Agile Security - Paradigm Shift International

shamebagBiotechnology

Feb 22, 2013 (4 years and 5 months ago)

249 views

rick.dove@parshift.com,
attributed copies permitted

1


Possible Masters Project

Agile Security

Self Organizing Systems of Systems

Pattern Project

rick.dove@parshift.com,
attributed copies permitted

2


What Are We Doing?

Questions we seek answers for:


What makes SO
-
SoSes

work (achieve, grow, behave properly, evolve, …)?

What recurring patterns are seen in various kinds of successful SO
-
SoSes

What are the metrics of SO
-
SoS

success?

What are useful SO
-
SoSes

to observe and analyze for clues?

What knowledge can be utilized now


where and how?

What information can be tested now


where and how?

What data can be experimented with now


where and how?


We are developing a “pattern language” for discourse



we can’t talk about concepts or think about them if we have no words for them,

nor assemble them into meaningful constructions if we don’t have a grammar.

rick.dove@parshift.com,
attributed copies permitted

3


Today, All Systems are Prey.

It matters not their intended purpose and function. Technology is their Achilles
heel. They are defenseless in an age of guerrilla warfare, technologically
empowered individuals, rapid technology development, do
-
it
-
yourself
affordability, readily accessible knowledge, global infrastructure networks, and
the human hacker inclination to re
-
purpose a system just because it’s there.

Systems engineering is awesome. We stand in wonder at the good we can build.
In time we find that this respect and awe is not shared by all. Some take equal
fulfillment in destruction or exploitation, no matter the motivation. The modern
response is after
-
the
-
breech correction and watchdog shepherding. Even the
weapon
-
bristling naval system is humbled by the rubber
-
rafted bomb.

In days of old the important systems embedded security in the architecture:
fortress cities, castles, booby
-
trapped tombs. Security had high priority in the
system engineering trade
-
space. Security was rooted in fundamental
requirements and values. The technologies of construction and destruction were
on a level playing field. With the scientific age the development of technology by
those who practiced construction outpaced the efforts of those who focused on
destruction. The entry barriers of resource and knowledge favored socially
-
developed countries and high
-
visibility activities. Embedded system security was
unnecessary, and atrophied as a practice. Now we have come full circle, as
technically literate and adept practitioners have again leveled the playing field of
construction and destruction, of protection and exploitation.

It is past time that system engineering reclaim and embrace the responsibility for
system security. Technology advancement discovers new vulnerability and
exploitation faster than systems can respond. Flatfooted, they sit as prey. Stone
and mortar castle architecture would not suffice today, nor city fortress
emplacement architecture.

rick.dove@parshift.com,
attributed copies permitted

4


System Security is a Prime SO
-
SoS

Learning Opportunity

Observed Asymmetric Advantages of the Artificial
-
System Adversary


Adversary leads with innovation and evolution


Adversary is a natural system, current security strategy is an artificial system


Adversary self
-
organizes as a dynamic system
-
of
-
systems






Architecture:


Multi
-
agent


Loosely coupled


Self organizing


Systems
-
of
-
systems

Behavior:


Swarm intelligence


Tight learning loops


Fast evolution


Dedicated intent


Assumptions:

All systems are prey.

The goal of a “natural” SO
-
SoS

is survival.

Fundamental natural strategies for survival are innovation and evolution.

Currently the artificial
-
system predator has superior “natural” strategies.

Natural systems have evolved very successful survival patterns.

Artificial
-
system predators have evolved very successful attack patterns.

The best Test & Evaluation is confrontation with the intelligent adversary!

rick.dove@parshift.com,
attributed copies permitted

5


Its not about Cyber Security

…all systems are prey

Its about co
-
evolving

self
-
organizing

systems of systems,

each with first priority on

securing and maintaining existence.


Maslow’s Hierarchy of Needs

(for systems that would live one more day)

1
st

Order:


Core necessity

2
nd

Order:


As affordable

Maslow’s Hierarchy of Needs

(5) Discretionary: non
-
functional performance

of
existence (community impact)

(4) Quality: functional performance of existence

(3) Functionality: product of existence

(
reason for, purpose of)

(2) Security: sustains existence

(1) Energy: enables
existence

rick.dove@parshift.com,
attributed copies permitted

6


Maslow’s Hierarchy of Needs

(for systems that would live one more day)

1
st

Order:


Core necessity

2
nd

Order:


As affordable

Maslow’s Hierarchy of Needs

Energy Needs

Security Needs

Functionality

Performance

Harmony

Its not about Cyber Security

…all systems are prey

Its about co
-
evolving

self
-
organizing

systems of systems,

each with first priority on

securing and maintaining existence.


(5) Discretionary: non
-
functional performance

of
existence (community impact)

(4) Quality: functional performance of existence

(3) Functionality: product of existence

(
reason for, purpose of)

(2) Security: sustains existence

(1) Energy: enables
existence

rick.dove@parshift.com,
attributed copies permitted

7


System
-
Adversary

Observed Behavior Patterns & Characteristics

Fast learning loops

Resilient

Collaborative

Innovative

Adaptable

Self organizing

Distributed

Evolving

Communities of active practice

Effortful learning

Experimental

Technology repurposing

Disposable resources (Suicide attacks, expendable Al
-
Q cells, …)

4
th

gen war patterns

5
th

gen war patterns

…et al.


The Adversary is Systemically Agile

rick.dove@parshift.com,
attributed copies permitted

8


Reality

SO
-
SoS

scares people


-

but SO
-
SoS

are all around us


-

and the adversary thrives on it

SysEs
,
SecEs

and Decision Makers don’t communicate

Only
SysEs

can enable next gen
SecE
: SO
-
SoS


We need a common language and vision = OBJECTIVE


-

for
SysEs
,
SecEs
, and Decision Makers

Patterns reflected from common understandings


-

solve communication problem


-

solve scary problem


-

brings shared vision into focus


(Should you care to accept the mission….)

You can be in the vanguard of SO
-
SoS

pattern discovery


-

choose patterns useful to your work & knowledge dev.


-

suggested pattern concepts can be provided


-

source reference material can be provided


-

collaboration will be provided

rick.dove@parshift.com,
attributed copies permitted

9


common



language



concepts



comfort

Systems
Engineer

Decision
Maker

Objective Met with Stories, Graphics, Metaphors, References


Security
Engineer

rick.dove@parshift.com,
attributed copies permitted

10


Agile system security, as a minimum,

must mirror the agile characteristics

exhibited by the system attack community:

[S]

Self
-
organizing


with humans embedded in the loop,

or with systemic mechanisms.

[A]

Adapting to unpredictable situations



with reconfigurable, readily employed resources.

[R]

Reactively resilient


able to continue,

perhaps with reduced functionality, while recovering.

[E]

Evolving in concert with a changing environment



driven by vigilant awareness and fitness evaluation.

[P]

Proactively innovative


acting preemptively,

perhaps unpredictably, to gain advantage.

[H]

Harmonious with system purpose


aiding rather than
degrading system and user productivity.

To Start: Mirror the Enemy

www.parshift.com/Files/PsiDocs/Pap100226
-
AgileSecuritySelfOrganizingCoEvolution
-
ExtAbst.pdf

rick.dove@parshift.com,
attributed copies permitted

11


Natural systems exhibit all
six characteristics.
Artificial self
-
organizing
agile systems

will have at
least one combination that
traces a path from S to H,
for a minimum of four
characteristics.

S means the system dances



at the pace set by



situational reality.


But by itself, if S


provides no value


(beat is right but


dance is independent

of situation), it is useless. If
we have S and H, without
value (benign result), it is
still useless.


A good example of S
-
A
-
R
-
H
is exhibited by the New York
subway control room. S w/o
A doesn’t ensure things
happen when they
must/should.

Axiom*:
SAREPH

Minimum Combinations

Minimum = S & (
A|E
) & (
R|P
) & H


Reactive

Resilience

Evolving

Strategy

Adaptive

Tactics

Self

Organization

Harmonious

Operation

Proactive

Innovative

S

A

P

H

E

R

Trace any/all

paths from

S to H

* subject to change

rick.dove@parshift.com,
attributed copies permitted

12


When
a room has a window with a view,
it is
a focal
point: people are attracted to the window and want to
look through it. The furniture in the room creates a
second focal point: everyone is attracted toward
the
point the furniture aims them at
(the
center of the room
or a TV). This makes people feel uncomfortable. They
want to look out the window, and toward the other focus
at the same time.
Rearrange
the
furniture
so
its
focal
point becomes the window,
and everyone is comfortable.

That's
a very simple example, and there are literally
hundreds more in this book and its sequel.


The
book's main idea is much more powerful than that. It
applies to almost every aspect of life, not just to
architecture. When a situation makes us unhappy, it is
usually because we have two conflicting goals, and we
aren't balancing them properly.
Alexander's idea is to
identify those ``conflicting forces'', and then find a
solution which brings them into harmony.

[
Leonard R
Budney

, Amazon Reviewer]

This four
-
volume work is
Christopher Alexander's
magnum opus of
architectural philosophy, and
a book on which he has been
working for over twenty
years
.
The essence of that
view is this:
the universe is
not made of "things," but of
patterns, of complex,
interactive geometries.
Furthermore, this way of
understanding the world can
unlock marvelous secrets of
nature, and perhaps even
make possible a renaissance
of human
-
scale design and
technology.

[
Michael
Mehaffy, Amazon Reviewer]

(read this one)

(253 patterns)

rick.dove@parshift.com,
attributed copies permitted

13


Our Pattern Form

Name:

Descriptive name for the pattern.

Context:

Situation that the pattern applies to.

Problem:

Description of the problem.

Forces:

Tradeoffs, value contradictions, constraints,
key dynamics of tension & balance.

Solution:

Description of the solution.

Graphic:

A depiction of response dynamics.

Examples:

Referenced cases where the pattern is
employed.

Agility:

Evidence of
SAREPH

characteristics that
qualify the pattern as agile.

References:

Literature access to examples.


www.parshift.com/Files/PsiDocs/Pap100317Cser
-
OnDiscoveryAndDisplayOfAgileSecurityPatterns.pdf

rick.dove@parshift.com,
attributed copies permitted

14



Example
of a
pattern description
synopsis.

These
descriptions
are for path
-
finder
patterns rather than
well
-
known
common
-
practice
patterns,

full
understanding is
either obtained from
reading the
referenced papers
or from reading
accompanying
discussion pages.



www.parshift.com/Files/PsiDocs/Pap100317Cser
-
OnDiscoveryAndDisplayOfAgileSecurityPatterns.pdf


Dove, Rick and Laura
Shirey
. On Discovery and
Display of Agile Security Patterns. 2010. 8th
Conference on Systems Engineering Research

March 17
-
19, Hoboken, NJ.

www.parshift.com/Files/PsiDocs/Pap100317Cser
-
OnDiscoveryAndDisplayOfAgileSecurityPatterns.pdf


rick.dove@parshift.com,
attributed copies permitted

15


Pattern: Horizontal Gene/Meme Transfer

Context
:

When

conditions

deteriorate,

it

makes

a

lot

of

sense

to

try

to

scavenge

DNA

from

your

neighbors
.

Horizontal

gene

transfer

facilitates

a

fast

microbial

adaptation

to

stress
.

Higher
-
than
-
suspected

transfer

rates

among

microbes

living

in

nutrient
-
poor

environments,

where

sharing

genes

may

be

key

to

survival,

has

been

observed
.

Evidence

indicates

that

organisms

limit

gene

exchange

to

microbes

on

nearby

branches

of

the

family

tree,

probably

because

their

chromosomes

share

certain

characteristics
.

Genes

appear

to

be

exchanged

between

species

with

similar

chromosomal

structures

(
Pennise

2011
)
.

Problem
:

Situational

or

environmental

changes

that

threaten

fitness

or

survival

of

the

organism
.

Forces
:

Short
-
term

adaptability

vs
.

long
-
term
-
evolvability
,

horizontal

gene

transfer

speeds

the

development

of

new

traits

by

a

factor

of

10
,
000

(
Woese

2000
,

Pennise

2011
)
.


Solution
:

Incorporate

appropriate

genetic

material

from

other

organisms

that

have

developed

compatible

and

useful

situational

fitness
.

Mobile

genes

don’t

just

help

a

community

survive,

they

also

provide

the

grist

for

evolutionary

innovations
.


Horizontal gene transfer speeds up innovative short
-
term adaptation and long
-
term evolution

Two modular

gene pools

Innovative adaptation

and evolution

Available high variety

cellular organisms


Intrachromsomal

genes





Extrachromosomal

genes

Rules

1.
Packaging

2.
Transfer

3.
Entry

4.
Establishment

5.
Inheritance

circa 2011

(Dove, Rick. 2011. Webinar: Toward a Systemic Will to Live

Patterns of Self
-
Organizing Agile Security.
www.parshift.com/Files/PsiDocs/PatternQualificationsForAgileSecurity.pdf

)

rick.dove@parshift.com,
attributed copies permitted

16


Pattern: Horizontal Meme Transfer

Examples:


Horizontal gene transfer and evolution. (
Woese

2000) & (
Smets

2005).


Cross
-
domain user
-
behavior
-
channeling pattern catalog. (
Lockton

2009, 2010)


Cross
-
domain dynamic
-
system process
-
pattern project. (
Troncale

1978, 2006)


Universal patterns in human activity and insurgent events. (
Bohorquez

2009).


Patterns in behavioral ecology and anti
-
predator behavior. (Blumstein 2010).


Tradeoff between robustness and fragility in evolving complex systems.

[S]elf organization controls the assembly process.

[A]
daptation

occurs in assemblies that meet needs.

[R]
eactive

resilience occurs with sufficient module mix to meet specific needs.

[E]
volution

occurs in module and protocol upgrades.

[P]
roactive

innovation occurs with speculative assemblies for unknown needs.

[H]
armony

is maintained with a Highly Optimized Tolerance (Carlson 2002) small module
and protocol repertoire in the knot.

References: (see reference section, only URLs shown here. All accessed 1Jan2011))

(Blumstein 2010)
www.eeb.ucla.edu/Faculty/Blumstein/pdf%20reprints/Blumstein_2010_BE.pdf


(
Bohorquez

2009)
www.nature.com/nature/journal/v462/n7275/full/nature08631.html


(Carlson and Doyle 2000)
www.pnas.org/content/99/suppl.1/2538.full.pdf+html


(
Lockton

2009)
http://bura.brunel.ac.uk/bitstream/2438/3664/1/Lockton_SI_paper_disclaimer_added.pdf


(
Lockton

2010)
http://danlockton.com/dwi/Download_the_cards


(
Smets

2005)
www.nature.com/nrmicro/journal/v3/n9/pdf/nrmicro1253.pdf


(
Troncale

1978)
www.allbookstores.com/author/International_Conference_On_Applied_General_Systems_Research_State_Uni.html


(
Troncale

2006)
http://www3.interscience.wiley.com/journal/112635373/abstract?CRETRY=1&SRETRY=0


(
Woese

2000)
www.ncbi.nlm.nih.gov/pmc/articles/PMC26958/pdf/pq008392.pdf


From: Pattern Qualifications and Examples of next Generation Agile System
-
Security Strategies.
www.parshift.com/Files/PsiDocs/PatternQualificationsForAgileSecurity.pdf


rick.dove@parshift.com,
attributed copies permitted

17


Pattern: Bow Tie Processor (assembler/generator/mediator)

Context
:

Complex

system

with

many

diverse

inputs

and

many

diverse

outputs,

where

outputs

need

to

respond

to

many

needs

or

innovate

for

many

or

unknown

opportunities,

and

it

is

not

practical

to

build

unique

one
-
to
-
one

connections

between

inputs

and

outputs
.

Appropriate

examples

include

common

financial

currencies

that

mediate

between

producers

and

consumers,

the

adaptable

biological

immune

system

that

produces

proactive

infection

detectors

from

a

wealth

of

genetic

material,

and

the

Internet

protocol

stack

that

connects

diverse

message

sources

to

diverse

message

sinks
.

Problem
:

Too

many

connection

possibilities

between

available

inputs

and

useful

outputs

to

build

unique

robust,

evolving

satisfaction
-
processes

between

each
.


Forces
:

Large

knot

short
-
term
-
flexibility

vs

small

knot

short
-
term
-
controllability

and

long
-
term
-
evolvability

(
Csete

2004
)
;

robustness

to

known

vs

fragility

to

unknown

(Carlson

2002
)
.


Solution
:

Construct

relatively

small

“knot”

of

fixed

modules


from

selected

inputs,

that

can

be

assembled

into

outputs

as

needed

according

to

a

fixed

protocol
.

A

proactive

example

is

the

adaptable

immune

system

that

constructs

large

quantities

of

random

detectors

(
antigens)

for

unknown

attacks

and

infections
.

A

reactive

example

is

a

manufacturing

line

that

constructs

products

for

customers

demanding

custom

capabilities
.


Millions of random infection detectors generated continuously by fixed rules and modules in the “knot”

Evolve three fixed V
-
D
-
J

gene
-
segment libraries

Fixed
-
rule VDJ assembly

with random interconnects

Random high variety output

with VDJ + VJ assemblies

Available high variety

genetic DNA input

V: 123 Variable segments




D: 27 Diverse segments




J: 6 Joining segments

increases to


~10
9
varieties with

addition of random

nucleotide connections

between
VDJ

&
VJ

joinings

~10
6

VDJ+VJ possible
antigen detector

shapes

V
1

D
1

V
n

V
r

J
r

D
r

r

r

123 Vs

27 Ds

6 Js

1 random from each

+ random connect

D
n

J
n

J
1

rick.dove@parshift.com,
attributed copies permitted

18


Example: Immune system
--
Millions of random infection detectors are generated
continuously by fixed rules and modules

Example: For immune system assembly process (Wikipedia 2010). For numbers (Li 2004).

Example: Bow tie architecture for detector generation and sense
-
making. (Dove 2010).

Example: Bow tie architecture for robust complex networks of many kinds. (
Csete

2004).

Example: General bow tie architecture and flexible
-
standards generation. (
Hartzog

2010).

[S]elf organization controls the assembly process.

[A]
daptation

occurs in assemblies that meet needs.

[R]
eactive

resilience occurs with sufficient module mix to meet specific needs.

[E]
volution

occurs in module and protocol upgrades.

[P]
roactive

innovation occurs with speculative assemblies for unknown needs.

[H]
armony

is maintained with a Highly Optimized Tolerance (Carlson 2002) small module
and protocol repertoire in the knot.

References: (see reference section, only URLs shown here. All accessed 1Jan2011)

(Carlson 2002)
http://gabriel.physics.ucsb.edu/~complex/pubs/hot2.pdf


(
Csete

2004)
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.173.3019&rep=rep1&type=pdf


(Dove 2011)
www.parshift.com/s/110411PatternsForSORNS.pdf


(
Hartzog

2010)
http://blog.p2pfoundation.net/how
-
different
-
is
-
your
-
bow
-
tie/2010/06/21


(Li 2004)
http://bloodjournal.hematologylibrary.org/cgi/reprint/103/12/4602.pdf


(Wikipedia 2011)
http://en.wikipedia.org/wiki/V(D)J_recombination



Pattern: Bow Tie Processor (assembler/generator/mediator)

From: Pattern Qualifications and Examples of next Generation Agile System
-
Security Strategies.
www.parshift.com/Files/PsiDocs/PatternQualificationsForAgileSecurity.pdf


rick.dove@parshift.com,
attributed copies permitted

19


Pattern: Drag
-
and
-
Drop Framework and Modules


Example: Adaptable Immune System

Bow
-
Tie Antigen
-
Detector Generator

detector sequence n

short

chain

long

chain

detector sequence n+1

short

chain

long

chain

detector sequence n+2

short

chain

long

chain

123 V segments

6 J segments

27 D segments

random

nucleotides

Infrastructure evolution

Detector assembly

Module pools and mix evolution

Module inventory condition

Combine two assemblies

Add random nucleotides

Use one each V
-
D
-
J

Use one each V
-
J

Infrastructure

Modules

Assembly Rules

Integrity

Management

Active

Passive

genetic evolution

bone marrow and thymus

genetic evolution

??repair mechanisms??

cell

Y


detector


antibody

B
-
Cell

V
--
D
--
J V
--
J

From: Pattern Qualifications and Examples of next Generation Agile System
-
Security Strategies.
www.parshift.com/Files/PsiDocs/PatternQualificationsForAgileSecurity.pdf


rick.dove@parshift.com,
attributed copies permitted

20


Context:

A complex system or system
-
of
-
systems subject to attack and infection, with low
tolerance for attack success and no tolerance for catastrophic infection success; with
resilient remedial action capability when infection is detected. Appropriate examples include
biological organisms, and cyber networks for military tactical operations, national critical
infrastructure, and commercial economic competition.


Problem:

Directed attack and infection types that constantly evolve in new innovative ways
to circumvent in
-
place attack and infection detectors.


Forces:
False positive tradeoffs with false negatives, system functionality
vs

functionality
impairing detection measures, detectors for anything possible
vs

added costs of
comprehensive detection, comprehensive detection of attack
vs

cost of false detection of
self.


Solution:

A high fidelity model of biological immune system antibody (detection) processes
that generate high quantity and variety of anticipatory speculative detectors in advance of
attack and during infection, and evolve a growing memory of successful detectors specific
to the nature of the system
-
of
-
interest
.

Speculative generation and mutation of detectors recognizes new attacks like a biological immune system

Pattern: Proactive Anomaly Search

rick.dove@parshift.com,
attributed copies permitted

21


Example: Lucid overview of antibody processes, including generation of speculative
antibodies. See (Wikipedia 2010).

Example: Artificial immune system general model applicable to cyber networks. See
(
Hofmeyr

2000).

Example: Determining and evolving self and non
-
self behaviors in system call monitoring.

See
(Forrest 2008).

Example: Detector cloning and mutation improvement. See (Hightower 1996).

[S]elf
organization occurs in negative selection, in limited
-
life positive selection, in
deployment cloning, and in memory of the fittest detectors.

[A]
daptation

occurs in bow
-
tie antibody (detector) creation, in negative selection and in
positive selection.

[R]
eactive

resilience occurs in constant refresh and replacement of useless and aged
detectors.

[E]
volution

occurs as the memory of effective detectors grows with exposure to attacks and
infections.

[P]
roactive

innovation is the process of the bow
-
tie speculative antibody creation.

[H]
armony

is maintained by negative selection, and by limited
-
life purging of ineffective and
of no
-
longer needed
detectors.

References: (see reference section, only URLs shown here. All accessed
1Jan2011)

(Forrest 2008)
http://www.cs.unm.edu/~
forrest/publications/acsac08.pdf


(Hightower 1996)
http://cs.unm.edu/~
forrest/publications/baldwin.pdf


(
Hofmeyr

2000)
http://cs.unm.edu/~
forrest/publications/hofmeyr_forrest.pdf


(Wikipedia
2011)
http://
en.wikipedia.org/wiki/Antibody


Dove, Rick, Patterns of Self
-
Organizing Agile Security for Resilient Network Situational Awareness and Sense
-
Making. 2011.
www.parshift.com/Files/PsiDocs/PatternsForResilientNetworks.pdf


Pattern: Proactive Anomaly Search

rick.dove@parshift.com,
attributed copies permitted

22


Context
:

A

decision

maker

in

need

of

accurate

situational

awareness

in

a

critical

dynamic

environment
.

Examples

include

a

network

system

administrator

in

monitoring

mode

and

under

attack,

a

military

tactical

commander

in

battle,

and

the

NASA

launch

control

room
.

Problem
:

A

very

large

amount

of

low
-
level

noisy

sensory

data

overwhelms

attempts

to

examine

and

conclude

what

relevance

may

be

present,

most

especially

if

time

is

important

or

if

sensory

data

is

dynamic
.


Forces
:

amount

of

data

to

be

examined

vs

time

to

reach

a

conclusion,

number

of

ways

data

can

be

combined

vs

number

of

conclusions

data

can

indicate,

static

sensory

data

vs

dynamic

sensory

data,

noise

tolerated

in

sensory

data

vs

cost

of

low

noise

sensory

data
.

Solution
:

Using

a

bow
-
tie

process,

each

level

looks

for

a

specific

finite

set

of

data

patterns

among

the

infinite

possibilities

of

its

input

combinations,

aggregating

its

input

data

into

specific

chunks

of

information
.

These

chunks

are

fed
-
forward

to

the

next

higher

level,

that

treats

them

in

turn

as

data

further

aggregated

into

higher

forms

of

information

chunks
.

Through

feedback,

a

higher

level

may

bias

a

lower

level

to

favor

certain

chunks

over

others,

predicting

what

is

expected

now

or

next

according

to

an

emerging

pattern

at

the

higher

level
.

Each

level

is

only

interested

in

a

small

number

of

an

infinite

set

of

data
-
combination

possibilities,

but

as

aggregation

proceeds

through

multiple

levels,

complex

data

abstractions

and

recognitions

are

enabled
.

Four level feed forward/backward sense
-
making hierarchy modeled on visual cortex

Pattern: Hierarchical Sensemaking

rick.dove@parshift.com,
attributed copies permitted

23


Example:

Cortical Spatial Sensing


Visual cortex receives noisy retinal raster of ~1,000,000
points and recognizes prior learned patterns in the field of view. See (
Serre

2007).

Example:

Cortical Temporal Sensing


Cortex receives time sequenced sensory input and
constantly predicts what is expected next according to prior learned patterns. See
(George 2009).

Example:

Network Anomaly Sensing


Level 1 network agents detect anomalies on hosts,
Level 2 agents interpret Level 1 alerts and cause inter
-
host collaboration, Level 3
agents set policy for Level 2 and interface with humans at Level 4, Level 4 is human
decider on action and advisor to Level 3.

(
See
Haack

2009).

[S]elf organizing sense
-
making emerges from feed
forward/backward interplay
resolution
path through the four levels.

[A]
dapts

to
noisy input with suggested clean
-
up. (Learning evolves the content of levels, but
is not part of this pattern).

[P]
roactive

prediction of next temporal input feeds back expectations/suggestions to lower
levels.

[H]
armony

is maintained with decision
making
levels receiving situational awareness as
succinct
and relevant information
appropriate with processing
capability
.

References: (see reference section, only URL shown here, all accessed
1Jan2011)

(George
2008)
www.numenta.com/htm
-
overview/education/DileepThesis.pdf



(
Haack

2009)
www.cs.wfu.edu
/~
fulp/Papers/mims09f.pdf


(
Serre

2007)
http://cvcl.mit.edu/Papers/SerreOlivaPoggioPNAS07.pdf

Dove, Rick, Patterns of Self
-
Organizing Agile Security for Resilient Network Situational Awareness and Sense
-
Making. 2011.
www.parshift.com/Files/PsiDocs/PatternsForResilientNetworks.pdf

Pattern: Hierarchical Sensemaking

rick.dove@parshift.com,
attributed copies permitted

24


Blumstein, Daniel T. 2010. Flush Early and Avoid the Rush: A General Rule of
Antipredator

Behavior? Behavioral Ecology,
21: 440
-
442, 26 March.

Bohorquez
, Juan
Camilo

, Sean
Gourley
, Alexander R. Dixon, Michael
Spagat

and Neil F. Johnson. 2009. Common Ecology
Quantifies Human Insurgency.
Nature
, 462(7275), 17 December, pp 911
-
914.

Carlson, Jean and John Doyle. 2000. Highly Optimized Tolerance: Robustness and Design in Complex Systems,
Physical
Review Letters
84 (11): 2529

2532, 13 March.

Carlson, Jean and John Doyle. 2002. Complexity and Robustness.
PNAS

99: 2538

2545, 19 February.

Csete
, Marie and John Doyle. 2004. Bow Ties, Metabolism and Disease. TRENDS in Biotechnology 22(9), September.
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.173.3019&rep=rep1&type=pdf


Csete
, Marie and John Doyle. 2010. Bow Ties, Metabolism and Disease, TRENDS in Biotechnology 22(9), September 2004.
www.cds.caltech.edu/~doyle/CmplxNets/Trends.pdf
.

Dixon, Colin, Anderson, Thomas and Krishnamurthy,
Arvind
, Phalanx: Withstanding Multimillion
-
Node Botnets, NSDI'08:
Proceedings of the 5th
USENIX

Symposium on Networked Systems Design and Implementation, April 2008.

Dove, Rick and Laura
Shirey
. 2010. On Discovery and Display of Agile Security Patterns. Conference on Systems
Engineering Research, Stevens Institute of Technology, Hoboken, NJ, March 17
-
19.
www.parshift.com/Files/PsiDocs/Pap100317Cser
-
OnDiscoveryAndDisplayOfAgileSecurityPatterns.pdf


Dove, Rick. 2011. Patterns of Self
-
Organizing Agile Security for Resilient Network Situational Awareness and Sensemaking.
8th International Conference on Information Technology: New Generations (
ITNG
), April 11
-
13, Las Vegas, NV.
www.parshift.com/s/110411PatternsForSORNS.pdf

Edge, Kenneth S., Gary B. Lamont, and Richard A. Raines, Multi
-
Objective Mobile Network Anomaly Intrusion, International
Journal of Computer Science and Network Security, 6(3b):187
-
192, March, 2006.

Forrest, S., S.
Hofmeyr

and A.
Somayaji
. 2008. The evolution of system
-
call monitoring. Proceedings of the 2008 Annual
Computer Security Applications Conference, pp. 418
-
430.

George,
Deleep
. 2008. How the Brain Might Work: A Hierarchical and Temporal Model for Learning and Recognition, PhD
thesis, Stanford University.
www.numenta.com/htm
-
overview/education/DileepThesis.pdf


Hambling
, Dave, Drone Swarm for Maximum Harm, Defense Tech. April 10, 2006.

Haack
,
Jereme

N., Glenn A. Fink, Wendy M. Maiden, David McKinnon, and
Errin

W.
Fulp
. 2009. Mixed
-
Initiative Cyber
Security: Putting Humans in the Right Loop.
www.cs.wfu.edu/~fulp/Papers/mims09f.pdf

Hartzog
, Paul. 2010. How Different is Your Bow Tie? Blog at P2P Foundation, 21 June 2010.
http://blog.p2pfoundation.net/how
-
different
-
is
-
your
-
bow
-
tie/2010/06/21.

Hightower, R. , S. Forrest and
A.S.

Perelson
. 1996. The Baldwin effect in the immune system: Learning by somatic
hypermutation
. In Adaptive Individuals in Evolving Populations, R. K.
Belew

and M. Mitchell, (eds.), Addison
-
Wesley,
Reading, MA, pp. 159
-
167.
http://cs.unm.edu/~forrest/publications/baldwin.pdf



Previous Pattern References
1/2

rick.dove@parshift.com,
attributed copies permitted

25


Hofmeyr

, S. and S. Forrest. 2000. Architecture for an Artificial Immune System." Evolutionary Computation 7(1), Morgan
-
Kaufmann, San Francisco, CA, pp. 1289
-
1296.
http://cs.unm.edu/~forrest/publications/hofmeyr_forrest.pdf

Khurana
,
Himanshu
, Jim
Basney
,
Mehedi

Bakht
, Mike
Freemon
, Von Welch, Randy Butler. 2009.
Palantir
: A Framework for
Collaborative Incident Response and Investigation. In Symposium on Identity and Trust on the Internet (
IDTrust
),
Gaithersburg, MD, April 14
-
16.
http://netfiles.uiuc.edu/hkhurana/www/IDTrust20091.pdf


Li,
Aihong
, et al. 2004. Utilization of
Ig

Heavy Chain Variable, Diversity, and Joining Gene Segments in Children with B
-
lineage Acute Lymphoblastic Leukemia: Implications for the Mechanisms of
VDJ

Recombination and for Pathogenesis.
Blood,
103(12) 4602
-
4609, 15 June.

Lockton
, Dan with Davis Harrison and Neville A. Stanton. 2010.
Design With Intent
-

101 Patterns for Influencing
Behaviour

Through Design
.
Equifine
. April. Available at
http://www.danlockton.com/dwi/Download_the_cards.

Lockton
, Dan and David Harrison. 2009. Design for Sustainable
Behaviour
: Investigating Design Methods for Influencing
User
Behaviour
. Sustainable Innovation 09: Towards a Low Carbon Innovation Revolution, 14th International
Conference,
Farnham

Castle, UK, 26
-
27 October.

Mahimkar
, A. ,
Dange
, J.,
Shmatikov
, V., Vin, H. and Zhang, Y.,
dFence
: Transparent Network
-
Based Denial of Service
Mitigation, in Proceedings of 4th
USENIX

Symposium on Networked Systems Design and Implementation (
NSDI

2007),
Cambridge, MA, April, 2007.

Serre
, T., Learning a Dictionary of Shape
-
Components in Visual Cortex: Comparison with Neurons, Humans and Machines,
Ph. D Dissertation, Massachusetts Institute of Technology, June, 2006.
http://cvcl.mit.edu/Papers/SerreOlivaPoggioPNAS07.pdf

Smets
, Barth F. and Tamar
Barkay
. 2005. Horizontal gene transfer: perspectives at a crossroads of scientific disciplines.
Nature Reviews Microbiology
3, 675
-
678 (September 2005).

Troncale
, L. 1978. Linkage Propositions Between Fifty Principal Systems Concepts. in Applied General Systems Research:
Recent Developments and Trends :
N.A.T.O.

Conference Series II, Systems Science, G. J.
Klir
, (Ed.), Plenum Press, pp
29
-
52.

Troncale
, L. 2006. Towards A Science of Systems. Systems Research and Behavioral Science, Special Journal Edition on
J.G.

Miller, Founding Editor (
G.A.

Swanson, Ed.) 23(3): 301
-
321.

Wilkinson, Sophie, Plants to Bugs: Buzz Off!, Chemical and Engineering News, June 30, 2001.

Woese
, Carl. 2000. Interpreting the universal
phylogenetic

tree.
PNAS
. 97(15):8392
-
6.
www.ncbi.nlm.nih.gov/pmc/articles/PMC26958/pdf/pq008392.pdf


Zhang, C., Zhang, J., Liu, S., and Liu, Y., Network Intrusion Active Defense Model Based on Artificial Immune System.
Fourth International Conference on Natural Computation, Jinan, China, October 18
-
20, 2008.






Previous Pattern References
2/2

rick.dove@parshift.com,
attributed copies permitted

26


Core Patterns of Biological Systems

(currently half
-
baked hypothesis, maybe a framework for a Pattern Language)

autocatalysis

(self
-
reproductive life itself)

active infrastructure

(will to live, ego, personality)

horizontal

meme

transfer

hierarchical

sensemaking

bow tie

processor

negative

selection

anomaly

detection

genetic

algorithm

fractal

architectural

reflection

modules

and

framework

This is only a current conjecture, and subject to radical evolution

(Early pattern
work exists for
the green area,
nothing yet for
yellow)