The theory of trackability and robustness for process detection

Many applications of current interests involve detecting instances of processes from databases or streams of sensor reports. Detecting processes relies on identifying evidences for the existence of such processes from usually noisy and incomplete observable events through statistical inferences. The performance of inferences can vary dramatically, depending on the complexity of processes' behavioral patterns, sensor resolution and sampling rate, SNR, location and coverage, and so on. Stochastic models are mathematical representations of all these factors. In this dissertation, we intend to answer the following questions: (1) Performance—How accurate are the inference results given the model? (2) Trackability—What are the boundaries of the performance of inferences? (3) Robustness—How sensitive is the performance of inferences to perturbations on input data or model parameters? (4) Methodology—How can we improve the trackability and robustness of process detection? From the information theoretic point of view, we address the reason of errors in detection to the losses of source information during the sensing stage, measured as entropy in the Shannon sense. We propose a series of entropic measures of the trackability and robustness for a popular modeling technique—hidden Markov models (HMM). Our major contributions include: the theory of trackability; structural analysis of trackability for HMMs through its non-parametric counterpart—DFA/NFAs; an effective visualization method for analyzing the trackability for HMMs—the Tracking Characteristic Curves (TCC); a series of polynomial time algorithms to compute the proposed measures; a clustering approach for efficient hypothesis management ; and many other results. Our results are evaluated by mathematical analysis and/or numerical simulations.

[1]  Eytan Domany,et al.  Asymptotics of the entropy rate for a hidden Markov process , 2005, Data Compression Conference.

[2]  William H. Sanders,et al.  Solution of Large Markov Models Using Lumping Techniques and Symbolic Data Structures , 2005 .

[3]  G. Nofsinger,et al.  Distributed chemical plume process detection: MILCOM 2005 #1644 , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[4]  John W. Fisher,et al.  Maximum Mutual Information Principle for Dynamic Sensor Query Problems , 2003, IPSN.

[5]  Edwin B. Stear,et al.  Entropy analysis of estimating systems , 1970, IEEE Trans. Inf. Theory.

[6]  Ka Yee Yeung,et al.  Details of the Adjusted Rand index and Clustering algorithms Supplement to the paper “ An empirical study on Principal Component Analysis for clustering gene expression data ” ( to appear in Bioinformatics ) , 2001 .

[7]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[8]  Brian H. Marcus,et al.  Analyticity of entropy rate in families of hidden markov chains , 2005, Proceedings. International Symposium on Information Theory, 2005. ISIT 2005..

[9]  Donald F. Towsley,et al.  Modeling TCP throughput: a simple model and its empirical validation , 1998, SIGCOMM '98.

[10]  Sally Floyd,et al.  Difficulties in simulating the internet , 2001, TNET.

[11]  Edwin B. Stear,et al.  Entropy Analysis of Parameter Estimation , 1969, Inf. Control..

[12]  Aapo Hyvärinen,et al.  Survey on Independent Component Analysis , 1999 .

[13]  Laurent Mevel,et al.  Asymptotical statistics of misspecified hidden Markov models , 2004, IEEE Transactions on Automatic Control.

[14]  Thomas J. Goblick,et al.  Theoretical limitations on the transmission of data from analog sources , 1965, IEEE Trans. Inf. Theory.

[15]  Guofei Jiang,et al.  Trackability analysis of multiple processes using multi-distributed agents , 2005, International Conference on Integration of Knowledge Intensive Multi-Agent Systems, 2005..

[16]  Ioannis Pitas,et al.  Evaluation of tracking reliability metrics based on information theory and normalized correlation , 2004, ICPR 2004.

[17]  H.F. Durrant-Whyte,et al.  On sensor management in decentralized data fusion , 1992, [1992] Proceedings of the 31st IEEE Conference on Decision and Control.

[18]  G. Cybenko,et al.  Developing a distributed system for infrastructure protection , 2000 .

[19]  J. Lagarias,et al.  The finiteness conjecture for the generalized spectral radius of a set of matrices , 1995 .

[20]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[21]  F. LeGland,et al.  Recursive estimation in hidden Markov models , 1997, Proceedings of the 36th IEEE Conference on Decision and Control.

[22]  Denis Pomorski Entropy-based optimisation for binary detection networks , 2000, Proceedings of the Third International Conference on Information Fusion.

[23]  Annarita Giani Efficiency and accuracy trade-offs in process detection , 2004, SPIE Defense + Commercial Sensing.

[24]  L. Mevel,et al.  Recursive identification of HMMs with observations in a finite set , 1995, Proceedings of 1995 34th IEEE Conference on Decision and Control.

[25]  Pramod K. Varshney,et al.  An information theoretic approach to the distributed detection problem , 1989, IEEE Trans. Inf. Theory.

[26]  Sampath Kannan,et al.  Counting and random generation of strings in regular languages , 1995, SODA '95.

[27]  Tristan Henderson,et al.  The changing usage of a mature campus-wide wireless network , 2008, Comput. Networks.

[28]  Guofei Jiang Weak process models for robust process detection , 2004, SPIE Defense + Commercial Sensing.

[29]  Brian D. O. Anderson,et al.  Asymptotic smoothing errors for hidden Markov models , 2000, IEEE Trans. Signal Process..

[30]  Mehmet M. Dalkilic,et al.  Guiding motif discovery by iterative pattern refinement , 2004, SAC '04.

[31]  Carsten Lund,et al.  Learn more, sample less: control of volume and variance in network measurement , 2005, IEEE Transactions on Information Theory.

[32]  Valentino Crespi,et al.  Sampling theory for process detection with applications to surveillance and tracking , 2004, SPIE Defense + Commercial Sensing.

[33]  Neri Merhav,et al.  Hidden Markov processes , 2002, IEEE Trans. Inf. Theory.

[34]  Guofei Jiang,et al.  Semantic message oriented middleware for publish/subscribe networks , 2004, SPIE Defense + Commercial Sensing.

[35]  Padhraic Smyth,et al.  Pattern discovery in sequences under a Markov assumption , 2002, KDD.

[36]  Iven Mareels,et al.  Reduced complexity estimation for large scale hidden Markov models , 2003, ECC.

[37]  S. MacEachern,et al.  Estimating mixture of dirichlet process models , 1998 .

[38]  E. Seneta Non-negative Matrices and Markov Chains , 2008 .

[39]  Vincent H. Berk,et al.  Rapid detection of worms using ICMP-T3 analysis , 2004, SPIE Defense + Commercial Sensing.

[40]  Yakov Bar-Shalom,et al.  Multitarget-Multisensor Tracking: Principles and Techniques , 1995 .

[41]  Vincent H. Berk,et al.  Process query systems for network security monitoring , 2005, SPIE Defense + Commercial Sensing.

[42]  Connie M. Borror,et al.  Robustness of the Markov-chain model for cyber-attack detection , 2004, IEEE Transactions on Reliability.

[43]  Charles V. Wright,et al.  HMM profiles for network traffic classification , 2004, VizSEC/DMSEC '04.

[44]  Robert E. Mahony,et al.  Lumpable hidden Markov models-model reduction and reduced complexity filtering , 2000, IEEE Trans. Autom. Control..

[45]  Gregory Stephens,et al.  Statistical profiling and visualization for detection of malicious insider attacks on computer networks , 2004, VizSEC/DMSEC '04.

[46]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.

[47]  Yong Sheng,et al.  An experimental comparison of hypothesis management approaches for process query systems , 2005, SPIE Defense + Commercial Sensing.

[48]  William J Buchanan High-level Data Link Control (HDLC) , 1996 .

[49]  Philippe Jacquet,et al.  On the entropy of a Hidden Markov process , 2004, ISIT.

[50]  G. Pottie,et al.  Entropy-based sensor selection heuristic for target localization , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[51]  U. Deshpande,et al.  Channel Sampling Strategies for Monitoring Wireless Networks , 2006, 2006 4th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks.

[52]  Yong Sheng,et al.  Trackability in complex situations and environments , 2006, SPIE Defense + Commercial Sensing.

[53]  Darrell Whitley,et al.  A genetic algorithm tutorial , 1994, Statistics and Computing.

[54]  T. Başar,et al.  A New Approach to Linear Filtering and Prediction Problems , 2001 .

[55]  Peng Liu,et al.  Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.

[56]  Ioannis Pitas,et al.  Information theory-based analysis of partial and total occlusion in object tracking , 2002, Proceedings. International Conference on Image Processing.

[57]  Vincent H. Berk,et al.  An overview of process query systems , 2004, SPIE Defense + Commercial Sensing.

[58]  Hugh F. Durrant-Whyte,et al.  Information-theoretic approach to management in decentralized data fusion , 1992, Other Conferences.

[59]  Ofer Zeitouni,et al.  Asymptotic filtering for finite state Markov chains , 1996 .

[60]  P. Bickel,et al.  Asymptotic normality of the maximum-likelihood estimator for general hidden Markov models , 1998 .

[61]  S. P. Lloyd,et al.  Least squares quantization in PCM , 1982, IEEE Trans. Inf. Theory.

[62]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[63]  Donald F. Towsley,et al.  Monitoring and early warning for internet worms , 2003, CCS '03.

[64]  Ana L. N. Fred,et al.  Computation of Substring Probabilities in Stochastic Grammars , 2000, ICGI.

[65]  J. Sethuraman A CONSTRUCTIVE DEFINITION OF DIRICHLET PRIORS , 1991 .

[66]  John B. Moore,et al.  A Soft Output Hybrid Algorithm for ML/MAP Sequence Estimation , 1998, IEEE Trans. Inf. Theory.

[67]  G. Rota,et al.  A note on the joint spectral radius , 1960 .

[68]  Jacques Cohen,et al.  Bioinformatics—an introduction for computer scientists , 2004, CSUR.

[69]  Vincent H. Berk,et al.  Covert Channel Detection Using Process Query Systems , 2005 .

[70]  Y. Bar-Shalom Tracking and data association , 1988 .

[71]  Subhrakanti Dey,et al.  Complexity reduction in fixed-lag smoothing for hidden Markov models , 2002, IEEE Trans. Signal Process..

[72]  R. Chang,et al.  On receiver structures for channels having memory , 1966, IEEE Trans. Inf. Theory.

[73]  Laurent Mevel,et al.  Exponential Forgetting and Geometric Ergodicity in Hidden Markov Models , 2000, Math. Control. Signals Syst..

[74]  B. Leroux Maximum-likelihood estimation for hidden Markov models , 1992 .

[75]  M. Escobar,et al.  Markov Chain Sampling Methods for Dirichlet Process Mixture Models , 2000 .

[76]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[77]  Francisco Casacuberta,et al.  Probabilistic finite-state machines - part I , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[78]  Maxim Raya,et al.  DOMINO: a system to detect greedy behavior in IEEE 802.11 hotspots , 2004, MobiSys '04.

[79]  Gang George Yin,et al.  Recursive algorithms for estimation of hidden Markov models and autoregressive models with Markov regime , 2002, IEEE Trans. Inf. Theory.

[80]  G. Cybenko,et al.  Temporal and spatial distributed event correlation for network security , 2004, Proceedings of the 2004 American Control Conference.

[81]  T. Rydén,et al.  Linear optimal prediction and innovations representations of hidden Markov models , 2003 .

[82]  Yong Sheng,et al.  Distance measures for nonparametric weak process models , 2005, 2005 IEEE International Conference on Systems, Man and Cybernetics.

[83]  David B. Hillis Using a genetic algorithm for multitarget tracking , 1998, SMC'98 Conference Proceedings. 1998 IEEE International Conference on Systems, Man, and Cybernetics (Cat. No.98CH36218).

[84]  Eytan Domany,et al.  From Finite-System Entropy to Entropy Rate for a Hidden Markov Process , 2006, IEEE Signal Processing Letters.

[85]  Brian D. O. Anderson,et al.  Exponential stability of filters and smoothers for Hidden Markov Models , 1997 .

[86]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[87]  J. Shore On a relation between maximum likelihood classification and minimum relative-entropy classification , 1984, IEEE Trans. Inf. Theory.

[88]  Van Nostrand,et al.  Error Bounds for Convolutional Codes and an Asymptotically Optimum Decoding Algorithm , 1967 .

[89]  George Cybenko,et al.  Distributed sensing and UAV scheduling for surveillance and tracking of unidentifiable targets , 2005, SPIE Defense + Commercial Sensing.

[90]  David J. Miller,et al.  Low-delay optimal MAP state estimation in HMM's with application to symbol decoding , 1997, IEEE Signal Processing Letters.

[91]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[92]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[93]  John B. Moore,et al.  Adaptive Estimation of Hmm Transition Probabilities , 1996, Fourth International Symposium on Signal Processing and Its Applications.

[94]  R. Gray,et al.  Vector quantization , 1984, IEEE ASSP Magazine.

[95]  L. Mevel,et al.  Fault detection in hidden Markov models : a local asymptotic approach , 2000, Proceedings of the 39th IEEE Conference on Decision and Control (Cat. No.00CH37187).

[96]  L. Ljung,et al.  Exponential stability of general tracking algorithms , 1995, IEEE Trans. Autom. Control..

[97]  Lili Qiu,et al.  Statistical identification of encrypted Web browsing traffic , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[98]  Huub W. de Waard,et al.  Improved clustering approach for multiplatform data fusion , 2001, SPIE Optics + Photonics.

[99]  John Heidemann,et al.  A tool for RApid model parameterization and its applications , 2003, MoMeTools '03.

[100]  Yong Sheng User interfaces for process modeling and detection systems , 2004, SPIE Defense + Commercial Sensing.

[101]  Martin Janzura,et al.  Minimum entropy of error estimation for discrete random variables , 1996, IEEE Trans. Inf. Theory.

[102]  Vincent H. Berk,et al.  Implementing Large-Scale Autonomic Server Monitoring Using Process Query Systems , 2005, Second International Conference on Autonomic Computing (ICAC'05).

[103]  V. Berk Process query systems : advanced technologies for process detection and tracking , 2006 .

[104]  Jr. G. Forney,et al.  The viterbi algorithm , 1973 .

[105]  George Cybenko,et al.  Airborne plume tracking with sensor networks , 2006, SPIE Defense + Commercial Sensing.

[106]  L. Baum,et al.  A Maximization Technique Occurring in the Statistical Analysis of Probabilistic Functions of Markov Chains , 1970 .

[107]  T. Ferguson A Bayesian Analysis of Some Nonparametric Problems , 1973 .

[108]  D. Blackwell,et al.  Ferguson Distributions Via Polya Urn Schemes , 1973 .

[109]  M. Escobar,et al.  Bayesian Density Estimation and Inference Using Mixtures , 1995 .

[110]  D. B. Hillis,et al.  Using a genetic algorithm for multi-hypothesis tracking , 1997, Proceedings Ninth IEEE International Conference on Tools with Artificial Intelligence.

[111]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[112]  H. Teicher Identifiability of Mixtures of Product Measures , 1967 .

[113]  George Cybenko,et al.  The theory of trackability with applications to sensor networks , 2008, TOSN.

[114]  L. Hong,et al.  Computational complexity analysis for multiple hypothesis tracking , 1997, Proceedings of the 36th IEEE Conference on Decision and Control.

[115]  Peng Ning,et al.  Learning attack strategies from intrusion alerts , 2003, CCS '03.

[116]  George Cybenko,et al.  Metrics for situational awareness using sensor networks , 2005, SPIE Defense + Commercial Sensing.

[117]  R. Gray Entropy and Information Theory , 1990, Springer New York.

[118]  John B. Moore,et al.  On adaptive HMM state estimation , 1998, IEEE Trans. Signal Process..

[119]  Mehryar Mohri,et al.  Semiring Frameworks and Algorithms for Shortest-Distance Problems , 2002, J. Autom. Lang. Comb..

[120]  H. W. de Waard An improved clustering concept for MHT applications , 2001 .

[121]  Francisco Casacuberta,et al.  Probabilistic finite-state machines - part II , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[122]  Allen Gersho,et al.  Vector quantization and signal compression , 1991, The Kluwer international series in engineering and computer science.

[123]  Charles R. Johnson,et al.  Matrix analysis , 1985, Statistical Inference for Engineers and Data Scientists.

[124]  Robert S. Gray,et al.  Using sensor networks and data fusion for early detection of active worms , 2003, SPIE Defense + Commercial Sensing.

[125]  Kun-Chan Lan,et al.  Rapid model parameterization from traffic measurements , 2002, TOMC.

[126]  T. Rydén Consistent and Asymptotically Normal Parameter Estimates for Hidden Markov Models , 1994 .

[127]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.