Distributed assured network system (DANS)

US 20130031042A1
Filed: 07/27/2011
Published: 01/31/2013
Est. Priority Date: 07/27/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method for a distributed assured network system, comprising the steps of:

distributing monitoring nodes (MN) to sequentially monitor and collect information sources to be checked for the presence or absence of misbehavior, the MN providing MN observations from the content of the monitored information sources;

providing a detection agent to employ an optimal sequential probability ratio test (SPRT) to process the MN observations to ensure both bounded false alarm and miss detection outputs relative to the content of the information source;

providing a reputation agent to process the output from said detection agent to predict the expected future behavior of said information sources based upon the known past behavior thereof; and

providing a trust indicator responsive to an output from said reputation agent to form and manage a quantifiable trust model based upon historical behavioral expectation and collaborative filtering received from said reputation agent, the trust model being indicative of the trustworthiness of the information sources.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computerized method for a distributed assured network system includes a plurality distributed monitoring nodes for sequential feeding the content of respective information sources to a detection agent. The detection agent uses an SPRT-based distributed sequential misbehavior detection scheme to process each MN observation with the probability of a false alarm P_FAand probability of a miss detection P_MDuntil a reliable decision can be made that either there is no malicious or faulty behavior detected, or that malicious or faulty behavior is detected. A cognitive reputation agent is provided within a DBG framework processes the output or detection metric from the detection agent relative to past behavior of the information sources to provide a reputation metric to a trust indication that provides an output representing the trustworthiness of information sources.

12 Citations

17 Claims

1. A method for a distributed assured network system, comprising the steps of:
- distributing monitoring nodes (MN) to sequentially monitor and collect information sources to be checked for the presence or absence of misbehavior, the MN providing MN observations from the content of the monitored information sources;
  
  providing a detection agent to employ an optimal sequential probability ratio test (SPRT) to process the MN observations to ensure both bounded false alarm and miss detection outputs relative to the content of the information source;
  
  providing a reputation agent to process the output from said detection agent to predict the expected future behavior of said information sources based upon the known past behavior thereof; and
  
  providing a trust indicator responsive to an output from said reputation agent to form and manage a quantifiable trust model based upon historical behavioral expectation and collaborative filtering received from said reputation agent, the trust model being indicative of the trustworthiness of the information sources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the information sources are unattended wireless sensors within transmission range of said MN.
  - 3. The method of claim 1, wherein the detection agent SPRT processing steps include:
    - receiving the MN collected information;
      
      receiving both the P_F, (probability of a false alarm), and the P_MD(probability of a miss detection), for each MN observation;
      
      computing from both the P_FAand the P_MDapplied against the MN observations, both the lower threshold λ
      
      _Land the upper threshold λ
      
      _Ubased on acceptable P_FAand P_MD;
      
      computing for each MN observation the log likelihood ratio λ
      
      _η to determine the behavior of the monitored information sources defined as follows;
  - 4. The method of claim 1, further including the steps of:
    - designing said reputation agent within a Dynamic Bayesian Game (DBG) framework;
      
      modeling said MN and information sources as utility maximizing players within said DBG framework;
      
      formulating sequential interaction between said MN and information source as a multistage game with incomplete information, whereby the DBG framework captures information and temporal structure of interaction between said MN and information sources.
  - 5. The method of claim 4, wherein said temporal structure defines the sequential nature of communication between said information sources and said MN, including the steps of:
    - said MN just receiving information transmitted by said information sources; and
      
      said MN using the received information for determining the behavior of each information source.
  - 6. The method of claim 5, further including the steps of:
    - playing said DBG in stages that occur in time periods t_k, where k+0, 1, 2 . . . ; and
      
      repeatedly interacting said MN and information sources S_ifor a period of T seconds during which MN performs an SPRT, for determining the behavior of S_iover the period.
  - 7. The method of claim 6, further including the steps of:
    - assuming that each S_imaintains private information pertaining to its behavior not initially known by said MN;
      
      corresponding the private information of each S_ito the notion of type in Bayesian games;
      
      defining the set of types available to S_i, as Θ
      
      _i={θ
      
      ₀=regular, θ
      
      ₁=malicious or faulty};
      
      denoting the type of S_iby θ
      
      _ito capture the notion that S_ieither behaves normally (regularly) or deviates from its normal operation due to faulty or malicious behavior, whereby θ
      
      _iε
      
      {θ
      
      ₀, θ
      
      ₁};
      
      using Bayesian game construct to maintain “
      
      belief,”
      
      a conditional subjective probability measure, over θ
      
      _igiven history of the game h(t_k); and
      
      defining as μ
      
      _i^j(t_k)=p(θ
      
      _i|h_j(t_k)) the belief of an MN_jabout the behavior of S_iat stage game t_k, whereby it is assumed each MN maintains only a positive belief defined as μ
      
      _i^j(t_k)>
      
      0, with belief being a security parameter characterizing the trustworthiness of each S_i.
  - 8. The method of claim 7, further including the steps of:
    - entering MN with a prior belief obtained from a previous stage of the game; and
      
      using Bayes'"'"' rule to update the belief at the end of each stage game by combining the output of SPRT and the past behavior of S_i.
  - 9. The method of claim 8, wherein the step of using Bayes'"'"' rule includes the following computational steps:

10. A method for an assured network system comprising the steps of:
- distributing monitoring nodes (MN) to sequentially monitor and collect information sources to be checked for the presence or absence of misbehavior, the MN providing MN observations from the content of the monitored information sources;
  
  providing a detection agent to employ an optimal sequential probability ratio test (SPRT) to process the MN observations to ensure both bounded false alarm and miss detection outputs relative to the content of the information source;
  
  providing a reputation agent to process the output from said detection agent to predict the expected future behavior of said information sources based upon the known past behavior thereof; and
  
  providing a trust indicator responsive to an output from said reputation agent to form and manage a quantifiable trust model based upon historical behavioral expectation and collaborative filtering received from said reputation agent, the trust model being indicative of the trustworthiness of the information sources;
  
  wherein said information sources are unattended wireless sensors within transmission range of MN; and
  
  said detection agent SPRT processing steps include;
  
  receiving the MN collected information;
  
  receiving both the P_FA(probability of a false alarm), and the P_MD(probability of a miss detection), for each MN observation;
  
  computing from both the P_FAand the P_MDapplied against the MN observations, both the lower threshold λ
  
  _Land the upper threshold λ
  
  _Ubased on acceptable P_FAand P_MD;
  
  computing for each MN observation the log likelihood ratio λ
  
  _η to determine the behavior of the monitored information sources defined as follows;
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further including the steps of:
    - designing said reputation agent within a Dynamic Bayesian Game (DBG) framework;
      
      modeling said MN and information sources as utility maximizing players within said DBG framework;
      
      formulating sequential interaction between said MN and information source as a multistage game with incomplete information, whereby the DBG framework captures information and temporal structure of interaction between said MN and information sources.
  - 12. The method of claim 11, wherein said temporal structure defines the sequential nature of communication between said information sources and said MN, including the steps of:
    - said MN just receiving information transmitted by said information sources; and
      
      said MN using the received information for determining the behavior of each information source.
  - 13. The method of claim 12, further including the steps of:
    - playing said DBG in stages that occur in time periods t_k, where k+0, 1, 2 . . . ; and
      
      repeatedly interacting said MAT and information sources S_ifor a period of T seconds during which MN performs an SPRT, for determining the behavior of S_iover the period.
  - 14. The method of claim 13, further including the steps of:
    - assuming that each S_imaintains private information pertaining to its behavior not initially known by said MN;
      
      corresponding the private information of each S_ito the notion of type in Bayesian games;
      
      defining the set of types available to S_i, as Θ
      
      _i={θ
      
      ₀=regular, θ
      
      ₁=malicious or faulty};
      
      denoting the type of S_iby θ
      
      _ito capture notion that S_ieither behaves normally (regularly) or deviates from its normal operation due to faulty or malicious behavior, whereby θ
      
      _iε
      
      {θ
      
      ₀, θ
      
      ₁};
      
      using Bayesian game construct to maintain “
      
      belief,”
      
      a conditional subjective probability measure, over θ
      
      _igiven history of the game h(t_k); and
      
      defining as μ
      
      _t^j(t_k)=p(θ
      
      _i|h_j(t_k)) the belief of an MN_jabout the behavior of S_iat stage game t_k, whereby it is assumed each MN maintains only a positive belief defined as μ
      
      _i^j(t_k)>
      
      0, with belief being a security parameter characterizing the trustworthiness of each S_i.
  - 15. The method of claim 14, further including the steps of:
    - entering MN with a prior belief obtained from a previous stage of the game; and
      
      using Bayes'"'"' rule to update the belief at the end of each stage game by combining the output of SPRT and the past behavior of S_i.
  - 16. The method of claim 15, wherein the step of using Bayes'"'"' rule includes the following computational steps:

17. A method for an assured network system comprising the steps of:
- distributing monitoring nodes (MN) to sequentially monitor and collect information sources to be checked for the presence or absence of misbehavior, the MN providing MN observations from the content of the monitored information sources;
  
  providing a detection agent to employ an optimal sequential probability ratio test (SPRT) to process the MN observations to ensure both bounded false alarm and miss detection outputs relative to the content of the information source;
  
  providing a reputation agent to process the output from said detection agent to predict the expected future behavior of said information sources based upon the known past behavior thereof; and
  
  providing a trust indicator responsive to an output from said reputation agent to form and manage a quantifiable trust model based upon historical behavioral expectation and collaborative filtering received from said reputation agent, the trust model being indicative of the trustworthiness of the information sources;
  
  wherein said information sources are unattended wireless sensors within transmission range of MN; and
  
  said detection agent SPRT processing steps include;
  
  receiving the MN collected information;
  
  receiving both the P_FA(probability of a false alarm), and the P_MD(probability of a miss detection), for each MN observation;
  
  computing from both the P_FAand the P_MDapplied against the MN observations, both the lower threshold λ
  
  _Land the upper threshold μ
  
  _Ubased on acceptable P_FAand P_MD;
  
  computing for each MN observation the log likelihood ratio λ
  
  _η to determine the behavior of the monitored information sources defined as follows;

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BAE Systems Information and Electronic Systems Integration Incorporated (BAE Systems Plc), Base Systems Informational and Electronic Systems Integration Incorporated
Original Assignee
BAE Systems Information and Electronic Systems Integration Incorporated (BAE Systems Plc)
Inventors
Dehnie, Sintayehu, Ghanadan, Reza, Guan, Kyle

Application Number

US13/136,262
Publication Number

US 20130031042A1
Time in Patent Office

Days
Field of Search
US Class Current

706/47
CPC Class Codes

H04L 63/1416 Event detection, e.g. attac...

H04L 63/302 gathering intelligence info...

Distributed assured network system (DANS)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed assured network system (DANS)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links