In this paper we discuss work performed in an ambitious DARPA funded cyber security effort. The broad approach taken by the project was for the network to be self-aware and to self-adapt in order to dodge attacks. In critical systems, it is not always the best or practical thing, to shut down the network under attack. The paper describes the qualitative trust modeling and diagnosis system that maintains a model of trust for networked resources using a combination of two basic ideas: Conditional trust (based on conditional preference (CP-Nets) and the principle of maximum entropy (PME)). We describe Monte-Carlo simulations of using adaptive security based on our trust model. The results of the simulations show the trade-off, under ideal conditions, between additional resource provisioning and attack mitigation.

Most modern network-based intrusion detection systems (IDSs) passively monitor network traffic to identify possible attacks through known vectors. Though useful, this approach has widely known high false positive rates, often causing administrators to suffer from a "cry wolf effect," where they ignore all warnings because so many have been false. In this paper, we focus on a method to reduce this effect using an idea borrowed from computer vision and neuroscience called active perception. Our approach is informed by theoretical ideas from decision theory and recent research results in neuroscience. The active perception agent allocates computational and sensing resources to (approximately) optimize its Value of Information. To do this, it draws on models to direct sensors towards phenomena of greatest interest to inform decisions about cyber defense actions. By identifying critical network assets, the organization's mission measures self-interest (and value of information). This model enables the system to follow leads from inexpensive, inaccurate alerts with targeted use of expensive, accurate sensors. This allows the deployment of sensors to build structured interpretations of situations. From these, an organization can meet mission-centered decision-making requirements with calibrated responses proportional to the likelihood of true detection and degree of threat.

This paper describes a novel combination of Java program analysis and automated learning and planning architecture to the domain of Java vulnerability analysis. The key feature of our "HACKAR:Helpful Advice for Code Knowledge and Attack Resilience'' system is its ability to analyze Java programs at development-time, identifying vulnerabilities and ways to avoid them. HACKAR uses an improved version of NASA's Java PathFinder (JPF) to execute Java programs and identify vulnerabilities. The system features new Hierarchical Task Network (HTN) learning algorithms that (1) advance state-of-the-art HTN learners with reasoning about numeric constraints, failures, and more general cases of recursion, and (2) contribute to problem-solving by learning a hierarchical dataflow representation of the program from the inputs of the program. Empirical evaluation demonstrates that HACKAR was able to suggest fixes for all of our test program suites. It also shows that HACKAR can analyze programs with string inputs that original JPF implementation cannot.

The AAAI-07 workshop program was held Sunday and Monday, July 22-23, in Vancouver, British Columbia, Canada. The program included the following thirteen workshops: (1) Acquiring Planning Knowledge via Demonstration; (2) Configuration; (3) Evaluating Architectures for Intelligence; (4) Evaluation Methods for Machine Learning; (5) Explanation-Aware Computing; (6) Human Implications of Human-Robot Interaction; (7) Intelligent Techniques for Web Personalization; (8) Plan, Activity, and Intent Recognition; (9) Preference Handling for Artificial Intelligence; (10) Semantic e-Science; (11) Spatial and Temporal Reasoning; (12) Trading Agent Design and Analysis; and (13) Information Integration on the Web.

The AAAI-07 workshop program was held Sunday and Monday, July 22-23, in Vancouver, British Columbia, Canada. The program included the following thirteen workshops: (1) Acquiring Planning Knowledge via Demonstration; (2) Configuration; (3) Evaluating Architectures for Intelligence; (4) Evaluation Methods for Machine Learning; (5) Explanation-Aware Computing; (6) Human Implications of Human-Robot Interaction; (7) Intelligent Techniques for Web Personalization; (8) Plan, Activity, and Intent Recognition; (9) Preference Handling for Artificial Intelligence; (10) Semantic e-Science; (11) Spatial and Temporal Reasoning; (12) Trading Agent Design and Analysis; and (13) Information Integration on the Web.