Massive pattern recognition techology, inexpensive, employed as artificial immune system and cortical sense-making for network endpoint self-organizing security - with massive anomally learning and detection capability.
Betaleadership Helping Towards The Agile OrganizationSylvain Loubradou
Betaleadership helps you managing the transition to a more agile and collaborative organization, to face better the challenges of a complex world.
Using agile and lean startup methods, you will be able to start this journey with a minimum of risks but a lot of benefits for all stakeholders.
Let's talk about this.
Les points-clés du rapport "The 21s Century Manufacturing Enterprise Strategy" de Nagel, Dove et al.. Écrit en1991 il décrit une agilité organisationnelle que nous cherchons encore à atteindre aujourd'hui…
"L’agilité est la caractéristique qui permet à une organisation de prospérer dans un environnement de changement constant et imprévisible."
Synthèse originale : https://esc.lehigh.edu/content/agility
How to Successfully Scale Agile in Your EnterpriseIsaac Hogue
In an enterprise environment that is not structured to adopt out-of-the-box Agile, it’s critical to adopt Agile to your enterprises business drivers, value structure and governance. While Agile methodologies can improve the predictability, quality, and time to market of your software delivery, they are not a silver bullet.
Today’s companies are moving at a faster rate than they have ever moved before.
Companies are continually getting products out the door to keep up with demand, and more importantly to stay ahead of their competition.
Are you in that same position??
We present an alternative view to fitting Agile into larger organizations. Inspired by Fred Laloux' book "Reinventing Organizations", we offer a coherent and comprehensive model for organizational development which encompasses the past and guides us into the future. Agile finds its place in these concepts, and becomes a means to move between the model's stages.
As a leader in an organization on its agile journey, you'll notice that increasing agility struggles with existing organizational structures, governance systems and management expectations. We've understood for a while that the prevalent ways of how we run organizations are not compatible with Agile. We've tried to package Agile in a way that makes sense to people in organizations working the classical way.
Learn what's new and essential about this model: the idea of organizational models developing with the evolution of human consciousness, progressing in clear stages. Now being a time where a new organizational model is emerging, and what that looks like. Learn how self-management, wholeness and evolutionary purpose shape organizations where agile will flourish and which agile can help bring about.
hope you guys like this , most of the information has come from the 7 habitats of highly effective people by Fanklin Covey. Hope you guys find it helpful to unleash your freedom of choice.
Betaleadership Helping Towards The Agile OrganizationSylvain Loubradou
Betaleadership helps you managing the transition to a more agile and collaborative organization, to face better the challenges of a complex world.
Using agile and lean startup methods, you will be able to start this journey with a minimum of risks but a lot of benefits for all stakeholders.
Let's talk about this.
Les points-clés du rapport "The 21s Century Manufacturing Enterprise Strategy" de Nagel, Dove et al.. Écrit en1991 il décrit une agilité organisationnelle que nous cherchons encore à atteindre aujourd'hui…
"L’agilité est la caractéristique qui permet à une organisation de prospérer dans un environnement de changement constant et imprévisible."
Synthèse originale : https://esc.lehigh.edu/content/agility
How to Successfully Scale Agile in Your EnterpriseIsaac Hogue
In an enterprise environment that is not structured to adopt out-of-the-box Agile, it’s critical to adopt Agile to your enterprises business drivers, value structure and governance. While Agile methodologies can improve the predictability, quality, and time to market of your software delivery, they are not a silver bullet.
Today’s companies are moving at a faster rate than they have ever moved before.
Companies are continually getting products out the door to keep up with demand, and more importantly to stay ahead of their competition.
Are you in that same position??
We present an alternative view to fitting Agile into larger organizations. Inspired by Fred Laloux' book "Reinventing Organizations", we offer a coherent and comprehensive model for organizational development which encompasses the past and guides us into the future. Agile finds its place in these concepts, and becomes a means to move between the model's stages.
As a leader in an organization on its agile journey, you'll notice that increasing agility struggles with existing organizational structures, governance systems and management expectations. We've understood for a while that the prevalent ways of how we run organizations are not compatible with Agile. We've tried to package Agile in a way that makes sense to people in organizations working the classical way.
Learn what's new and essential about this model: the idea of organizational models developing with the evolution of human consciousness, progressing in clear stages. Now being a time where a new organizational model is emerging, and what that looks like. Learn how self-management, wholeness and evolutionary purpose shape organizations where agile will flourish and which agile can help bring about.
hope you guys like this , most of the information has come from the 7 habitats of highly effective people by Fanklin Covey. Hope you guys find it helpful to unleash your freedom of choice.
Agile is an ideal organizational model to manage complex domains, but it does question many structural and cultural assumptions found in a traditional management culture. This presentation shows how transforming a large enterprise towards Agile requires not only a shift in methodology but also a shift in beliefs. We examine the limits of implementing Agile into a traditional enterprise and explore some transformational approaches that address these limits.
The rules of work are changing. Organization 3.0 reflects Agility, an understanding of tribal leadership models, and a recognition that new rules are needed to navigate new organizations that are changing the world today. Teamwork, collaboration, and positive relationships are what matter. If you cannot adopt the new standards, you will be left behind.
Previous organizational structures and processes also reflected their times. Organization 1.0, showed the mentality of industrialism, with stable hierarchies and rule following the norm. Organization 2.0 rewarded specialization, processes, and structure over teams and groups. The "me first" workplace served the lucky few, but is now being replaced by a new generation, with a more thoughtful organization of our lives and work.
Zuzi Sochova's Organization 3.0 seminar shows how you and your organization can benefit from the new paradigm. With dynamic examples, and unique perspectives, Zuzi is a regular headline speaker at Agile conferences world-wide.
Agile HR: Transforming a Human Resources Team Using ScrumSeedbox
At Seedbox Technologies, we use agile development and scrum in all our engineering teams and have the vision of becoming a fully agile company one day. To support this vision, some of our non-engineering teams are starting to adopt and adapt agile principles that will help them deliver more value for our customers, partners, and team members. Here is a kickoff presentation we created to start this transformation with one of our HR teams, responsible for driving our company culture projects. We hope this can inspire other technology (and non-tech) companies to make a similar change in their organizations.
What's the next step in the Evolution of Agile? Enterprise AgilityJohnny Ordóñez
After 15 years of the signing of the Agile Manifesto, Agile has stopped being something exclusive for development teams to become a business imperative for companies that want greater flexibility in delivering their products, market competitiveness and customer satisfaction. Through this talk will explore the evolution of Agile through the years, the Agile approach to achieving business agility and the role of Agile Coaches in this new context.
Building the Agile Enterprise: A New Model for HRJosh Bersin
Josh Bersin's IMPACT 2012 Keynote Speech ... "The Agile Enterprise" - how HR must rapidly evolve through changes in strategy, learning, leadership, and technology to adapt to today's agile management model. Detailed notes available from Bersin & Associates.
Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones.
Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct “Pre-Incident” vs. “Post-Incident” reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function.
In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems.
Presentation for Hybrid Days, making the point that we are part of technologies rather than them being part of us, so our technologies (at least the softer and collective ones) are cyborgs.
Antifragility = Elasticity + Resilience + Machine Learning. Models and Algori...Vincenzo De Florio
Presentation for the ANTIFRAGILE 2014 workshop, https://sites.google.com/site/resilience2antifragile/
Abstract: We introduce a model of the fidelity of open systems—fidelity being interpreted here as the compliance between corresponding
figures of interest in two separate but communicating domains. A special case of fidelity is given by real-timeliness and synchrony,
in which the figure of interest is the physical and the system’s notion of time. Our model covers two orthogonal aspects of fidelity,
the first one focusing on a system’s steady state and the second one capturing that system’s dynamic and behavioral characteristics.
We discuss how the two aspects correspond respectively to elasticity and resilience and we highlight each aspect’s qualities and
limitations. Finally we sketch the elements of a new model coupling both of the first model’s aspects and complementing them
with machine learning. Finally, a conjecture is put forward that the new model may represent a first step towards compositional
criteria for antifragile systems.
The Science of Cyber Security Experimentation: The DETER ProjectDETER-Project
Ms. Terry Benzel's keynote presentation slides at the Annual Security Applications Conference (ACSAC) on December 9, 2011. Ms. Benzel's presentation crystalizes many of the key concepts that she (principal investigator) and her team have been working on in The DETER Project (www.deter-project.org). It provides descriptions of the research focused on new transformational methods of increasing knowledge, incorporating higher level, semantic information about experiments, new approaches to scalable modeling and Emulation, and techniques for increasing the efficiency and efficacy of experimentation. Further described at: http://www.deter-project.org/blog/deter_-_keynote_address_acsac_key_new_web_site
Nexus User Conference DevOps "Table Stakes": The minimum required to play the...Aaron Rinehart
In this session we will cover the ‘table stakes’ or the minimum foundational components in what it means to deliver high quality secure software in today’s software driven world. From gaining visibility into the software supply chain to building empathy with engineering teams through DevSecOps practices we will dive through what it takes to play the bare minimum hand and how that contributes to improving value-velocity and faster adoption of more advanced techniques such as Chaos Engineering.
Agile is an ideal organizational model to manage complex domains, but it does question many structural and cultural assumptions found in a traditional management culture. This presentation shows how transforming a large enterprise towards Agile requires not only a shift in methodology but also a shift in beliefs. We examine the limits of implementing Agile into a traditional enterprise and explore some transformational approaches that address these limits.
The rules of work are changing. Organization 3.0 reflects Agility, an understanding of tribal leadership models, and a recognition that new rules are needed to navigate new organizations that are changing the world today. Teamwork, collaboration, and positive relationships are what matter. If you cannot adopt the new standards, you will be left behind.
Previous organizational structures and processes also reflected their times. Organization 1.0, showed the mentality of industrialism, with stable hierarchies and rule following the norm. Organization 2.0 rewarded specialization, processes, and structure over teams and groups. The "me first" workplace served the lucky few, but is now being replaced by a new generation, with a more thoughtful organization of our lives and work.
Zuzi Sochova's Organization 3.0 seminar shows how you and your organization can benefit from the new paradigm. With dynamic examples, and unique perspectives, Zuzi is a regular headline speaker at Agile conferences world-wide.
Agile HR: Transforming a Human Resources Team Using ScrumSeedbox
At Seedbox Technologies, we use agile development and scrum in all our engineering teams and have the vision of becoming a fully agile company one day. To support this vision, some of our non-engineering teams are starting to adopt and adapt agile principles that will help them deliver more value for our customers, partners, and team members. Here is a kickoff presentation we created to start this transformation with one of our HR teams, responsible for driving our company culture projects. We hope this can inspire other technology (and non-tech) companies to make a similar change in their organizations.
What's the next step in the Evolution of Agile? Enterprise AgilityJohnny Ordóñez
After 15 years of the signing of the Agile Manifesto, Agile has stopped being something exclusive for development teams to become a business imperative for companies that want greater flexibility in delivering their products, market competitiveness and customer satisfaction. Through this talk will explore the evolution of Agile through the years, the Agile approach to achieving business agility and the role of Agile Coaches in this new context.
Building the Agile Enterprise: A New Model for HRJosh Bersin
Josh Bersin's IMPACT 2012 Keynote Speech ... "The Agile Enterprise" - how HR must rapidly evolve through changes in strategy, learning, leadership, and technology to adapt to today's agile management model. Detailed notes available from Bersin & Associates.
Security incident response is a reactive and chaotic exercise. What if it were possible to flip the scenario on its head? Security focused chaos engineering takes the approach of advancing the security incident response apparatus by reversing the postmortem and preparation phases. Contrary to Purple Team or Red Team game days, Security Chaos Engineering does not use threat actor tactics, techniques and procedures. It develops teams through unique configuration, cyber threat and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones.
Security Chaos Engineering allows incident response and product teams to derive new information about the state of security within their distributed systems that was previously unknown. Within this new paradigm of instrumentation where we proactively conduct “Pre-Incident” vs. “Post-Incident” reviews we are now able to more accurately measure how effective our security incident response teams, tools, skills, and procedures are during the manic of the Incident Response function.
In this session Aaron Rinehart, the mind behind the first Open Source Security Chaos Engineering tool ChaoSlingr, will introduce how Security Chaos Engineering can be applied to create highly secure, performant, and resilient distributed systems.
Presentation for Hybrid Days, making the point that we are part of technologies rather than them being part of us, so our technologies (at least the softer and collective ones) are cyborgs.
Antifragility = Elasticity + Resilience + Machine Learning. Models and Algori...Vincenzo De Florio
Presentation for the ANTIFRAGILE 2014 workshop, https://sites.google.com/site/resilience2antifragile/
Abstract: We introduce a model of the fidelity of open systems—fidelity being interpreted here as the compliance between corresponding
figures of interest in two separate but communicating domains. A special case of fidelity is given by real-timeliness and synchrony,
in which the figure of interest is the physical and the system’s notion of time. Our model covers two orthogonal aspects of fidelity,
the first one focusing on a system’s steady state and the second one capturing that system’s dynamic and behavioral characteristics.
We discuss how the two aspects correspond respectively to elasticity and resilience and we highlight each aspect’s qualities and
limitations. Finally we sketch the elements of a new model coupling both of the first model’s aspects and complementing them
with machine learning. Finally, a conjecture is put forward that the new model may represent a first step towards compositional
criteria for antifragile systems.
The Science of Cyber Security Experimentation: The DETER ProjectDETER-Project
Ms. Terry Benzel's keynote presentation slides at the Annual Security Applications Conference (ACSAC) on December 9, 2011. Ms. Benzel's presentation crystalizes many of the key concepts that she (principal investigator) and her team have been working on in The DETER Project (www.deter-project.org). It provides descriptions of the research focused on new transformational methods of increasing knowledge, incorporating higher level, semantic information about experiments, new approaches to scalable modeling and Emulation, and techniques for increasing the efficiency and efficacy of experimentation. Further described at: http://www.deter-project.org/blog/deter_-_keynote_address_acsac_key_new_web_site
Nexus User Conference DevOps "Table Stakes": The minimum required to play the...Aaron Rinehart
In this session we will cover the ‘table stakes’ or the minimum foundational components in what it means to deliver high quality secure software in today’s software driven world. From gaining visibility into the software supply chain to building empathy with engineering teams through DevSecOps practices we will dive through what it takes to play the bare minimum hand and how that contributes to improving value-velocity and faster adoption of more advanced techniques such as Chaos Engineering.
Velocity 2019 - Security Precognition 2019 Slides - San Jose 2019Aaron Rinehart
Large scale distributed systems have unpredictable and complex outcomes that are costly when security incidents occur. Security incident response today is mostly a reactive and chaotic exercise. Chaos engineering allows security incident response teams to proactively experiment on recurring incident patterns to derive new information about underlying factors that were previously unknown.
What if you could flip that scenario on its head? Chaos engineering advances the security incident response framework by reversing the postmortem and preparation phase. This is done by developing live fire exercises that can be measured and managed. Contrary to red team game days, chaos engineering doesn’t use threat actor tactics, techniques, and procedures. Instead it develops teams through unique configuration, cyberthreat, and user error scenarios that challenge responders to react to events outside their playbooks and comfort zones.
Join Aaron Rinehart to explore the hidden costs of security incidents, learn a new technique for uncovering system weaknesses in systems security, and more. You’ll also get a glimpse of ChaoSlingr, an open source security chaos engineering tool built and deployed within a Fortune 5 company. Aaron explains how the tool helped his team discover that many of their security controls didn’t function as intended and how, as a result, they were able to proactively improve them before they caused any real problems.
Sand Piles and Software - Madison Ruby ConferenceZach Dennis
This is a slightly varied version my previous Sand Piles and Software talk for the Madison Ruby Conference. Instead of including slides on the values, it incorporates a second part which is dedicated to decision making and some concrete areas where we can learn to help improve how we make decisions with code.
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna Lastline, Inc.
As sophisticated tools that combine static and dynamic analysis become more ubiquitous, cybercriminals are developing increasingly-evasive malware components that actively counteract analysis and behavior identification. Is this another arms race? Or is it possible to define, quantify, and identify "evasiveness" and use it as a way to detect malicious intent? This talk presents an overview of the problem and how it's been attacked from both industry and academia.
Adaptive Collective Systems - Herding black sheepFoCAS Initiative
This book is about understanding, designing, controlling, and governing adaptive collective systems. It is intended for readers from master's students to Ph.D. students, from engineers to decision makers, and anyone else who is interested in understanding how technologies are changing the way we think and live.
The authors are academics working in various areas of a new rising field: adaptive collective systems.
Stuart Anderson (The University of Edinburgh, United Kingdom)
Nicolas Bredeche (Université Pierre et Marie Curie, France)
A.E. Eiben (VU University Amsterdam, Netherlands)
George Kampis (DFKI, Germany)
Maarten van Steen (VU University Amsterdam, Netherlands)
Book Sprint collaborative writing session facilitator: Adam Hyde
Editor: Sandra Sarala
Designer: Henrik van Leeuwen
Similar to Toward a Systemic Will to Live - Patters of Self-Organizing Agile Security (19)
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
Toward a Systemic Will to Live - Patters of Self-Organizing Agile Security
1. Webinar
Toward a Systemic Will to Live –
Patterns of Self-Organizing Agile Security
Rick Dove
Last Updated: 8 September 2011
(subject to aperiodic and continuous updates at
www.parshift.com/s/TowardsSystemicWillToLive.pdf)
Portions of this work were sponsored by the Department of Homeland Security
under contract D10PC20039. The content of the material
contained herein does not necessarily reflect
the position or policy of the Government, and
no official endorsement is implied.
dove@parshift.com, 1
2. Abstract
This talk puts a focus on systems that have an awareness of their environment,
and that are sensitive to anomalous changes that might signal a threat.
Sensitivity to anomalous change is most useful when every possible change,
within a domain of interest, accurately triggers attention – meaning no false
positives (crying wolf) and no false negatives (undetected anomalies).
We will first explore four inspirational patterns from natural systems that
effectively process noisy sensory input from uncertain & changing environments:
• horizontal gene/meme transfer,
• bow tie processors,
• proactive anomaly search, and
• hierarchical sensemaking.
Then the architecture of the biological immune system will be examined, and
subsequently grounded with an artificial immune system example under
development for a resilient cyber-network sense and sensemaking application.
Of special note is new anomaly detection technology that enables high fidelity
immune system-like performance, effectively covering a vast detection space of
10 to the 15th anomalies in the example shown, with higher capacities practical.
dove@parshift.com, 2
3. General Current Situation
Adversarial Domain (AD) Security Domain (SD)
Adversarial Security
Agent (AA) AA AA Agent (SA) SA SA
Adversarial Security
Communities AD AD Communities SD SD
Dynamic Attack Static Artifact
Dynamic attack
Static artifacts are
includes human and
Relatively Static systems with and
systemic adaptive
Security and System without security
control preying upon
Artifacts (A) measures, updated
fixed artifact
occasionally.
defenses.
dove@parshift.com, 3
5. Asymmetries
Adversary is a natural system, security strategy is an artificial system
Adversary leads with innovation and evolution
Adversary self-organizes as a dynamic system-of-systems
… up next …
Pattern (Language) Project
Some Dynamic Self Organizing System-of-System Security Patterns
Pattern employment on the SornS project
dove@parshift.com, 5
7. Adversarial Advantage
Co-evolution?
Architecture:
Not happening.
Multi-agent The frog is dragging
Loosely coupled us down the block.
Self organizing
Systems-of-systems
Behavior:
We are not in an arms race
Swarm intelligence
– we haven’t engaged.
Tight learning loops
Fast evolution
Adaptive innovation
dove@parshift.com, 7
8. Mirror the Enemy
Agile system security, as a minimum,
must mirror the agile characteristics
exhibited by the system attack community:
[S] Self-organizing – with humans embedded in the loop,
or with systemic mechanisms.
[A] Adapting to unpredictable situations
– with reconfigurable, readily employed resources.
[R] Reactively resilient – able to continue,
perhaps with reduced functionality, while recovering.
[E] Evolving in concert with a changing environment
– driven by vigilant awareness and fitness evaluation.
[P] Proactively innovative – acting preemptively,
perhaps unpredictably, to gain advantage.
[H] Harmonious with system functional purpose – aiding
rather than degrading system and user productivity.
www.parshift.com/Files/PsiDocs/Pap100226-AgileSecuritySelfOrganizingCoEvolution-ExtAbst.pdf
dove@parshift.com, 8
9. Inspirational Patterns
from natural systems that effectively process
noisy sensory input from uncertain and changing environments
10. Evolution and Innovation
Woese, Carl. 2000. Interpreting the universal phylogenetic tree. PNAS. 97(15):8392-6. www.ncbi.nlm.nih.gov/pmc/articles/PMC26958/pdf/pq008392.pdf
Carl Woese: “Vertically generated and “Vertically generated
horizontally acquired variation could be variation is necessarily
viewed as the yin and the yang of the highly restricted in
evolutionary process. character; it amounts
to variations on a
lineage’s existing
cellular themes.
Horizontal transfer, on
the other hand, can call
on the diversity of the
entire biosphere,
molecules and systems
that have evolved
Horizontal Gene Transfer under all manner of
conditions, in a great
“HGT” variety of different
5 steps leading to the stable inheritance of a
transferred gene in a new host. Figure Smets,
Barth F. and Tamar Barkay. 2005. Horizontal gene transfer:
cellular environments.
perspectives at a crossroads of scientific disciplines.
Nature Reviews Microbiology 3, 675-678 (Sep 2005). Thus, horizontally
“The vast majority, between 88% and 98%, of the expansions of protein families [in eight studied derived variation is the
prokaryote clades] are due to HGT. … Xenologs [external transfers] have an average age of
introduction that is twice that of paralogs [internal transfers]. Xenologs are therefore more
major, if not the sole,
persistent.” Treangen, Todd J. and Eduardo P. C. Rocha. 2011. Horizontal Transfer, Not evolutionary source of
Duplication, Drives the Expansion of Protein Families in Prokaryotes. PLoS Genetics 7:1, January.
dove@parshift.com,
true innovation.” 10
11. www.parshift.com/Files/PsiDocs/PatternQualificationsForAgileSecurity.pdf
Pattern: Horizontal Gene/Meme Transfer
Intrachromsomal genes
Extrachromosomal genes
Rules
1. Packaging
2. Transfer
3. Entry
Available high variety Two modular 4. Establishment Innovative adaptation
cellular organisms gene pools 5. Inheritance and evolution
Horizontal gene transfer speeds up innovative short-term adaptation and long-term evolution
Context: When conditions deteriorate, it makes a lot of sense to try to scavenge DNA from
your neighbors. Horizontal gene transfer facilitates a fast microbial adaptation to stress.
Higher-than-suspected transfer rates among microbes living in nutrient-poor environments,
where sharing genes may be key to survival, has been observed. Evidence indicates that
organisms limit gene exchange to microbes on nearby branches of the family tree, probably
because their chromosomes share certain characteristics. Genes appear to be exchanged
between species with similar chromosomal structures (Pennise 2011).
Problem: Situational or environmental changes that threaten fitness or survival of the
organism.
Forces: Short-term adaptability vs. long-term-evolvability, horizontal gene transfer speeds
the development of new traits by a factor of 10,000 (Woese 2000, Pennise 2011).
Solution: Incorporate appropriate genetic material from other organisms that have
developed compatible and useful situational fitness. Mobile genes don’t just help a
community survive, they also provide the grist for evolutionary innovations.
dove@parshift.com, 11
12. www.parshift.com/Files/PsiDocs/PatternQualificationsForAgileSecurity.pdf
Pattern: Bow Tie Processor (assembler/generator/mediator)
V: 123 Variable segments V1 123 Vs Vn
~106 VDJ+VJ possible
antigen detector
shapes
D1 27 Ds Dn
D: 27 Diverse segments
J1 6 Js Jn increases to
~109 varieties with
J: 6 Joining segments addition of random
nucleotide connections
Vr r Dr r Jr 1 random from each
+ random connect between VDJ & VJ joinings
Available high variety Evolve three fixed V-D-J Fixed-rule VDJ assembly Random high variety output
genetic DNA input gene-segment libraries with random interconnects with VDJ + VJ assemblies
Millions of random infection detectors generated continuously by fixed rules and modules in the “knot”
Context: Complex system with many diverse inputs and many diverse outputs, where
outputs need to respond to many needs or innovate for many or unknown opportunities, and
it is not practical to build unique one-to-one connections between inputs and outputs.
Appropriate examples include common financial currencies that mediate between producers
and consumers, the adaptable biological immune system that produces proactive infection
detectors from a wealth of genetic material, and the Internet protocol stack that connects
diverse message sources to diverse message sinks.
Problem: Too many connection possibilities between available inputs and useful outputs to
build unique robust, evolving satisfaction-processes between each.
Forces: Large knot short-term-flexibility vs small knot short-term-controllability and long-
term-evolvability (Csete 2004); robustness to known vs fragility to unknown (Carlson 2002).
Solution: Construct relatively small “knot” of fixed modules from selected inputs, that can
be assembled into outputs as needed according to a fixed protocol. A proactive example is
the adaptable immune system that constructs large quantities of random detectors
(antigens) for unknown attacks and infections. A reactive example is a manufacturing line
that constructs products for customers demanding custom capabilities.
dove@parshift.com, 12
13. www.parshift.com/s/110411PatternsForSORNS.pdf
Pattern: Proactive Anomaly Search
Speculative generation and mutation of detectors recognizes new attacks like a biological immune system
Context: A complex system or system-of-systems subject to attack and infection, with low
tolerance for attack success and no tolerance for catastrophic infection success; with
resilient remedial action capability when infection is detected. Appropriate examples include
biological organisms, and cyber networks for military tactical operations, national critical
infrastructure, and commercial economic competition.
Problem: Directed attack and infection types that constantly evolve in new innovative ways
to circumvent in-place attack and infection detectors.
Forces: False positive tradeoffs with false negatives, system functionality vs functionality
impairing detection measures, detectors for anything possible vs added costs of
comprehensive detection, comprehensive detection of attack vs cost of false detection of
self.
Solution: A high fidelity model of biological immune system antibody (detection) processes
that generate high quantity and variety of anticipatory speculative detectors in advance of
attack and during infection, and evolve a growing memory of successful detectors specific
to the nature of the system-of-interest.
dove@parshift.com, 13
14. www.parshift.com/s/110411PatternsForSORNS.pdf
Pattern: Hierarchical Sensemaking
Four level feed forward/backward sense-making hierarchy modeled on visual cortex
Context: A decision maker in need of accurate situational awareness in a critical dynamic
environment. Examples include a network system administrator in monitoring mode and
under attack, a military tactical commander in battle, and the NASA launch control room.
Problem: A very large amount of low-level noisy sensory data overwhelms attempts to
examine and conclude what relevance may be present, most especially if time is important
or if sensory data is dynamic.
Forces: amount of data to be examined vs time to reach a conclusion, number of ways data
can be combined vs number of conclusions data can indicate, static sensory data vs
dynamic sensory data, noise tolerated in sensory data vs cost of low noise sensory data.
Solution: Using a bow-tie process, each level looks for a specific finite set of data patterns
among the infinite possibilities of its input combinations, aggregating its input data into
specific chunks of information. These chunks are fed-forward to the next higher level, that
treats them in turn as data further aggregated into higher forms of information chunks.
Through feedback, a higher level may bias a lower level to favor certain chunks over others,
predicting what is expected now or next according to an emerging pattern at the higher level.
Each level is only interested in a small number of an infinite set of data-combination
possibilities, but as aggregation proceeds through multiple levels, complex data
abstractions and recognitions are enabled.dove@parshift.com, 14
16. Antibody Creation & Life Cycle
General antibody life cycle: creation, false-positive testing, deployment efficacy or termination, mutation
improvement, and long-term memory.
1. Candidate antibody semi-randomly created.
2. Tolerization period tests immature candidates for false-positive matches.
3. Mature & naïve antibodies put into time limited service.
4. Activated (B-cell) antibodies need co-stimulation (by T-cells) to ensure “improvement” didn’t produce
auto-reactive result, non-activated & non-co-stimulated candidates die when time limit ends.
1
5. Highest affinity co-stimulated antibodies are remembered for
time-limited long term (eg, many years, decades).
6. Co-stimulated antibodies are cloned with structured mutations,
looking for improved (higher) affinity scores.
2
3
4
6
5
Diagram modified from (Hofmeyr 2000). dove@parshift.com, 16
17. Antibody Creation & Life Cycle
General antibody life cycle: creation, false-positive testing, deployment efficacy or termination, mutation
improvement, and long-term memory.
1. Candidate antibody semi-randomly created.
2. Tolerization period tests immature candidates for false-positive matches.
3. Mature & naïve antibodies put into time limited service.
4. Activated (B-cell) antibodies need co-stimulation (by T-cells) to ensure “improvement” didn’t produce
auto-reactive result, non-activated & non-co-stimulated candidates die when time limit ends.
1
5. Highest affinity co-stimulated antibodies are remembered for
time-limited long term (eg, many years, decades).
6. Co-stimulated antibodies are cloned with structured mutations,
looking for improved (higher) affinity scores.
2
Shape/Pattern Space ~109
3
4
6
5
Self nonself discrimination: A
universe of data points is
partitioned into two sets – self
and nonself. Negative
detectors cover subsets of
non-self. From (Esponda 2004)
Diagram modified from (Hofmeyr 2000). dove@parshift.com, 17
19. Proposed Basic Concept
Explore advantages of new pattern processor
Distribute collaborating detector agents at all network endpoints
Artificial Immune System pattern detection a la Forest/Hofmeyr, et al.
Hierarchal sensemaking a la Fink/Fulp, Hawkins/George, et al.
Implement the work of others in a less-constraining technology that
can better approach high fidelity natural-system performance
dove@parshift.com, 19
20. Reconfigurable Pattern Processor
Reusable Cells Reconfigurable in a Scalable Architecture
www.parshift.com/Files/PsiDocs/Pap090303-PatternRecognitionWithoutTradeoffs.pdf
Independent detection cell: Cell-satisfaction
content addressable output pointers
by current input byte
Up to 256 possible features
If active, and satisfied with can be “satisfied” by all
current byte, can activate so-designated byte values
other designated cells
including itself Cell-satisfaction
activation pointers
Individual detection cells are configured
into detectors by linking activation
pointers.
an unbounded number of detector cells configured as finite state machines can extend indefinitely across multiple processors
All active cells have simultaneous access to current data-stream byte
dove@parshift.com, 20
21. Reconfigurable Pattern Processor
Reusable Cells Reconfigurable in a Scalable Architecture
www.parshift.com/Files/PsiDocs/Pap090303-PatternRecognitionWithoutTradeoffs.pdf
Independent detection cell: Cell-satisfaction
content addressable output pointers
by current input byte
Up to 256 possible features
If active, and satisfied with can be “satisfied” by all
current byte, can activate so-designated byte values
other designated cells
including itself Cell-satisfaction
activation pointers
Individual detection cells are configured
into detectors by linking activation
pointers.
Enables High Fidelity Modeling
an unbounded number of detector cells configured as finite state machines can extend indefinitely across multiple processors
All active cells have simultaneous access to current data-stream byte
dove@parshift.com, 21
22. Value-Based Feature Example
A reference pattern example for behavior-verification of a mobile object.
Is it traveling within the planned space/time envelop?
Using GPS position data: Latitude, Longitude, Altitude.
linear, log or other scale F F S Output
absolute relative F = failure
S = success
256
distance
values
minimum
separation
L L A L L A L L A
A O L A O L A O L
T N T T N T T N T
FCM configured to
showing acceptable ranges of values
classify failure/success
Paths and Methods For Peer Behavior Monitoring Among Unmanned Autonomous Systems,
www.parshift.com/Files/PsiDocs/Paths&MethodsForPeerBehaviorMonitoringAmongUnmannedAutonomousSystems.pdf
dove@parshift.com, 22
23. SornS Architecture L5 Correlative
Detection
Self Organizing Resilient Network Agent/Human
Sensing (& Sensemaking)
Architecture anticipates collaboration
Policy/Procedure among SORN networks by L4 agents
Interface
Data Base
Network Network
L4 Correlative Detection Agent // L4 Correlative Detection Agent
SORNS Hardware Device
End Point End Point
L3 Correlative Detection Agent // L3 Correlative Detection Agent
L2 Temporal Detection Agent // L2 Temporal Detection Agent
Phase 1
Focus
L1 Spatial Detector Agent // L1 Spatial Detector Agent
noisy sensor stream noisy sensor stream
(e.g., packets, log files) (e.g., packets, log files)
Multi-level hierarchy refines situational awareness with learning and sensemaking,
supports remedial action agents (human/automated) with succinct relevant information.
Notes:
• For general collaborative hierarchy concept see (Haack 2009)
• For hierarchical feed-forward/backward pattern learning, prediction, and sense-making see (George 2009).
• For hierarchical learning of causal patterns spread as time-sequence events see (Hawkins 2010, Hawkins et al 2010).
dove@parshift.com, 23
25. Endpoint Detector Families – Application Specific
Connection SQL Server Web Server MS Office …Appn
Spatial Detector Detector Detector Detector Detector
Family Family Family Family Family
Temporal Detector Detector Detector Detector Detector
Family Family Family Family Family
Correlative Detector Detector Detector Detector Detector
Family Family Family Family Family
Detection philosophy:
Automated learning of pattern features
within a fixed set of generic pattern structures.
Spatial: n specific things happened in contiguous order
Temporal: n specific things happened in order
Correlative: n specific things happened
dove@parshift.com, 25
26. Proof-of-Concept
IPv4 packet-header detection
– single packet-header signature patterns (spatial connection category)
Three elements to a pattern signature: address – port – type
• Address: 4 bytes - Only the non-host address is of interest.
• Port: 2 bytes - Only the destination port is of interest.
• Types: 3 bits covers 8 types – (TCP, UDP, ICMP, other) x (incoming, outgoing)
The L1-Agent preprocessor/controller selects relevant features from network
packets and feeds them as condensed “feature packets” to the pattern processor
L2 Agent
L1 Agent IPv4 Pattern Processor
network • conventional processor/memory feature packets • special purpose chip
packets • detector generator • detectors in nursery
• feature packet assembly detection • detectors in service
• pattern processor controller alert • detectors in memory
dove@parshift.com, 26
27. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○○○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value.
If the index finds
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies.
dove@parshift.com, 27
28. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○○○○○○○○○○○○●○○
○○ ≈ ○○○○●○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○●○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○●○
○○ ≈ ○○○○○○○○●○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○●
○○ ≈ ○○○○○○○○○○○○○●○○○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value. Loaded with 7 values
If the index finds 192.168.1.44, 0.118, 2
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies. 192.168.1.44 0.118 2
dove@parshift.com, 28
29. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○●○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○●○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○●○
○○ ≈ ○○○○○○○○●○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○●
○○ ≈ ○○○○○○○○○○○○○●○○○○
○○ ≈ ○○○○○○○○○○○○○○○●○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value. Processing Data Stream
If the index finds 192.168.1.44, 0.118, 2
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies.
dove@parshift.com, 29
30. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○●○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○●○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○●○
○○ ≈ ○○○○○○○○●○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○●
○○ ≈ ○○○○○○○○○○○○○●○○○○
○○ ≈ ○○○○○○○○○○○○○○○●○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value. Processing Data Stream
If the index finds 192.168.1.44, 0.118, 2
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies.
dove@parshift.com, 30
31. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○●○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○●○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○●○
○○ ≈ ○○○○○○○○●○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○●
○○ ≈ ○○○○○○○○○○○○○●○○○○
○○ ≈ ○○○○○○○○○○○○○○○●○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value. Processing Data Stream
If the index finds 192.168.1.44, 0.118, 2
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies.
dove@parshift.com, 31
32. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○●○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○●○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○●○
○○ ≈ ○○○○○○○○●○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○●
○○ ≈ ○○○○○○○○○○○○○●○○○○
○○ ≈ ○○○○○○○○○○○○○○○●○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value. Processing Data Stream
If the index finds 192.168.1.44, 0.118, 2
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies.
dove@parshift.com, 32
33. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○●○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○●○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○●○
○○ ≈ ○○○○○○○○●○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○●
○○ ≈ ○○○○○○○○○○○○○●○○○○
○○ ≈ ○○○○○○○○○○○○○○○●○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value. Processing Data Stream
If the index finds 192.168.1.44, 0.118, 2
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies.
dove@parshift.com, 33
34. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○●○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○●○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○●○
○○ ≈ ○○○○○○○○●○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○●
○○ ≈ ○○○○○○○○○○○○○●○○○○
○○ ≈ ○○○○○○○○○○○○○○○●○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value. Processing Data Stream
If the index finds 192.168.1.44, 0.118, 2
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies.
dove@parshift.com, 34
35. Feature Cells and Finite State Machines
(Illustrative example of pattern processor capability)
7 multi-feature detectors “connected”
as a finite state machine (FSM)
start end
256-bit
associative
○○ ≈ ○○○○●○○○○○○○○○○○○○
○○ ≈ ○○○○○○○○○●○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○●○
○○ ≈ ○○○○○○○○●○○○○○○○○○
○○ ≈ ○○○○○○○○○○○○○○○○○●
○○ ≈ ○○○○○○○○○○○○○●○○○○
○○ ≈ ○○○○○○○○○○○○○○○●○○
memory
multi-feature
detectors (MFD).
All active MFDs
are indexed by
the input
stream’s current
byte value. Processing Data Stream
If the index finds 192.168.1.44, 0.118, 2
a set bit, the
next MFD is
activated and
looks at the next
stream byte,
else the process IPv4 address port type
dies.
dove@parshift.com, 35
39. Gang Detector (GD)
A GD is implemented as a 2
dimensional bit array, with each
column corresponding to an MFD of
independent size, but typically a max
Pattern (or Pattern Path) of 256 to accommodate associative
addressing (indexing) by an 8-bit
Feature Indicator Feature Packet byte.
10 ≈ 001001110010101111
01 ≈ 011111110110101001
11 ≈ 110011100011101111
10 ≈ 001100110110111100
00 ≈ 001111110010101011
11 ≈ 001010110100101010
(1-bit) A Feature Indicator is a 1-bit in any
or all of the possible index values.
Non-Feature Indicator
(0-bit) One GD with all Feature Indicators
present would have
Multi-Feature Detectors 256x256x256x256x256x256x8 =
(MFD, variable size)
2.6x1015 unique Pattern Paths.
10101111
This many unique patterns would be
represented in just (6x32)+1 =
193 8-bit data bytes.
Gang Detector If each of these patterns were in a
(eg, with seven multi-feature detectors) pattern list, seven times the number
of possible patterns in data bytes
would be required =
~1016 data bytes in contrast.
dove@parshift.com, 39
40. Gang Detector (GD)
A GD is implemented as a 2
dimensional bit array, with each
column corresponding to an MFD of
independent size, but typically a max
Pattern (or Pattern Path) of 256 to accommodate associative
addressing (indexing) by an 8-bit
Feature Indicator Feature Packet byte.
10 ≈ 001001110010101111
01 ≈ 011111110110101001
11 ≈ 110011100011101111
10 ≈ 001100110110111100
00 ≈ 001111110010101011
11 ≈ 001010110100101010
(1-bit) A Feature Indicator is a 1-bit in any
or all of the possible index values.
Non-Feature Indicator
(0-bit) One GD with all Feature Indicators
present would have
Multi-Feature Detectors 256x256x256x256x256x256x8 =
(MFD, variable size)
2.6x1015 unique Pattern Paths.
10101111
This many unique patterns would be
represented in just (6x32)+1 =
193 8-bit data bytes.
Gang Detector If each of these patterns were in a
(eg, with seven multi-feature detectors) pattern list, seven times the number
of possible patterns in data bytes
would be required =
~1016 data bytes in contrast.
dove@parshift.com, a unique benefit of the approach
40
44. Gang Detector (GD)
Adding a single Feature Indicator
increases the Patterns (Paths) by a factor
of 2, an exponential increase.
00 ≈ 001000000000000000
00 ≈ 010000000100000000
00 ≈ 000001000000000000
00 ≈ 000000100000100000
00 ≈ 000000000000100000
00 ≈ 000000000100001000
An application might create a new GD
with the same percentage of
Feature Indicators in every MFD.
If that were 50%, with six MFDs of size
256 and one of size 8, the total number of
Patterns (Paths) upon creation would be
00001000
128x128x128x128x128x128x4=
1.8x1013 patterns
Detectable at data-stream feed-speed
7 Feature Indicators = 1 Pattern (Path) independent of the number of patterns
8 Feature Indicators = 2 Patterns (Paths)
9 Feature Indicators = 4 Patterns (Paths)
10 Feature Indicators = 8 Patterns (Paths)
dove@parshift.com, 44
45. Gang Detector (GD)
Adding a single Feature Indicator
increases the Patterns (Paths) by a factor
of 2, an exponential increase.
00 ≈ 001000000000000000
00 ≈ 010000000100000000
00 ≈ 000001000000000000
00 ≈ 000000100000100000
00 ≈ 000000000000100000
00 ≈ 000000000100001000
An application might create a new GD
with the same percentage of random
Feature Indicators in every MFD.
If that were 50%, with six MFDs of size
256 and one of size 8, the total number of
Patterns (Paths) upon creation would be
00001000
128x128x128x128x128x128x4=
1.8x1013 patterns
Detectable at data-stream feed-speed
7 Feature Indicators = 1 Pattern (Path) independent of the number of patterns
8 Feature Indicators = 2 Patterns (Paths)
9 Feature Indicators = 4 Patterns (Paths)
10 Feature Indicators = 8 Patterns (Paths)
a unique benefit of the approach
dove@parshift.com, 45
46. Detector Sets
Create a new GD
Gang Detector (GD)
Creation
Mature new GD GD
in the Nursery
Maturation
Insert mature GD GD
into Service
Insertion
GD Use GDs to
detect anomalies
Detection
GD Remove GDs
from Service
Removal
GDN1 GDN2 GDNn GDS1 GDS2 GDSm DM1 DM2 DMm DA1 DA2 DAa
Nursery Set: Service Set: Memory Set: Action Set:
mass patterns mass patterns single/multi patterns single patterns
dove@parshift.com, 46
47. Detector Sets
Create a new GD Multiple gang detectors covering
Gang Detector (GD)
Creation slightly-overlapping portions of total
pattern space collectively increase the
Mature new GD GD total coverage of pattern space.
in the Nursery
Maturation
Insert mature GD GD 50% of Feature Indicators set across 7 MFDs (6@256 & 1@8)
into Service
Insertion
GD Use GDs to
detect anomalies
Detection
GD Remove GDs 99.97% coverage
from Service
Removal with 512 GDs
GDN1 GDN2 GDNn GDS1 GDS2 GDSm DM1 DM2 DMm DA1 DA2 DAa
Nursery Set: Service Set: Memory Set: Action Set:
mass patterns mass patterns single/multi patterns single patterns
dove@parshift.com, 47
49. Coverage as Function of Cardinality
accelerating decline in coverage
as cardinality drops,
40% thought comfortable threshold
Cardinality losses justify the value of refresh-cycling the in-service GDs, and sharing results with other endpoint agents
dove@parshift.com, 49
50. Coverage of 32 MFDs Declines Fast 6 MFDs at 40% = 98.35% at 1024 GDs
dove@parshift.com, 50
51. Gang Detector: Some Context
Good for negative selection, not positive selection
You cannot build a GD by adding patterns to it (in general)
You cannot delete a single pattern from it (like Bloom Filters that way)
00 ≈ 001000000000000000
00 ≈ 010000000100001000
00 ≈ 000001000000000000
00 ≈ 000000000000100000
00 ≈ 000000000000100000
00 ≈ 000000000000001000
The exception, multi-
patterns can be built
with a single MFD
00001000
3 Pattern Paths with no spurious paths introduced
dove@parshift.com, 51
52. SornS Architecture L5 Correlative
Detection
Self Organizing Resilient Network Agent/Human
Sensing (& Sensemaking)
Architecture anticipates collaboration
Policy/Procedure among SORN networks by L4 agents
Interface
Data Base
Network Network
L4 Correlative Detection Agent // L4 Correlative Detection Agent
SORNS Hardware Device
End Point End Point
L3 Correlative Detection Agent // L3 Correlative Detection Agent
L2 Temporal Detection Agent // L2 Temporal Detection Agent
Phase 1
Focus
L1 Spatial Detector Agent // L1 Spatial Detector Agent
noisy sensor stream noisy sensor stream
(e.g., packets, log files) (e.g., packets, log files)
Multi-level hierarchy refines situational awareness with learning and sensemaking,
supports remedial action agents (human/automated) with succinct relevant information.
Notes:
• For general collaborative hierarchy concept see (Haack 2009)
• For hierarchical feed-forward/backward pattern learning, prediction, and sense-making see (George 2009).
• For hierarchical learning of causal patterns spread as time-sequence events see (Hawkins 2010, Hawkins et al 2010).
dove@parshift.com, 52
53. General Architecture
Architecture blends situational
immune system model with cortical hierarchy model. environment
immediate
recognition
Feed-Back Architecture – repeated at all (4 to 5) levels Feed-Forward
Detector Influence Data Stream
Feature Stream Detection Results
Feed-Side Stream PreProc, PatProc with Results PostProc,
Feed-Side
Peer Share Detector Mgmnt, Control Detector Sets Control Detector Mgmnt,
Peer Share
PatProc Control PatProc Control
Feed-Forward Feed-Back
Agent data base and
Data Stream Detector Influence
stream-data buffer
Immune system learning occurs by:
it’s turtles
• augmenting the innate immune system population of
all the way
detectors (e.g., black/white lists), down
• negative selection self-tolerance training (e.g., nursery set),
• experience encounters (e.g., service set), and
• costimulation (e.g., memory-set).
dove@parshift.com, 53