No Arabic abstract
We use Hidden Markov Models to motivate a quantitative compositional semantics for noninterference-based security with iteration, including a refinement- or implements relation that compares two programs with respect to their information leakage; and we propose a program algebra for source-level reasoning about such programs, in particular as a means of establishing that an implementation program leaks no more than its specification program. <p>This joins two themes: we extend our earlier work, having iteration but only qualitative, by making it quantitative; and we extend our earlier quantitative work by including iteration. <p>We advocate stepwise refinement and source-level program algebra, both as conceptual reasoning tools and as targets for automated assistance. A selection of algebraic laws is given to support this view in the case of quantitative noninterference; and it is demonstrated on a simple iterated password-guessing attack.
Intrusion detection is only a starting step in securing IT infrastructure. Prediction of intrusions is the next step to provide an active defense against incoming attacks. Current intrusion prediction methods focus mainly on prediction of either intrusion type or intrusion category and do not use or provide contextual information such as source and target IP address. In addition most of them are dependant on domain knowledge and specific scenario knowledge. The proposed algorithm employs a bag-of-words model together with a hidden Markov model which not depend on specific domain knowledge. Since this algorithm depends on a training process it is adaptable to different conditions. A key advantage of the proposed algorithm is the inclusion of contextual data such as source IP address, destination IP range, alert type and alert category in its prediction, which is crucial for an eventual response. Experiments conducted using a public data set generated over 2500 alert predictions and achieved accuracy of 81% and 77% for single step and five step predictions respectively for prediction of the next alert cluster. It also achieved an accuracy of prediction of 95% and 92% for single step and five step predictions respectively for prediction of the next alert category. The proposed methods achieved a prediction accuracy improvement of 5% for alert category over existing variable length Markov chain intrusion prediction methods, while providing more information for a possible defense.
With the growing amount of cyber threats, the need for development of high-assurance cyber systems is becoming increasingly important. The objective of this paper is to address the challenges of modeling and detecting sophisticated network attacks, such as multiple interleaved attacks. We present the interleaving concept and investigate how interleaving multiple attacks can deceive intrusion detection systems. Using one of the important statistical machine learning (ML) techniques, Hidden Markov Models (HMM), we develop two architectures that take into account the stealth nature of the interleaving attacks, and that can detect and track the progress of these attacks. These architectures deploy a database of HMM templates of known attacks and exhibit varying performance and complexity. For performance evaluation, in the presence of multiple multi-stage attack scenarios, various metrics are proposed which include (1) attack risk probability, (2) detection error rate, and (3) the number of correctly detected stages. Extensive simulation experiments are used to demonstrate the efficacy of the proposed architectures.
Orthogonal Generalized Autoregressive Conditional Heteroskedasticity model (OGARCH) is widely used in finance industry to produce volatility and correlation forecasts. We show that the classic OGARCH model, nevertheless, tends to be too slow in reflecting sudden changes in market condition due to excessive persistence of the integral univariate GARCH processes. To obtain more flexibility to accommodate abrupt market changes, e.g. financial crisis, we extend classic OGARCH model by incorporating a two-state Markov regime-switching GARCH process. This novel construction allows us to capture recurrent systemic regime shifts. Empirical results show that this generalization resolves the problem of excessive persistency effectively and greatly enhances OGARCHs ability to adapt to sudden market breaks while preserving OGARCHs most attractive features such as dimension reduction and multi-step ahead forecasting. By constructing a global minimum variance portfolio (GMVP), we are able to demonstrate significant outperformance of the extended model over the classic OGARCH model and the commonly used Exponentially Weighted Moving Average (EWMA) model. In addition, we show that the extended model is superior to OGARCH and EWMA in terms of predictive accuracy.
We demonstrate the application of pattern recognition algorithms via hidden Markov models (HMM) for qubit readout. This scheme provides a state-path trajectory approach capable of detecting qubit state transitions and makes for a robust classification scheme with higher starting state assignment fidelity than when compared to a multivariate Gaussian (MVG) or a support vector machine (SVM) scheme. Therefore, the method also eliminates the qubit-dependent readout time optimization requirement in current schemes. Using a HMM state discriminator we estimate fidelities reaching the ideal limit. Unsupervised learning gives access to transition matrix, priors, and IQ distributions, providing a toolbox for studying qubit state dynamics during strong projective readout.
In unsupervised classification, Hidden Markov Models (HMM) are used to account for a neighborhood structure between observations. The emission distributions are often supposed to belong to some parametric family. In this paper, a semiparametric modeling where the emission distributions are a mixture of parametric distributions is proposed to get a higher flexibility. We show that the classical EM algorithm can be adapted to infer the model parameters. For the initialisation step, starting from a large number of components, a hierarchical method to combine them into the hidden states is proposed. Three likelihood-based criteria to select the components to be combined are discussed. To estimate the number of hidden states, BIC-like criteria are derived. A simulation study is carried out both to determine the best combination between the merging criteria and the model selection criteria and to evaluate the accuracy of classification. The proposed method is also illustrated using a biological dataset from the model plant Arabidopsis thaliana. A R package HMMmix is freely available on the CRAN.