NODOZE: Combatting Threat Alert Fatigue with Automated Provenance Triage

/in /by

Large enterprises are increasingly relying on threat detection softwares (e.g., Intrusion Detection Systems) to allow them to spot suspicious activities. These softwares generate alerts which must be investigated by cyber analysts to figure out if they are true attacks. Unfortunately, in practice, there are more alerts than cyber analysts can properly investigate. This leads to a “threat alert fatigue” or information overload problem where cyber analysts miss true attack alerts in the noise of false alarms.In this paper, we present NoDoze to combat this challenge using contextual and historical information of generated threat alert in an enterprise. NoDoze first generates a causal dependency graph of an alert event. Then, it assigns an anomaly score to each event in the dependency graph based on the frequency with which related events have happened before in the enterprise. NoDoze then propagates those scores along the edges of the graph using a novel network diffusion algorithm and generates a subgraph with an aggregate anomaly score which is used to triage alerts. Evaluation on our dataset of 364 threat alerts shows that NoDoze decreases the volume of false alarms by 86%, saving more than 90 hours of analysts’ time, which was required to investigate those false alarms. Furthermore, NoDoze generated dependency graphs of true alerts are 2 orders of magnitude smaller than those generated by traditional tools without sacrificing the vital information needed for the investigation. Our system has a low average runtime overhead and can be deployed with any threat detection software.

Read more

TrackIO: Tracking First Responders Inside-Out

/in /by

First responders, a critical lifeline of any society, often find themselves in precarious situations. The ability to track them in real-time in unknown indoor environments would significantly contribute to the success of their mission as well as their safety. In this work, we present the design, implementation and evaluation of TrackIO–a system capable of accurately localizing and tracking mobile responders real-time in large indoor environments. TrackIO leverages the mobile virtual infrastructure offered by unmanned aerial vehicles (UAVs), coupled with the balanced penetration-accuracy tradeoff offered by ultra-wideband (UWB), to accomplish this objective directly from outside, without relying on access to any indoor infrastructure. Towards a practical system, TrackIO incorporates four novel mechanisms in its design that address key challenges to enable tracking responders (i) who are mobile with potentially non-uniform velocities (e.g. during turns), (ii) deep indoors with challenged reachability, (iii) in real-time even for a large network, and (iv) with high accuracy even when impacted by UAV’s position error. TrackIO’s real-world performance reveals that it can track static nodes with a median accuracy of about 1–1.5m and mobile (even running) nodes with a median accuracy of 2–2.5m in large buildings in real-time.

Read more

Multi-parameter distributed fiber sensing with higherorder optical and acoustic modes

/in /by

We propose a novel multi-parameter sensing technique based on a Brillouin optical time domain reflectometry in the elliptical-core few-mode fiber, using higher-order optical and acoustic modes. Multiple Brillouin peaks are observed for the backscattering of both the LP01 mode and LP11 mode. We characterize the temperature and strain coefficients for various optical–acoustic mode pairs. By selecting the proper combination of modes pairs, the performance of multi-parameter sensing can be optimized. Distributed sensing of temperature and strain is demonstrated over a 0.5-km elliptical-core few-mode fiber, with the discriminative uncertainty of 0.28°C and 5.81 ?? for temperature and strain, respectively.

Read more

Transactive Energy Management with Blockchain Smart Contracts for P2P Multi-Settlement Markets

/in /by

Integration of renewables and energy storage, leading to rise of prosumers, has created localized bidirectional flows. As the result, the utility demand has decreased and traditional centralized controller can no longer realize the optimal performance of ever growing distribution systems. To achieve scalable control, exploiting the potential of smart loads and Distributed Energy Resource (DER) controllability, a framework for decentralized Peer-To-Peer (P2P) energy management has been developed to manage localized micro-energy markets. Such decentralized management approach could, in theory, sustain diverse prosumer and utility business models. We have been developing an autonomous decentralized management solution that maximizes the benefit of prosumers while protecting utility assets. This P2P energy trading market leverages Blockchain technology and its Smart Contract framework. This paper presents 1) transactive energy market for P2P multi-settlement markets, 2) architecture of blockchain-based energy management system, 3) smart contract design that solves an economic dispatch problem of DERs to maximize the profit of pro/consumers.

Read more

Visual Entailment: A Novel Task for Fine-Grained Image Understanding

/in /by

Existing visual reasoning datasets, such as Visual Question Answering (VQA), often suffer from biases conditioned on the question, image or answer distributions. The recently proposed CLEVR dataset addresses these limitations and requires fine-grained reasoning, but the dataset is synthetic and consists of similar objects and sentence structures across the dataset. In this paper, we introduce a new inference task, Visual Entailment (VE) – consisting of image-sentence pairs whereby a premise is defined by an image, rather than a natural language sentence as in traditional Textual Entailment tasks. The goal of a trained VE model is to predict whether the image semantically entails the text. To realize this task, we build a dataset SNLI-VE based on the Stanford Natural Language Inference corpus and Flickr30k dataset. We evaluate various existing VQA baselines and build a model called Explainable Visual Entailment (EVE) system to address the VE task. EVE achieves up to 71% accuracy and outperforms several other state-of-the-art VQA based models. Finally, we demonstrate the explainability of EVE through cross-modal attention visualizations.

Read more

A Deep Neural Network for Unsupervised Anomaly Detection and Diagnosis in Multivariate Time Series Data

/in /by

Nowadays, multivariate time series data are increasingly collected in various real-world systems, e.g., power plants, wearable devices, etc. Anomaly detection and diagnosis in multivariate time series refer to identifying abnormal status in certain time steps and pinpointing the root causes. Building such a system, however, is challenging since it not only requires to capture the temporal dependency in each time series, but also need encode the inter-correlations between different pairs of time series. In addition, the system should be robust to noise and provide operators with different levels of anomaly scores based upon the severity of different incidents. Despite the fact that a number of unsupervised anomaly detection algorithms have been developed, few of them can jointly address these challenges. In this paper, we propose a Multi-Scale Convolutional Recurrent Encoder-Decoder (MSCRED), to perform anomaly detection and diagnosis in multivariate time series data. Specifically, MSCRED first constructs multi-scale (resolution) signature matrices to characterize multiple levels of the system statuses in different time steps. Subsequently, given the signature matrices, a convolutional encoder is employed to encode the inter-sensor (time series) correlations and an attention based Convolutional Long-Short Term Memory (ConvLSTM) network is developed to capture the temporal patterns. Finally, based upon the feature maps which encode the inter-sensor correlations and temporal information, a convolutional decoder is used to reconstruct the input signature matrices and the residual signature matrices are further utilized to detect and diagnose anomalies. Extensive empirical studies based on a synthetic dataset and a real power plant dataset demonstrate that MSCRED can outperform state-of-the-art baseline methods.

Read more

Coherent optical wireless communication link employing orbital angular momentum multiplexing in a ballistic and diffusive scattering medium

/in /by

We experimentally investigate the scattering effect on an 80 Gbit/s orbital angular momentum (OAM) multiplexed optical wireless communication link. The power loss, mode purity, cross talk, and bit error rate performance are measured and analyzed for different OAM modes under scattering levels from ballistic to diffusive regions. Results show that (i) power loss is the main impairment in the ballistic scattering, while the mode purities of different OAM modes are not significantly affected; (ii) in the diffusive scattering, however, the performance of an OAM-multiplexed link further suffers from the increased cross talk between the different OAM modes.

Read more

Attentive Conditional Channel-Recurrent Autoencoding for Attribute-Conditioned Face Synthesis

/in /by

Attribute-conditioned face synthesis has many potential use cases, such as to aid the identification of a suspect or a missing person. Building on top of a conditional version of VAE-GAN, we augment the pathways connecting the latent space with channel-recurrent architecture, in order to provide not only improved generation qualities but also interpretable high-level features. In particular, to better achieve the latter, we further propose an attention mechanism over each attribute to indicate the specific latent subset responsible for its modulation. Thanks to the latent semantics formed via the channel-recurrency, we envision a tool that takes the desired attributes as inputs and then performs a 2-stage general-to-specific generation of diverse and realistic faces. Lastly, we incorporate the progressive-growth training scheme to the inference, generation and discriminator networks of our models to facilitate higher resolution outputs. Evaluations are performed through both qualitative visual examination and quantitative metrics, namely inception scores, human preferences, and attribute classification accuracy.

Read more

Memory Warps for Long-Term Online Video Representations and Anticipation

/in /by

We propose a novel memory-based online video representation that is efficient, accurate and predictive. This is in contrast to prior works that often rely on computationally heavy 3D convolutions, ignore motion when aligning features over time, or operate in an off-line mode to utilize future frames. In particular, our memory (i) holds the feature representation, (ii) is spatially warped over time to compensate for observer and scene motions, (iii) can carry long-term information, and (iv) enables predicting feature representations in future frames. By exploring a variant that operates at multiple temporal scales, we efficiently learn across even longer time horizons. We apply our online framework to object detection in videos, obtaining a large 2.3 times speed-up and losing only 0.9% mAP on ImageNet-VID dataset, compared to prior works that even use future frames. Finally, we demonstrate the predictive property of our representation in two novel detection setups, where features are propagated over time to (i) significantly enhance a real-time detector by more than 10% mAP in a multi-threaded online setup and to (ii) anticipate objects in future frames.

Read more

41.5-Tb/s Transmission Over 549 km of Field Deployed Fiber Using Throughput Optimized Probabilistic-Shaped 144QAM

/in /by

We demonstrate high spectral efficiency transmission over 549 km of field-deployed single-mode fiber using probabilistic-shaped 144QAM. We achieved 41.5 Tb/s over the C-band at a spectral efficiency of 9.02 b/s/Hz using 32-Gbaud channels at a channel spacing of 33.33 GHz, and 38.1 Tb/s at a spectral efficiency of 8.28 b/s/Hz using 48-Gbaud channels at a channel spacing of 50 GHz. To the best of our knowledge, these are the highest total capacities and spectral efficiencies reported in a metro field environment using C-band only. In high spectral efficiency transmission, it is necessary to optimize back-to-back performance in order to maximize the link loss margin. Our results are enabled by the joint optimization of constellation shaping and coding overhead to minimize the gap to Shannon’s capacity, transmitter- and receiver-side digital backpropagation, signal clipping optimization, and I/Q imbalance compensation.

Read more