Homeland Security Initiative: Four Pillars of Self-Healing Infrastructure
The following pages are white papers for four projects in Homeland Security: Communication and Computing Network Security, Electric Power Grid, Intelligent Transportation Networks, and Smart Structures. These projects are of a Gestalt nature; highly synergistic, their whole is more than the sum of the parts. Funding of the proposed initiative will make a major contribution to National Security.
For detailed full proposals and more information, please contact:
Donald C. Wunsch II
M.K. Finley Missouri Distinguished Professor
Dept. of Electrical & Computer Engineering
Missouri University of Science and Technology
Rolla MO 65409
(573) 341-4532 fax
Communication and Computing Network Security
Intrusion detection is an exceptionally challenging problem because of two properties: an intelligent human adversary, and curse of dimensionality. The former issue means that, at some level, human-in-the-loop detection and response is probably needed for the most exposed and high-consequence environments. However, for all other situations, cost of doing this is prohibitive. Even when human-in-the-loop is possible, automated techniques offer the possibility to more effectively use the human's time and attention. This brings us to the challenge of curse of dimensionality.
General purpose computers, by definition, allow so many possible operations and states as to make analysis intractable. One way to overcome this problem is to use domain knowledge to reduce dimensionality, followed by reinforcement learning to detect exploits. Either approach by itself has limitations: expert knowledge will detect only known intrusion methods, while reinforcement learning will bog down analyzing unfiltered data. Their combination appears to be a good compromise between these issues.
Domain knowledge can be encoded in the state representation, or explicitly implemented in a rule-based expert system. It is also possible to use both approaches together. The state representation approach involves using Lattice Theory to organize events, while excluding those that are impossible or of no concern. The expert system approach involves knowledge of common components to all intrusions and considering only events that have the potential to include these components. These can be used separately or combined, before feeding the results into a reinforcement learning system.
Reinforcement learning is preferable to other types of machine learning for this problem, because it fits the data. In most available training data, for example, DARPA BSM files, exploits are not specifically marked. In fact, a given event often is an exploit only with respect to its context. Instead, for some time window, it is known whether or not an exploit occurred in that window. This is ideal for reinforcement learning, which is the method of choice when some relevant feedback is given, but explicit training signals are not given. Various forms of reinforcement learning are worth considering, including those based on Dynamic Programming, such as Adaptive Critic Designs, and those based on metaphors of the immune system.
A full-fledged approach to intrusion detection, then, would be to have a combination of projects: experimentation with intrusion techniques to keep up with or ahead of possible threats; analysis of representation issues such as Lattice Theory; and investigation of machine learning approaches involving reinforcement learning.
Budget parameters: 4-5 faculty Co-PI's, 2 to 3 grad students each, equipment, software, travel. Possible partnerships, coordinated proposals, subcontracts, funding conduits with Sandia, Los Alamos, etc.
Electric Power Grid -- Optimization and Intelligent, Reconfigurable Control
The United States is especially reliant on its power generation and transmission system. Events of recent years have demonstrated the fragility of the current system, even in the absence of terrorist threats. Four steps are necessary to improve the situation: increase generation capacity, improve the output of existing capacity, improve transmission capabilities by use of improved technology, and develop the capability to reconfigure the power network when a particular part of it drops out. This proposal addresses the latter three areas.
Improving the output of existing capacity is the fastest way to improve the power generation outlook for the country. It also is the most cost-effective solution for power generation problems in second-world nations. Current power systems operate on unnecessarily conservative safety margins because of limitations in the capability of their control systems. It is now possible to achieve faster, more accurate response to command set-points, under a variety of disturbances, even in a distributed environment, by use of nonlinear control methods. These possibilities need to be rigorously developed in a carefully designed set of simulation studies and laboratory experiments, then deployed on a rolling basis in operating power generation systems.
With the increased power transfer, transient and dynamic stability is of increasing importance for secure operation of power systems. The introduction of the concept of Flexible AC Transmission Systems (FACTS), a family of power electronics equipment has emerged for controlling and optimizing the flow of electrical power in power transmission lines. Worldwide transmission systems are undergoing continuous changes and restructuring. They are becoming more heavily loaded and are being operated in ways not originally envisioned. Transmission systems must be flexible to react to more diverse generation and load patterns. In addition, the economical utilization of transmission system assets is of vital importance to enable utilities in industrialized countries to remain competitive and to survive. In developing countries, the optimized use of transmission systems investments is also important to support industry, create employment and utilize efficiently scarce economic resources. FACTS is a technology that responds to these needs. It significantly alters the way transmission systems are developed and controlled together with the improvements in asset utilization, system flexibility and system performance. The nonlinear control of FACTS devices is an important area that needs be investigated. Intelligent control using neural networks, adaptive critic designs, etc., are potential candidate technologies. The optimal placement of FACTS on the power grid is another challenging task that avails itself to intelligent techniques.
Reconfiguring the power network to adapt to the loss of transmission capability is a necessary part of its operation. The two techniques currently used are buying power on the spot market, and shedding load. Both of these are likely to be the dominant factors in the foreseeable future, but a more organized approach is envisioned. Either of these strategies invokes a cost, and the result is a combinatorial optimization problem. Brute force solution is computationally intractable, so usually guesswork is applied instead. An alternative would be to use machine learning approaches capable of explicitly modeling the cost. Adaptive Critic Designs and related techniques of machine learning are directly modeled on combinatorial optimization techniques and are applicable.
Budget parameters: 4-6 faculty Co-PI's, 2 to 3 grad students each, equipment, software, travel. Possible partnerships, coordinated proposals, subcontracts, funding conduits with Sandia, Georgia Tech, etc.
[A Presentation on Electric Power Grid is available]
Intelligent Transportation Network
The fragility of the national transportation network to even a relatively geographically isolated attack was demonstrated on September 11, 2001. One approach to improve the situation is to make such attacks more difficult, by, for example, augmenting the control and diagnostic capability of aircraft, rail, and critical auto and truck systems. Another approach is mitigation.
The former approach is increasingly feasible due to advances in control systems. Obvious measures that could and should be contemplated to further augment aircraft safety include multiple levels of control, and integrated vehicle health management, smart sensors that detect a variety of situations needing attention. Some of these could usefully be extended to rail and auto transportation. For example, rental vehicles, or for that matter, all new vehicles, could feature integrated controllers that could be affected by satellite or other wireless transmissions. This would improve surveillance of suspects and allow improved options for terminating pursuits.
Mitigation of successful attacks, or serious threats, is also needed. For example, a single airport shutdown currently cripples the aviation network nationwide. Rapid reconfiguration of flights to maximize the effectiveness and timeliness of the remaining network has multiple administrative, financial and technical barriers. However, it is worth solving these problems, because such disruption is easy to induce, even by an individual acting alone, and causes billions in costs. The technical barriers are primarily computational, in that even reasonable, not to mention optimal, solutions of highly combinatorial problems is typically of exponential computational complexity. It would be necessary to develop a system that could precompute many such solutions, and furthermore, learn from doing the activity. The learning is critical, because the solution space of such problems is so large that precomputed solutions would be nearly certain to mismatch with a real problem scenario. However, a system that got faster with experience, the way people do, would be of great use in rerouting problems.
A favorite benchmark for combinatorial optimization is the traveling salesman problem. Most approaches to this problem fail the learning and reconfigurability requirements mentioned above. However, it is possible to design systems that meet both requirements by a divide-and-conquer approach, coupled with a variety of learning techniques. These methods have the potential to significantly expand options available to restore transportation function quickly.
Budget parameters: 3-5 faculty Co-PI's, 2 to 3 grad students each, equipment, software, travel. Possible partnerships, coordinated proposals, subcontracts, funding conduits with Sandia, Los Alamos, Ford, etc.
The most serious attacks on American soil have been against structures. This points up a need for improving our most critical structures in a variety of ways. Among these is the creation of smart structures, taking advantage of current sensor, computing, visualization, simulation and communication technology. Included in this thrust are recovery and rescue technologies such as collective robotics, damage assessment, and rapid response risk analysis for repair and rescue operations. The most serious attacks on American soil have been against structures. This points up a need for improving our most critical structures in a variety of ways. Among these is the creation of smart structures, taking advantage of current sensor, computing, visualization, simulation and communication technology. A Smart Structure is one that contains integral sensing and processing elements to intelligently interpret or control some aspect of the structure. Included in this thrust are recovery and rescue technologies such as collective robotics, damage assessment, performance monitoring, and rapid response risk analysis for repair and rescue operations.
Much can be accomplished simply by outfitting key structures with sensors and making intelligent use of the data thus gathered. Current projects have demonstrated the ability of using neural networks to convert raw sensor data into useful information, such as stress or damage assessment. It is also possible to train "virtual sensorsâ€? by learning the nonlinear mapping from sensors that are inexpensive or easy to implement to those that are more costly to purchase or install. Thus, instrumentation that is only cost-effective in lab settings could be mimicked in mass production, or in adverse environments. Wireless networking also enhances the ability to collect data, particularly inexpensively in installations that already feature the technology.
A related opportunity to enhance surveillance and rescue operations is collective robotics. The key challenge of this field is to achieve the distributed control that allows robust attainment of an objective, such as monitoring suspicious behavior or locating victims. However, we may obtain insight from the behavior of insects, which achieve significant organizational capabilities with limited processing power. Outfitting robots with RAM-based neural networks trained by reinforcement learning offers the opportunity to achieve surprisingly advanced capabilities in extremely limited processing power. Such designs are nearly certain to be necessary as miniaturization advances, yet exploration of these architectures to date has been limited. The capability for massive deployment of this approach could allow dramatic progress in a relatively short period of time.
Improved availability of electronics has a downside as well. However, our increased reliance on electronics for computation and communication offers a high-impact, low-risk target for sabotage and terrorism. Many high-value communications are inadequately protected against electromagnetic attacks, which could be orchestrated from a moderate distance and invisibly. Only brief disruption is needed to cause serious repercussions, and the perpetrators would be free to repeat the act in a different location. Unfortunately, even determining shielding requirements is a computationally intensive proposition, but these problems can be alleviated by nonlinear time series analysis.
Budget parameters: 4-5 faculty Co-PI's, 2 to 3 grad students each, equipment, software, travel.