KEYWORDS: Sensors, Data integration, Data modeling, Artificial intelligence, Databases, Data storage, Situational awareness sensors, Operating systems, Failure analysis, Analytical research
An increasing need for situational awareness within network-deployed Systems Under Test has increased desire for frameworks
that facilitate system-wide data correlation and analysis. Massive event streams are generated from heterogeneous
sensors which require tedious manual analysis. We present a framework for sensor data integration and event correlation
based on Linked Data principles, Semantic Web reasoning technology, complex event processing, and blackboard architectures.
Sensor data are encoded as RDF models, then processed by complex event processing agents (which incorporate
domain specific reasoners, as well as general purpose Semantic Web reasoning techniques). Agents can publish inferences
on shared blackboards and generate new semantic events that are fed back into the system. We present AIS, Inc.’s Cyber
Battlefield Training and Effectiveness Environment to demonstrate use of the framework.
Many approaches in software analysis, particularly dynamic malware analyis, benefit greatly from the use of linked data and
other Semantic Web technology. In this paper, we describe AIS, Inc.’s Semantic Extractor (SemEx) component from the
Malware Analysis and Attribution through Genetic Information (MAAGI) effort, funded under DARPA’s Cyber Genome
program. The SemEx generates OWL-based semantic models of high and low level behaviors in malware samples from
system call traces generated by AIS’s introspective hypervisor, IntroVirtTM. Within MAAGI, these semantic models were
used by modules that cluster malware samples by functionality, and construct “genealogical” malware lineages. Herein, we
describe the design, implementation, and use of the SemEx, as well as the C2DB, an OWL ontology used for representing
software behavior and cyber-environments.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.