Cyberspace Situational Awareness - A High Level Blackboard Architecture for Cyber SA

1. A HIGH LEVEL BLACKBOARD
ARCHITECTURE FOR CYBER SA
CYBERSPACE SITUATIONAL AWARENESS
TIM BASS

2. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1 TIM BASS 7 MAY 2017
KS
BLACKBOARD (BB)
KS KS KS KS
KS KS KS KS KS
BB
CONTROL
(C)
CYBERSPACE SITUATIONAL AWARENESS
(VISUALIZATION & HUMAN COGNITIVE PROCESSING )
SUMMARY HLA OF THIS BRIEF PRESENTATION

3. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
HIGH LEVEL ARCHITECTURE (HLA) FOR
CYBERSPACE SA [1] BLACKBOARD (CSA-BB)
TIM BASS 7 MAY 2017
KS
BLACKBOARD (BB)
KS KS KS KS
KS KS KS KS KS
BB
CONTROL
(C)
KNOWLEDGE SOURCES (KS), BLACKBOARD (BB) & CONTROLLER (C)

4. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
HIGH LEVEL DEFINITIONS [2] FOR THIS PRESENTATION
TIM BASS 7 MAY 2017
‣ BLACKBOARD (BB)
A BLACKBOARD IS DEFINED AS A DATABASE OF OBJECTS OF INTEREST
‣ KNOWLEDGE SOURCES (KS)
THERE ARE THREE TYPES OF KNOWLEDGE SOURCES:
1. SENSORS (S)
2. KNOWLEDGE PROCESSORS (KP)
3. ACTUATORS (A)
‣ THE BLACKBOARD CONTROLLER (C)
THE CONTROLLER IS A CONTROL LOOP WHICH MANAGES BB FLOW CONTROL

5. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
HIGH LEVEL ARCHITECTURE (HLA) FOR
CYBER SA BLACKBOARD (CSA-BB)
TIM BASS 7 MAY 2017
KP
BLACKBOARD
A S S S
S S S KP A
BB
CONTROL

6. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
HIGH LEVEL DEFINITIONS - SENSORS (S)
TIM BASS 7 MAY 2017
SENSORS (S)
A SENSOR A SPECIALIZED TYPE OF KNOWLEDGE SOURCE (KS) THAT HANDLES INPUTS
FROM EXTERNAL SOURCES [2].
A SENSOR PERFORMS AN ATOMIC WRITE OPERATION TO INSERT OR UPDATE IT’S
“OBJECTS OF INTEREST” (OOI) TO THE BLACKBOARD DB. ALL SENSORS HAVE EXPLICIT
EXTERNAL INPUT VARIABLES, THEREFORE SENSORS FALL IN THE CLASS OF EXPLICIT
KNOWLEDGE SOURCES [2].
GENERALLY, THE BB CONTROLLER SELECTS OOI FROM THE SENSOR OBJECT BASES
(SENSOR DATABASES) AND INSERTS OR UPDATES THE BLACKBOARD DB WITH THE
SENSOR DATA [2] THAT MEETS A SELECTION CRITERIA (OFTEN RISK BASED).
EXAMPLES: INTRUSION DETECTION SYSTEMS, APPLICATION & SYSTEM LOG FILES,
NETWORK MONITORING (NETSTAT , SNIFFERS) SYSTEMS, WEB SESSION DATA,

7. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
HIGH LEVEL DEFINITIONS - KNOWLEDGE PROCESSORS (KP)
TIM BASS 7 MAY 2017
KNOWLEDGE PROCESSORS (KP)
A KNOWLEDGE PROCESSOR (KP) IS A SPECIALIZED TYPE OF KNOWLEDGE SOURCE [2].
KNOWLEDGE PROCESSORS TAKE ALL OF THEIR INPUT DIRECTLY FROM THE
BLACKBOARD [2].
A KP TESTS ITS UPDATE CONDITIONS. IF THE BLACKBOARD UPDATE CONDITIONS ARE
TRUE, THE KP EXECUTION PERFORMS AN ATOMIC WRITE OPERATION TO UPDATE
BLACKBOARD OBJECT [2].
EXAMPLES: BAYESIAN RISK SCORING NETWORK, ARTIFICIAL NEURAL NETWORK (ANN),
EXPERT SYSTEM PROCESSING, STATISTICAL MODELS, EXPERT SYSTEM ALGORITHMS,
CORRELATIONS WITH HISTORICAL DATA, ANOMALY DETECTION

8. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
HIGH LEVEL DEFINITIONS - ACTUATOR (A)
TIM BASS 7 MAY 2017
ACTUATOR (A)
AN ACTUATOR IS A SPECIALIZED TYPE OF KS THAT USES BLACKBOARD OBJECTS AS
INPUTS BUT DO NOT UPDATE OBJECTS ON THE BLACKBOARD [2].
ACTUATORS MAY TRIGGER BASED ON KP CONDITIONS FROM BLACKBOARD OBJECTS,
PERFORM A COMPUTATION (RISK SCORING, CONFIDENCE SCORING), AND MODIFY THEIR
LOCAL STATE.
EXAMPLES: ALERT NOTIFICATION SERVICES, IP ADDRESS BLOCKING SERVICES, HUMAN
COGNITIVE VISUALIZATION SERVICES

9. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
CYBER SA BLACKBOARD - EXAMPLE IMPLEMENTATION
TIM BASS 7 MAY 2017
KP
BLACKBOARD (MYSQL DATABASE TABLE)
KP KP KP A
WEB
SESSION
DATA
IDS
ALERTS
NETSTAT
DATA S SBB
CONTROL
SELECT,
JOIN,
INSERT,
UPDATE
DATABASES
CONTROL
BB
PROCESSES
SENSOR DATA STORED IN LOCAL SENSOR MYSQL DATABASE TABLES
KPS PERFORM COMPUTATION ON BB OBJECTS AND
UPDATE BB OBJECTS
ACTIONS BASED ON BB
CONDITIONS

10. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
EXAMPLE TECHNICAL COMPONENTS - HIGH LEVEL VIEW
TIM BASS 7 MAY 2017
SENSORS
LOGIC (PHP)
SENSOR MYSQL DB
BLACKBOARD MYSQL DB
CONTROLLER
(GAMING ENGINE CONTROL LOOP - C#)
JSON (NETWORK)
KNOWLEDGE PROCESSORS
LOGIC (PHP, C#)
JSON (NETWORK)
ACTUATORS
LOGIC (PHP, C#)
JSON (NETWORK)
JSON (NETWORK)

11. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1 TIM BASS 7 MAY 2017
KS
BLACKBOARD (BB)
KS KS KS KS
KS KS KS KS KS
BB
CONTROL
(C)
CYBERSPACE SITUATIONAL AWARENESS
(VISUALIZATION & HUMAN COGNITIVE PROCESSING )
SUMMARY BLACKBOARD ARCHTECTURE

12. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
KEY TAKEAWAYS
TIM BASS 7 MAY 2017
CONTRARY TO THE LITERATURE - A BLACKBOARD ARCHITECTURE IS NOT NECESSARILY A
CLASS OF ARTIFICIAL INTELLIGENT (AI) PROCESSING; HOWEVER, AI METHODS MAY BE
USED IN VARIOUS LOGIC BLOCKS, FOR EXAMPLE KP LOGIC MAY USE AI METHODS
RISK SCORING AND CONFIDENCE SCORING LOGIC, COMBINED WITH THE ELEMENT OF
TIME, ARE OFTEN A KEY COMPONENT OF OBJECT OF INTEREST (OOI) SELECTION
CRITERIA
SELECTED SENSOR OBJECT DATA FROM THE SENSOR OBJECT DATABASE IS INSERTED OR
UPDATED INTO THE BLACKBOARD DATABASE BASED ON SELECTION CRITERIA
KNOWLEDGE PROCESSING ALGORITHMS SELECT AND UPDATE BLACKBOARD OBJECTS
HUMAN COGNITIVE INTERACTION IS VERY IMPORTANT (HUMAN IN THE LOOP) AND CAN
BE MODELED AS ALL THREE TYPES OF KNOWLEDGE SOURCE (SENSOR, KNOWLEDGE
PROCESSOR OR ACTUATOR)

13. PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1
POC IMPLEMENTATION: DONE (BLUE) - WORKING (DARK GREEN)
TIM BASS 7 MAY 2017
SENSORS
LOGIC (PHP)
SENSOR MYSQL DB
BLACKBOARD MYSQL DB
CONTROLLER
(GAMING ENGINE CONTROL LOOP - C#)
JSON (NETWORK)
KNOWLEDGE PROCESSORS
LOGIC (PHP, C#)
JSON (NETWORK)
ACTUATORS (VISUALIZATION)
LOGIC (PHP, C#)
JSON (NETWORK)
JSON (NETWORK)

14. REFERENCES
[1] BASS, TIM, INTRUSION DETECTION SYSTEMS AND MULTISENSOR DATA
FUSION, COMMUNICATIONS OF THE ACM 43(4):99-105 · APRIL 2000, DOI:
10.1145/332051.332079
[2] MCMANUS, J. W., DESIGN AND ANALYSIS TOOLS FOR CONCURRENT
BLACKBOARD SYSTEMS, DIGITAL AVIONICS SYSTEMS CONFERENCE,
PROCEEDINGS 10TH IEEE/AIAA, NOVEMBER 1991, DOI: 10.1109/DASC.
1991.177205
PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1 TIM BASS 7 MAY 2017

15. © TIM BASS, MAY 2017
ALL RIGHTS RESERVED
TIM@UNIX.COM
PRESENTATION DOI 10.13140/RG.2.2.33614.87365/1