Policy-Based Autonomic Data Governance

Generative policies have been proposed as a mechanism to learn the constraints and preferences of a system—especially complex systems such as the ones found in coalitions—in a given context so that the system can adapt to unexpected changes seamlessly, thus achieving the system goals with minimal human intervention. Generative policies can help a coalition system to be more effective when working in a distributed, continuously transforming environment with a diverse set of members, resources, and tasks. Learning mechanisms based on logic programming, e.g., Inductive Logic Programming (ILP), have several properties that make them suitable and attractive for the creation and adaptation of generative policies, such as the ability to learn a general model from a small number of examples, and being able to incorporate existing background knowledge. ILP has recently been extended with the introduction of systems for Inductive Learning of Answer Set Programs (ILASP) which are capable of supporting automated acquisition of complex knowledge such as constraints, preferences and rule-based models. Motivated by the capabilities of ILASP, we present AGENP, an Answer Set Grammar-based Generative Policy Framework for Autonomous Managed Systems (AMS) that aims to support the creation and evolution of generative policies by leveraging ILASP. We describe the framework components, i.e., inputs, data structures, mechanisms to support the refinement and instantiation of policies, identification of policy violations, monitoring of policies, and policy adaptation according to changes in the AMS and its context. Additionally, we present the main work-flow for the global and local refinement of policies and their adaptation based on Answer Set Programming (ASP) for policy representation and reasoning using ILASP. We then discuss an application of the AGENP framework and present preliminary results. c © Springer Nature Switzerland AG 2019 S. Calo et al. (Eds.): PADG 2018, LNCS 11550, pp. 3–20, 2019. https://doi.org/10.1007/978-3-030-17277-0_1

[1]  Elisa Bertino,et al.  Secure Data Aggregation Technique for Wireless Sensor Networks in the Presence of Collusion Attacks , 2015, IEEE Transactions on Dependable and Secure Computing.

[2]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[3]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[4]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[5]  Dan Feldman,et al.  Turning big data into tiny data: Constant-size coresets for k-means, PCA and projective clustering , 2013, SODA.

[6]  Marco Vieira,et al.  Integrated Intrusion Detection in Databases , 2007, LADC.

[7]  Warwick Ford,et al.  Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework , 1999, RFC.

[8]  Vallipuram Muthukkumarasamy,et al.  Performance of Flow-based Anomaly Detection in Sampled Traffic , 2015, J. Networks.

[9]  F. Richard Yu,et al.  A Multi-Level DDoS Mitigation Framework for the Industrial Internet of Things , 2018, IEEE Communications Magazine.

[10]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[11]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[12]  John K. Ousterhout,et al.  In Search of an Understandable Consensus Algorithm , 2014, USENIX ATC.

[13]  Giovanni Vigna,et al.  A Learning-Based Approach to the Detection of SQL Attacks , 2005, DIMVA.

[14]  Songwu Lu,et al.  GRAdient Broadcast: A Robust Data Delivery Protocol for Large Scale Sensor Networks , 2005, Wirel. Networks.

[15]  Hui Zang,et al.  Is sampled data sufficient for anomaly detection? , 2006, IMC '06.

[16]  Dinesh C. Verma,et al.  Federated AI for building AI Solutions across Multiple Agencies , 2018, ArXiv.

[17]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[18]  Joel J. P. C. Rodrigues,et al.  Decentralized Consensus for Edge-Centric Internet of Things: A Review, Taxonomy, and Research Issues , 2018, IEEE Access.

[19]  GERNOT METZE,et al.  On the Connection Assignment Problem of Diagnosable Systems , 1967, IEEE Trans. Electron. Comput..

[20]  Siarhei Kuryla,et al.  RPL: IPv6 Routing Protocol for Low power and Lossy Networks , 2010 .

[21]  Elisa Bertino,et al.  Kalis — A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[22]  L. B. Milstein,et al.  Theory of Spread-Spectrum Communications - A Tutorial , 1982, IEEE Transactions on Communications.

[23]  Elisa Bertino,et al.  PAST: Protocol-Adaptable Security Tool for Heterogeneous IoT Ecosystems , 2018, 2018 IEEE Conference on Dependable and Secure Computing (DSC).

[24]  Fred B. Schneider,et al.  Byzantine generals in action: implementing fail-stop processors , 1984, TOCS.

[25]  Louise E. Moser,et al.  Byzantine Fault Detectors for Solving Consensus , 2003, Comput. J..

[26]  Peter Langendörfer,et al.  tinyDSM: A highly reliable cooperative data storage for Wireless Sensor Networks , 2009, 2009 International Symposium on Collaborative Technologies and Systems.

[27]  Carlo Curino,et al.  OLTP-Bench: An Extensible Testbed for Benchmarking Relational Databases , 2013, Proc. VLDB Endow..

[28]  Sam Toueg,et al.  Fast Distributed Agreement , 1987, SIAM J. Comput..

[29]  Jorge Lobo,et al.  Shortfall-Based Optimal Placement of Security Resources for Mobile IoT Scenarios , 2017, ESORICS.

[30]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[31]  Vallipuram Muthukkumarasamy,et al.  Intelligent Sampling Using an Optimized Neural Network , 2016, J. Networks.

[32]  Chi-Sheng Shih,et al.  Supporting Service Adaptation in Fault Tolerant Internet of Things , 2015, 2015 IEEE 8th International Conference on Service-Oriented Computing and Applications (SOCA).

[33]  Wang-Chien Lee,et al.  Using sensorranks for in-network detection of faulty readings in wireless sensor networks , 2007, MobiDE '07.

[34]  Cristina Nita-Rotaru,et al.  A survey of attack and defense techniques for reputation systems , 2009, CSUR.

[35]  Tien Pham,et al.  Generation and management of training data for AI-based algorithms targeted at coalition operations , 2018, Defense + Security.

[36]  Scott E. Donaldson,et al.  Meeting the Cybersecurity Challenge , 2015 .

[37]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[38]  Keith Marzullo,et al.  Tolerating failures of continuous-valued sensors , 1990, TOCS.

[39]  Lior Rokach,et al.  Sampling High Throughput Data for Anomaly Detection of Data-Base Activity , 2017, ArXiv.

[40]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[41]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[42]  Lior Rokach,et al.  CyberRank: Knowledge Elicitation for Risk Assessment of Database Security , 2016, CIKM.

[43]  Adrian Perrig,et al.  Distributed detection of node replication attacks in sensor networks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[44]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[45]  Dinesh C. Verma,et al.  Policy enabled caching for distributed AI , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[46]  S. Sitharama Iyengar,et al.  Distributed Bayesian algorithms for fault-tolerant event region detection in wireless sensor networks , 2004, IEEE Transactions on Computers.

[47]  Konstantin Kondak,et al.  Journal of Intelligent and Robotic Systems manuscript No. , 2022 .

[48]  Antonio Alfredo Ferreira Loureiro,et al.  Decentralized intrusion detection in wireless sensor networks , 2005, Q2SWinet '05.

[49]  Michael Stonebraker,et al.  Supporting fine-grained data lineage in a database visualization environment , 1997, Proceedings 13th International Conference on Data Engineering.

[50]  Ali A. Ghorbani,et al.  A Lightweight Privacy-Preserving Data Aggregation Scheme for Fog Computing-Enhanced IoT , 2017, IEEE Access.

[51]  Sebastian Schelter,et al.  Automatically Tracking Metadata and Provenance of Machine Learning Experiments , 2017 .

[52]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[53]  Nicholas F. Maxemchuk,et al.  DISPERSITY ROUTING IN STORE-AND-FORWARD NETWORKS. , 1975 .

[54]  Elisa Bertino,et al.  DetAnom: Detecting Anomalous Database Transactions by Insiders , 2015, CODASPY.

[55]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[56]  Murat Kantarcioglu,et al.  SmartProvenance: A Distributed, Blockchain Based DataProvenance System , 2018, CODASPY.

[57]  C. Karlof,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Proceedings of the First IEEE International Workshop on Sensor Network Protocols and Applications, 2003..

[58]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[59]  Marianne Winslett,et al.  Towards a Secure and Efficient System for End-to-End Provenance , 2010, TaPP.

[60]  Yongdae Kim,et al.  Remote Software-Based Attestation for Wireless Sensors , 2005, ESAS.

[61]  Deborah Estrin,et al.  GHT: a geographic hash table for data-centric storage , 2002, WSNA '02.

[62]  Paul T. Groth,et al.  Storing, Tracking, and Querying Provenance in Linked Data , 2017, IEEE Transactions on Knowledge and Data Engineering.

[63]  Roger Wattenhofer,et al.  Fault-Tolerant Clustering in Ad Hoc and Sensor Networks , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[64]  Abhishek Kumar,et al.  Sketch Guided Sampling - Using On-Line Estimates of Flow Size for Adaptive Data Collection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[65]  Charalampos Konstantopoulos,et al.  A survey on jamming attacks and countermeasures in WSNs , 2009, IEEE Communications Surveys & Tutorials.

[66]  Elisa Bertino,et al.  Pareto Optimal Security Resource Allocation for Internet of Things , 2017, ACM Trans. Priv. Secur..

[67]  Fan Long,et al.  Principled Sampling for Anomaly Detection , 2015, NDSS.

[68]  Elisa Bertino,et al.  A System for Profiling and Monitoring Database Access Patterns by Application Programs for Anomaly Detection , 2017, IEEE Transactions on Software Engineering.

[69]  Blaise Agüera y Arcas,et al.  Communication-Efficient Learning of Deep Networks from Decentralized Data , 2016, AISTATS.

[70]  Mahadev Satyanarayanan,et al.  The Emergence of Edge Computing , 2017, Computer.