a fully automated demand response program at MEA Rat Burana District Office. The system is composed of a Building Energy Management System (BEMS) with Demand Response Client gateway and 5 energy controllers at the air conditioner by using the OpenADR2.0b protocol. Also, this concept leads to automatic or semi-automatic demand response program in the future. The result shows the total energy consumption reduction for air conditioners by 53.5%. The future works to be carried out are to implement into other MEA District Office such as Khlong Toei, Yan Nawa and Bang Khun Thian and to test with a Load Aggregator Management System (LAMS).
Hastings, John C., Laverty, David M., Jahic, Admir, Morrow, D John, Brogan, Paul.  2020.  Cyber-security considerations for domestic-level automated demand-response systems utilizing public-key infrastructure and ISO/IEC 20922. 2020 31st Irish Signals and Systems Conference (ISSC). :1–6.
In this paper, the Authors present MQTT (ISO/IEC 20922), coupled with Public-key Infrastructure (PKI) as being highly suited to the secure and timely delivery of the command and control messages required in a low-latency Automated Demand Response (ADR) system which makes use of domestic-level electrical loads connected to the Internet. Several use cases for ADR are introduced, and relevant security considerations are discussed; further emphasizing the suitability of the proposed infrastructure. The authors then describe their testbed platform for testing ADR functionality, and finally discuss the next steps towards getting these kinds of technologies to the next stage.
2020-08-24
Webb, Josselyn A., Henderson, Michelle W., Webb, Michael L..  2019.  An Open Source Approach to Automating Surveillance and Compliance of Automatic Test Systems. 2019 IEEE AUTOTESTCON. :1–8.
With the disconnected nature of some Automatic Test Systems, there is no possibility for a centralized infrastructure of sense and response in Cybersecurity. For scalability, a cost effective onboard approach will be necessary. In smaller companies where connectivity is not a concern, costly commercial solutions will impede the implementation of surveillance and compliance options. In this paper we propose to demonstrate an open source strategy using freely available Security Technical Implementation Guidelines (STIGs), internet resources, and supporting software stacks, such as OpenScap, HubbleStack, and (ElasticSearch, Logstash, and Kibana (ElasticStack)) to deliver an affordable solution to this problem. OpenScap will provide tools for managing system security and standards compliance. HubbleStack will be employed to automate compliance via its components: NOVA (an auditing engine), Nebula (osquery integration), Pulsar (event system) and Quasar (reporting system). Our intention is utilize NOVA in conjunction with OpenScap to CVE (Common Vulnerabilities and Exposures) scan and netstat for open ports and processes. Additionally we will monitor services and status, firewall settings, and use Nebula's integration of Facebook's osquery to detect vulnerabilities by querying the Operating System. Separately we plan to use Pulsar, a fast file integrity manger, to monitor the integrity of critical files such as system, test, and Hardware Abstraction Layer (HAL) software to ensure the system retains its integrity. All of this will be reported by Quasar, HubbleStack's reporting engine. We will provide situational awareness through the use of the open source Elastic Stack. ElasticSearch is a RESTful search and analytics engine. Logstash is an open source data processing pipeline that enables the ingestion of data from multiple sources sending it through extensible interfaces, in this case ElasticSearch. Kibana supports the visualization of data. Essentially Elastic Stack will be the presentation layer, HubbleStack will be the broker of the data to Elastic Stash, with the other HubbleStack components feeding that data. All of the tools involved are open source in nature, reducing the cost to the overhead required to keep configurations up to date, training on use, and analytics required to review the outputs.
Gohil, Nikhil N., Vemuri, Ranga R..  2019.  Automated Synthesis of Differential Power Attack Resistant Integrated Circuits. 2019 IEEE National Aerospace and Electronics Conference (NAECON). :204–211.
Differential Power Analysis (DPA) attacks were shown to be effective in recovering the secret key information from a variety cryptographic systems. In response, several design methods, ranging from the cell level to the algorithmic level, have been proposed to defend against DPA attacks. Cell level solutions depend on DPA resistant cell designs which attempt to minimize power variance during transitions while minimizing area and power consumption. In this paper, we discuss how a differential circuit design style is incorporated into a COTS tool set, resulting in a fully automated synthesis system DPA resistant integrated circuits. Based on the Secure Differential Multiplexer Logic (SDMLp), this system can be used to synthesize complete cryptographic processors which provide strong defense against DPA while minimizing area and power overhead. We discuss how both combinational and sequential cells are incorporated in the cell library. We show the effectiveness of the tool chain by using it to automatically synthesize the layouts, from RT level Verilog specifications, of both the DES and AES encryption ICs in 90nm CMOS. In each case, we present experimental data to demonstrate DPA attack resistance and area, power and performance overhead and compare these with circuits synthesized in another differential logic called MDPL as well as standard CMOS synthesis results.
Lavrenovs, Arturs, Visky, Gabor.  2019.  Exploring features of HTTP responses for the classification of devices on the Internet. 2019 27th Telecommunications Forum (℡FOR). :1–4.
Devices that are connected to the Internet are very interesting to security researchers as are at high risk of being attacked, compromised or otherwise abused. To investigate the root causes of the risks it is necessary to understand what classes of devices are affected in different ways. These devices are heterogeneous, thus making it impractical to classify large sets by applying static rules. We propose improvements for manually labelling training sets using HTTP response features for future classification using a neural network.
Quinn, Ren, Holguin, Nico, Poster, Ben, Roach, Corey, Merwe, Jacobus Kobus Van der.  2019.  WASPP: Workflow Automation for Security Policy Procedures. 2019 15th International Conference on Network and Service Management (CNSM). :1–5.

Every day, university networks are bombarded with attempts to steal the sensitive data of the various disparate domains and organizations they serve. For this reason, universities form teams of information security specialists called a Security Operations Center (SOC) to manage the complex operations involved in monitoring and mitigating such attacks. When a suspicious event is identified, members of the SOC are tasked to understand the nature of the event in order to respond to any damage the attack might have caused. This process is defined by administrative policies which are often very high-level and rarely systematically defined. This impedes the implementation of generalized and automated event response solutions, leading to specific ad hoc solutions based primarily on human intuition and experience as well as immediate administrative priorities. These solutions are often fragile, highly specific, and more difficult to reuse in other scenarios.

Huang, Hao, Kazerooni, Maryam, Hossain-McKenzie, Shamina, Etigowni, Sriharsha, Zonouz, Saman, Davis, Katherine.  2019.  Fast Generation Redispatch Techniques for Automated Remedial Action Schemes. 2019 20th International Conference on Intelligent System Application to Power Systems (ISAP). :1–8.
To ensure power system operational security, it not only requires security incident detection, but also automated intrusion response and recovery mechanisms to tolerate failures and maintain the system's functionalities. In this paper, we present a design procedure for remedial action schemes (RAS) that improves the power systems resiliency against accidental failures or malicious endeavors such as cyber attacks. A resilience-oriented optimal power flow is proposed, which optimizes the system security instead of the generation cost. To improve its speed for online application, a fast greedy algorithm is presented to narrow the search space. The proposed techniques are computationally efficient and are suitable for online RAS applications in large-scale power systems. To demonstrate the effectiveness of the proposed methods, there are two case studies with IEEE 24-bus and IEEE 118-bus systems.
Renners, Leonard, Heine, Felix, Kleiner, Carsten, Rodosek, Gabi Dreo.  2019.  Adaptive and Intelligible Prioritization for Network Security Incidents. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). :1–8.
Incident prioritization is nowadays a part of many approaches and tools for network security and risk management. However, the dynamic nature of the problem domain is often unaccounted for. That is, the prioritization is typically based on a set of static calculations, which are rarely adjusted. As a result, incidents are incorrectly prioritized, leading to an increased and misplaced effort in the incident response. A higher degree of automation could help to address this problem. In this paper, we explicitly consider flaws in the prioritization an unalterable circumstance. We propose an adaptive incident prioritization, which allows to automate certain tasks for the prioritization model management in order to continuously assess and improve a prioritization model. At the same time, we acknowledge the human analyst as the focal point and propose to keep the human in the loop, among others by treating understandability as a crucial requirement.
Gupta, Nitika, Traore, Issa, de Quinan, Paulo Magella Faria.  2019.  Automated Event Prioritization for Security Operation Center using Deep Learning. 2019 IEEE International Conference on Big Data (Big Data). :5864–5872.
Despite their popularity, Security Operation Centers (SOCs) are facing increasing challenges and pressure due to the growing volume, velocity and variety of the IT infrastructure and security data observed on a daily basis. Due to the mixed performance of current technological solutions, e.g. IDS and SIEM, there is an over-reliance on manual analysis of the events by human security analysts. This creates huge backlogs and slow down considerably the resolution of critical security events. Obvious solutions include increasing accuracy and efficiency in the automation of crucial aspects of the SOC workflow, such as the event classification and prioritization. In the current paper, we present a new approach for SOC event classification by identifying a set of new features using graphical analysis and classifying using a deep neural network model. Experimental evaluation using real SOC event log data yields very encouraging results in terms of classification accuracy.
Torkura, Kennedy A., Sukmana, Muhammad I.H., Cheng, Feng, Meinel, Christoph.  2019.  SlingShot - Automated Threat Detection and Incident Response in Multi Cloud Storage Systems. 2019 IEEE 18th International Symposium on Network Computing and Applications (NCA). :1–5.
Cyber-attacks against cloud storage infrastructure e.g. Amazon S3 and Google Cloud Storage, have increased in recent years. One reason for this development is the rising adoption of cloud storage for various purposes. Robust counter-measures are therefore required to tackle these attacks especially as traditional techniques are not appropriate for the evolving attacks. We propose a two-pronged approach to address these challenges in this paper. The first approach involves dynamic snapshotting and recovery strategies to detect and partially neutralize security events. The second approach builds on the initial step by automatically correlating the generated alerts with cloud event log, to extract actionable intelligence for incident response. Thus, malicious activities are investigated, identified and eliminated. This approach is implemented in SlingShot, a cloud threat detection and incident response system which extends our earlier work - CSBAuditor, which implements the first step. The proposed techniques work together in near real time to mitigate the aforementioned security issues on Amazon Web Services (AWS) and Google Cloud Platform (GCP). We evaluated our techniques using real cloud attacks implemented with static and dynamic methods. The average Mean Time to Detect is 30 seconds for both providers, while the Mean Time to Respond is 25 minutes and 90 minutes for AWS and GCP respectively. Thus, our proposal effectively tackles contemporary cloud attacks.
Islam, Chadni, Babar, Muhammad Ali, Nepal, Surya.  2019.  An Ontology-Driven Approach to Automating the Process of Integrating Security Software Systems. 2019 IEEE/ACM International Conference on Software and System Processes (ICSSP). :54–63.

A wide variety of security software systems need to be integrated into a Security Orchestration Platform (SecOrP) to streamline the processes of defending against and responding to cybersecurity attacks. Lack of interpretability and interoperability among security systems are considered the key challenges to fully leverage the potential of the collective capabilities of different security systems. The processes of integrating security systems are repetitive, time-consuming and error-prone; these processes are carried out manually by human experts or using ad-hoc methods. To help automate security systems integration processes, we propose an Ontology-driven approach for Security OrchestrAtion Platform (OnSOAP). The developed solution enables interpretability, and interoperability among security systems, which may exist in operational silos. We demonstrate OnSOAP's support for automated integration of security systems to execute the incident response process with three security systems (Splunk, Limacharlie, and Snort) for a Distributed Denial of Service (DDoS) attack. The evaluation results show that OnSOAP enables SecOrP to interpret the input and output of different security systems, produce error-free integration details, and make security systems interoperable with each other to automate and accelerate an incident response process.

Ulrich, Jacob J., Vaagensmith, Bjorn C., Rieger, Craig G., Welch, Justin J..  2019.  Software Defined Cyber-Physical Testbed for Analysis of Automated Cyber Responses for Power System Security. 2019 Resilience Week (RWS). 1:47–54.

As the power grid becomes more interconnected the attack surface increases and determining the causes of anomalies becomes more complex. Automated responses are a mechanism which can provide resilience in a power system by responding to anomalies. An automated response system can make intelligent decisions when paired with an automated health assessment system which includes a human in the loop for making critical decisions. Effective responses can be determined by developing a matrix which considers the likely impacts on resilience if a response is taken. A testbed assists to analyze these responses and determine their effects on system resilience.

2020-06-01
Baruwal Chhetri, Mohan, Uzunov, Anton, Vo, Bao, Nepal, Surya, Kowalczyk, Ryszard.  2019.  Self-Improving Autonomic Systems for Antifragile Cyber Defence: Challenges and Opportunities. 2019 IEEE International Conference on Autonomic Computing (ICAC). :18–23.

Antifragile systems enhance their capabilities and become stronger when exposed to adverse conditions, stresses or attacks, making antifragility a desirable property for cyber defence systems that operate in contested military environments. Self-improvement in autonomic systems refers to the improvement of their self-* capabilities, so that they are able to (a) better handle previously known (anticipated) situations, and (b) deal with previously unknown (unanticipated) situations. In this position paper, we present a vision of using self-improvement through learning to achieve antifragility in autonomic cyber defence systems. We first enumerate some of the major challenges associated with realizing distributed self-improvement. We then propose a reference model for middleware frameworks for self-improving autonomic systems and a set of desirable features of such frameworks.

2020-03-12
Zhang, Haibo, Nakamura, Toru, Sakurai, Kouichi.  2019.  Security and Trust Issues on Digital Supply Chain. 2019 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech). :338–343.

This exploratory investigation aims to discuss current status and challenges, especially in aspect of security and trust problems, of digital supply chain management system with applying some advanced information technologies, such as Internet of Things, cloud computing and blockchain, for improving various system performance and properties, i.e. transparency, visibility, accountability, traceability and reliability. This paper introduces the general histories and definitions, in terms of information science, of the supply chain and relevant technologies which have been applied or are potential to be applied on supply chain with purpose of lowering cost, facilitating its security and convenience. It provides a comprehensive review of current relative research work and industrial cases from several famous companies. It also illustrates requirements or performance of digital supply chain system, security management and trust issues. Finally, this paper concludes several potential or existing security issues and challenges which supply chain management is facing.

2019-03-04
Lin, F., Beadon, M., Dixit, H. D., Vunnam, G., Desai, A., Sankar, S..  2018.  Hardware Remediation at Scale. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W). :14–17.
Large scale services have automated hardware remediation to maintain the infrastructure availability at a healthy level. In this paper, we share the current remediation flow at Facebook, and how it is being monitored. We discuss a class of hardware issues that are transient and typically have higher rates during heavy load. We describe how our remediation system was enhanced to be efficient in detecting this class of issues. As hardware and systems change in response to the advancement in technology and scale, we have also utilized machine learning frameworks for hardware remediation to handle the introduction of new hardware failure modes. We present an ML methodology that uses a set of predictive thresholds to monitor remediation efficiency over time. We also deploy a recommendation system based on natural language processing, which is used to recommend repair actions for efficient diagnosis and repair. We also describe current areas of research that will enable us to improve hardware availability further.
Diao, Y., Rosu, D..  2018.  Improving response accuracy for classification- based conversational IT services. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–15.
Conversational IT services are expected to reduce user wait times and improve overall customer satisfaction. Cloud-based solutions are readily available for enterprise subject matter experts (SMEs) to train user-question classifiers and build conversational services with little effort. However, methodologies that the SMEs can use to improve the response accuracy and conversation quality are merely stated and evaluated. In complex service scenarios such as software support, the scope of topics is typically large and the training samples are often limited. Thus, training the classifier based on labeled samples of plain user utterances is not effective in most cases. In this paper, we identify several methods for improving classification quality and evaluate them in concrete training set scenarios. Particularly, a process-based methodology is described that builds and refines on top of service domain knowledge in order to develop a scalable solution for training accurate conversation services. Enterprises and service providers are continuously seeking new ways to improve customer experience on working with IT systems, where user wait times and service resolution quality are critical business metrics. One of the latest trends is the use of conversational IT services. Customers can interact with a conversational service to express their questions in natural language and the system can automatically return relevant answers or execute back-end processes for automated actions. Various text classification techniques have been developed and applied to understand the user questions and trigger the correct responses. For instance, in the context of IT software support, customers can use conversational systems to get answers about software product errors, licenses, or upgrade processes. While the potential benefits of building conversational services are huge, it is often difficult to effectively train classification models that cover well the scope of realistically complex services. In this paper, we propose a training methodology that addresses the limitations in both the scope of topics and the scarcity of the training set. We further evaluate the proposed methodology in a real service support scenario and share the lessons learned.
Berscheid, A., Makarov, Y., Hou, Z., Diao, R., Zhang, Y., Samaan, N., Yuan, Y., Zhou, H..  2018.  An Open-Source Tool for Automated Power Grid Stress Level Prediction at Balancing Authorities. 2018 IEEE/PES Transmission and Distribution Conference and Exposition (T D). :1–5.
The behavior of modern power systems is becoming more stochastic and dynamic, due to the increased penetration of variable generation, demand response, new power market structure, extreme weather conditions, contingencies, and unexpected events. It is critically important to predict potential system operational issues so that grid planners and operators can take preventive actions to mitigate the impact, e.g., lack of operational reserves. In this paper, an innovative software tool is presented to assist power grid operators in a balancing authority in predicting the grid stress level over the next operating day. It periodically collects necessary information from public domain such as weather forecasts, electricity demand, and automatically estimates the stress levels on a daily basis. Advanced Neural Network and regression tree algorithms are developed as the prediction engines to achieve this goal. The tool has been tested on a few key balancing authorities and successfully predicted the growing system peak load and increased stress levels under extreme heat waves.
Husari, G., Niu, X., Chu, B., Al-Shaer, E..  2018.  Using Entropy and Mutual Information to Extract Threat Actions from Cyber Threat Intelligence. 2018 IEEE International Conference on Intelligence and Security Informatics (ISI). :1–6.
With the rapid growth of the cyber attacks, cyber threat intelligence (CTI) sharing becomes essential for providing advance threat notice and enabling timely response to cyber attacks. Our goal in this paper is to develop an approach to extract low-level cyber threat actions from publicly available CTI sources in an automated manner to enable timely defense decision making. Specifically, we innovatively and successfully used the metrics of entropy and mutual information from Information Theory to analyze the text in the cybersecurity domain. Combined with some basic NLP techniques, our framework, called ActionMiner has achieved higher precision and recall than the state-of-the-art Stanford typed dependency parser, which usually works well in general English but not cybersecurity texts.