There Are Three Sources of Knowledge

There Are Three Sources of Knowledge

There are three sources of knowledge in both humans and artificial intelligence:

1) Inductive Inference

2) Deductive Inference

3) Communication

Inductive Inference establishes new facts from data. In technology this is Data Science and Machine Learning which is aimed at making predictions (tentative hypotheses). Inductive probability attempts to give the probability of future events based on past events. It is the basis for inductive reasoning, and gives the mathematical basis for learning and the perception of patterns. 

Read More »

The Big Picture....Belief Propagation with a Common Object Model

The Big Picture....Belief Propagation with a Common Object Model

Ever heard someone use phrases like “I put two and two together,” or “I started to connect the dots?” What is usually meant is that in the examination of the facts at hand an understanding of a feasible explanation is forming. By considering details, a bigger picture can be formed. 

Belief Propagation Network

A belief propagation network (BPN) is a network where messages are passed through a series of nodes in a graph.

Read More »

Do Complex Cybersecurity Issues Cause You Chaos?

Do Complex Cybersecurity Issues Cause You Chaos?

Cybersecurity is really complicated. It is a topic of massive amounts of minute details. From those details, incredibly important big pictures must be formed. Cybersecurity is the art of being situationally aware in chaos.

Software engineering is really complicated. It is a topic of massive amounts of ones and zeros. From those bits (1s and 0s) helpful applications must be formed. Software engineering is the art of creating knowledge from big data formed of bits.

Cybersecurity is inherently complex, as is the world of software. How do we make complex things less complex? How do we "get our heads around" all the things in the cyber domain?

Read More »

Bad Guys Don't Do Normal Things - Part 2

Bad Guys Don't Do Normal Things - Part 2

Any cybersecurity analyst will tell you that there is a huge need to reduce the amount of false positive alerts they receive every day. In the first part of this blog series we described an Incident Response (IR) team that, instead of focusing on true threats, was all-to-often running down “suspect ping” alerts caused by harmless software updates.

We discussed using ontologies to model alert data in graph form. By putting the original alert data into graph form, and using a description logic reasoner, Dark Light™ is able to apply expert knowledge to make inferences. In the case of the “suspect ping” problem, we use knowledge about related processes to reason if the alerts should be ignored, or classified as truly “suspect”.  Read More »

Bad Guys Don’t Do Normal Things - Part 1

Bad Guys Don’t Do Normal Things - Part 1

 

A cybersecurity analyst recently said to me, "Bad guys don't do normal things." He was explaining his thought process behind a particular automated alert. Specifically, he was describing a Splunk alert that notified his team whenever a ‘suspect ping’ process was detected on one of the more than 20,000 devices within their enterprise. This particular alert detected whenever any Windows host executed the ‘ping.exe’ process with a ‘-n’ argument. 

For example: ping 1.1.1.1 -n 1 -w 1000

The peculiar invocation above is not likely to be used by an IT person doing normal network troubleshooting. This non-default command, to send a single ping, might be indicative of malware or an intruder probing the network. This abnormal execution is what makes the ping interesting to a cyber network defender. At the mentioned organization, simply running the above command would be enough to launch a brief investigation by the Incident Response (IR) team.

Read More »

Subscribe to Email Updates

Subscribe via RSS to the blog

Recent Posts