1. Intelligent Multi-Agent for Intrusion Detection and Countermeasures.
Intrusion detection on heterogeneous distributed systems naturally involves data in various formats and structures, such as log files and real-time operational event data, lending itself to the use of the information retrieval and data mining techniques. Also, intrusion detection and countermeasures would seem to require software which could learn and adapt to the characteristics of a set of systems, which seems to mesh well with autonomous agents. Much of the prior work in intrusion detection involves various artificial intelligence methods and algorithms, which is already an integral part of our intelligent agent work. Our approach to intrusion detection and countermeasures will start with our developing the technical foundation for the work based on known vulnerabilities and components of systems that may be monitored. Then, autonomous software agents will be developed to implement the data warehouse approach to intrusion detection and countermeasures. The data warehouse will be developed using identified attacks and collected system data along with knowledge learned by the agents. The knowledge of the data warehouse will be examined for potential improvements in the intrusion detection system and countermeasures will be identified and developed. Finally, the developed intrusion detection and countermeasures software will be integrated into existing servers for potential distribution to the public. The proposed research seeks to - design, implement, and evaluate adaptive and mobile intelligent multi-agents for intrusion detection and countermeasures in a distributed heterogeneous computing environment; - design, implement, and evaluate alternative (e.g., reactive, deliberative, adaptive, knowledge-based) software prototypes for intelligent multi-agents for intrusion detection; - design, implement, and evaluate a novel architecture for a data warehouse to support data storage and information retrieval in heterogeneous, and distributed databases and knowledge bases; - design, implement, and evaluate alternative approaches to automated or semi-automated knowledge acquisition (using machine learning techniques) from distributed data sources. - integrate developed software for intrusion detection and countermeasures into existing systems.
This research is currently supported through a grant from National Security Agency (NSA), with Drs. Les Miller and Vasant Honavar as co-PIs. In collaboration with Ph.D. student Guy Helmer, we have published several papers in refereed journal and conference.
2. Intelligent Adaptive Traffic Management in Large Communication Networks.
The increasing complexity and dynamics of modern high-speed computing and communication infrastructures such as large communication networks (e.g., Internet2) and distributed computing environments limits the effectiveness of centralized and/or non-adaptive approaches to traffic management and control. For large high-speed networks in particular, these issues manifest themselves in the underlying routing mechanism. The primary responsibility is to collect network state information which in turn forms the base for computing appropriate routes to propagate messages while attempting to optimize one or more performance criteria. The achievable quality of routing decisions is a function of the imprecision or uncertainty associated with the network state information. Due to the network dynamics, frequency of state updates, delay in acquisition of adequately precise knowledge of network states and dynamics, all routing decisions are based on imprecise and uncertain information. This calls for mechanisms that can rapidly acquire and use approximate knowledge of network states and dynamics for effective traffic management and control with minimal resource overhead. Artificial Intelligence, Adaptive Control, Decision Theory, and Machine Learning offer a rich repertoire of tools for development of novel and cost effective solutions in this problem.
The main objectives of this research include the design, implementation, and analysis of distributed adaptive heuristic routing and control mechanisms (embodied in autonomous intelligent agents) for large high-speed infrastructures which: gracefully adapt autonomously to the network dynamics; trade-off some performance criteria against others; are responsive to Quality of Service Requirements; pro-actively avoid adverse load conditions; anticipate the global consequences of decisions.
In collaboration with Drs Vasant Honavar and Armin Mikler, our major accomplishment in this area include the development of a novel utility-theoretic framework for routing in very large communication networks. We have mathematically analyzed the properties of several heuristic knowledge representation and routing functions. Several papers are published in refereed journals and conferences. Ongoing research is aimed at extending our approach to more complex network environments.
3. Distributed Java Object-Oriented Operating System
An operating system is a layer of software that provides an interface for a user to work with underlying physical hardware. This user interface provides an abstract machine that accepts high-level commands as opposed to the low-level commands needed to run the actual hardware. The other purpose of an operating system is to manage the system's resources such as memory and the processor. It should allocate resources efficiently and fairly.
D-JOOOS is an acronym for the Distributed Java Object-Oriented Operating System which can run on several heterogeneous machines connected over a network. D-JOOOS is designed and implemented based on the object-oriented language Java. In an object-oriented operating system, each part of the system is an object. For example, the memory and file managers are objects. The operating system views the hardware as a collection of objects. There is an object for the processor, an object for the hard drive, and an object for the main memory. The system accomplishes tasks through the use of messages sent between objects. If the user wants to save a file, a message is sent to the file manager object, which in turn sends appropriate messages to the disk object.
Object-oriented design has several advantages over procedural design. First, using objects promotes code reuse. Objects can be used over and over in different situations. Also, due to the inherit modularity, object-oriented code is easier to maintain. In D-JOOOS, if the memory manager needs to be adjusted, the whole system does not need to be searched and changed. Only the memory manager object needs to be modified. Being able to reuse code leads to little redundant code. Developers do not need to reproduce essentially the same functions in every different application program. This leads to less code. Having less code means less memory needed to run, less storage space to keep the programs, and less code to read through when modifying or debugging. This all leads to less cost of development.
In collaboration with several graduate students, we have designed and developed a software prototype for D-JOOOS. With the development of Java Chips, D-JOOOS can be enhanced and be used as an embedded operating system for real-time application.
4. Multimedia and Hypermedia System
Nowadays, multimedia information is being generated in increasing quantities. This is due to technological advances in the hardware and software required to access and manage the information. Some of the major hardware advances are reflected in the availability of audio and video processors on workstations, computer interfaces to video products like VCRs, camcorders and video mixers, high capacity storage disks and fast graphics boards for animations. The development of image and video compression algorithms, media file formats, multimedia authoring and presentation systems, and the development of the World Wide Web hypermedia browsers like Netscape and Internet Explorer are software advances that have contributed to the growing archives of multimedia information.
There is a need for the storage of this information in multimedia databases. There is also a need to provide remote access to information stored in these databases. Multimedia databases need to model the structure of the multimedia information and allow for content based retrieval in addition to providing traditional database functions such as access control, concurrency control, transactions, versioning and storage management. Research in this area has indicated that Object Oriented Database Management Systems are best suited to store multimedia information.
In collaboration with several graduate students, we have designed and developed a software prototype for a multimedia information management system that is based on an object-oriented database management system. We also examine and develop various techniques, including CORBA, Java RMI, HTTP and Mobile Agents, to process, manage and access multimedia information.
In the past few years, a number of projects were funded by NSF coalition, IBM Corporation, DOE Ames Laboratories, and Engineering Animation, Inc. (EAI). Currently, a research and development project, funded by the Mayo Clinic, is under way to manage and access multimedia medical record information through the World Wide Web. Several papers have been published in refereed journals and conferences.