command and control forensics - dodccrp.org · command and control forensics kirk dunkelberger,...
Post on 02-Jun-2020
12 Views
Preview:
TRANSCRIPT
10th International Command and Control Research and Technology Symposium
Command and Control Forensics
Kirk Dunkelberger, Northrop GrummanMajor Ryan Paterson, USMC, DARPA/IXO
Mark Akey, Northrop Grumman
10th International Command and Control Research and Technology Symposium
Outline
• The Command Post of the Future (CPOF)– Concept and technology
• Development, deployment, and data– CPOF in the field
• The Vision– Supports collaboration, presents knowledge pro-
actively, adapts and learns• Preliminary data analysis• Plans for the future• The Challenge
10th International Command and Control Research and Technology Symposium
CPOF Capabilities
• Analysts and staffers dynamically add a variety of planning, task, resource, etc. info to their “view of the world”
• Views (“thought visualizations”) are automatically shared leading to “topsight”
• Team members can instantly see what other members are doing• People collaborate automatically and almost without thought by preparing
information for others• Commander can see all views and can gather the “big picture” at
any time• “What are my people thinking about?” “Where are they?” “What’s
changed?” “Who is active?” etc.• CDR can synthesize his own custom views from briefings
“Where are you?”
“What are you doing?”
Dramatically Reduced!
10th International Command and Control Research and Technology Symposium
Data Layer Eye
Abstraction
New Abstraction
Expertise
Understanding
Brain
Polymorphic
Focus
Knowledge
Reality
Eye
Data
E1
E2
E3
K1
K2
K3U
Eye
Collaboration – More than info sharing
10th International Command and Control Research and Technology Symposium
CPOF Use by 1st Cavalry Div
Deployed Users at DIV MAIN CPDeployed Users at DIV MAIN CP
BDE CP UsersBDE CP UsersCDRCDR S3S3
MSE Conn
11stst Cav Div CPCav Div CP
ForwardForwardOperatingOperating
BaseBase
BDE CP UsersBDE CP UsersCDRCDR S3S3
MSE Conn
BDE CP UsersBDE CP UsersCDRCDR S3S3
MSE Conn
BDE CP UsersBDE CP UsersCDRCDR S3S3
MSE Conn
Corp LiaisonCorp Liaison
MSE Conn
1 GB LAN1 GB LAN
CGCG COSCOS
CACAMIMIACEACESustainSustain(4)(4)
PlansPlans(4)(4)
ECC(4)ECC(4)CIC (4)CIC (4)
ADCMADCM
= Tactical Com Links
BDE CP UsersBDE CP UsersCDRCDR S3S3
MSE Conn
BDE CP UsersBDE CP UsersCDRCDR S3S3
MSE Conn
BDE CP UsersBDE CP UsersCDRCDR S3S3
MSE Conn
BDE CP UsersBDE CP UsersCDRCDR S3S3
MSE Conn
10th International Command and Control Research and Technology Symposium
Data from Theater
• CPOF repository is checkpointed and archived every hour– Each archive is a snapshot of the state of the system at
that point• A “delta” file captures the changes between
archives• Recorded daily Battle Update Briefs (BUBs) and
Command Update Briefs (CUBS) using CPOF are also captured
Never before in the history of war has this kind of data been captured
10th International Command and Control Research and Technology Symposium
Vision• Applying New Learning Techniques to Enhance Command Environment
– Capture, share and reason on knowledge– Relevant, critical knowledge mapped to current problem– Better understanding of the battlespace environment– Learning the evolving command process
• Build Adaptive Tools for Dynamic Command Process– Introduce adaptive awareness into C2 systems– Rapid access to essential domain expertise (subj ID), anywhere in the world– Dynamic ad-hoc team formation– System adapts to situation– Proactive retrieval (new domain-centric algorithms & knowledge representation)
• Develop Metrics for “C2 as a Science”– Measure success, align with NCO paradigm, produce superior effects– Improve commander expertise by orders of magnitude in time & effectiveness
• Lay Foundation for BattleZone– Superior decision making through knowledge and information superiority– Complete immersion in virtual combat environment (personalized)
Integrate new learning techniques and adaptive capabilities to revolutionize the way commanders discover and share resources and knowledge
10th International Command and Control Research and Technology Symposium
Jan 06 Jan 08 Jan 09 Jan 10Jan 07
Phase 0: Adaptive Command
Phase 1: BattleNet
Phase 4: BattlePlex II
Phase 3: BattlePlex I
Phase 2: BattleSchool
Capture Live Combat
Extreme Scenarios
Designer’s Workbench(New Technologies/Systems/
Concepts)
Strategic SyllabusFor Life Long LearningCommander’s
Reference Library Interactive EncyclopediaOf All Battles
Career Progression
Reconstruction of Operations
Families of Decision Exercises
Cultural Immersion
Interactive History
Initial Learning & Skill Acquisition
Practice
Rehearse
Execute in the Real World
Observe & Understand
Learning TechniquesAdaptive Tools
What If? Capability
C2 as a Science
Amplifying IntuitiveKnowledge
BattleZone Concept
10th International Command and Control Research and Technology Symposium
Preliminary Data Analysis
?
21 134 34 34 18 6 23 10 35 5 7
1085204401265 1085205721265 1085217941437 1085241600000 1085252400000 1085256000000 1085259600000 1085263200000 1085266800000 1085270400000C M M A D D A A A A
22 336 7 16 10 16 5 12 33 6 6
1085195441187 1085234400000 1085238000000 1085252400000 1085256000000 1085259600000 1085263200000 1085270400000 1085277600000 1085281200000C A A D D D D D D D
23 330 30 7 18 9 7 7
1085225641515 1085230301515 1085263200000 1085266800000 1085274000000 1085277600000 1085281200000C M A A A D D
24 119 19 7 7 23 37 27 9 7 7
1085166061875 1085166161093 1085202000000 1085212800000 1085223600000 1085227200000 1085234400000 1085241600000 1085245200000 1085248800000C M A A D A A A A D
25 339 39 5 40 35 35
1085229181515 1085231981875 1085266800000 1085270400000 1085277600000 1085281200000C M A A D D
26 119 29 29 29
1085207061296 1085245200000 1085277600000 1085281200000C A D D
27 131 41 40 16 6 14 4 3 16 5
1085169681093 1085205600000 1085209200000 1085227200000 1085230800000 1085234400000 1085238000000 1085252400000 1085256000000 1085259600000C A A D A A A D D D
28 12 2 3 2 2
1085177481140 1085216400000 1085252400000 1085277600000 1085281200000C A D D D
Social Network Analysis
•Clustering (spectral, graph, conceptual, hierarchical)
•Temporal Modeling (markov models, reinforcement learning, dynamic bayes nets, probabilistic automata, recurrent neural nets)
•Probabilistic Metadata
•Integration of learning and social network analysis
Now we need to leverage best of breed data mining tools to learn
and reason about the battlespaceenvironment
Correlation Analysis
Fourier Series Analysis
Knowledge Sharing Analysis
Discrete Sequence Analysis
Type Density Analysis
Today: We have a few
tools to acquire a
basic understanding
of combat data
Potential Approaches:
10th International Command and Control Research and Technology Symposium
Correlation Analyses• Approach: cross correlate activity across workspaces• Objectives:
– Discover inter-workspace work flow• learn and cue team formation• anticipatory retrieval via inferred use patterns
– Infer intra-workspace procedure• learn and anticipate event effects• shorten timelines through global team optimization
• Discovery: global organization drives activity, but local SOP drives the details…
matching activity patterns across workspace pairs
10th International Command and Control Research and Technology Symposium
Fourier Series Analyses• Approach: Feature extraction and filtering of workspace activity in
frequency domain• Objectives:
– Real time filtering for aperiodic event identification and isolation • team formation recognition and intuitive knowledge adaptation
– Continuous inference of informal periodic activities • anticipatory retrieval automation
– Manage bandwidth • proactive search and anticipatory retrieval efficiency
• Discovery: foundation patterns exist, but outliers represent tactically significant activity…
determining periodicity within a single workspace
10th International Command and Control Research and Technology Symposium
Knowledge Sharing Analyses
• Approach: pattern recognition and anomaly detection in workspace knowledge overlap
• Objectives:– Generalize inter-workspace content patterns
• learn consistent collaboration• optimize storage and bandwidth via anticipatory retrieval
– Infer and recognize new sharing patterns• learn / reason on anomalous collaboration events• anticipate team formation
• Discovery: dynamic team formation is the key to emergent problem solving…
?!,
, , …
, …
overlap of UUIDs between workspaces over time
10th International Command and Control Research and Technology Symposium
• Approach: track sequence of knowledge through workspaces over time
• Objectives:– Learn and generalize knowledge propagation
• infer team formation from “next step”indicators• optimize anticipatory retrieval from generalizations
– Build predictors for knowledge flow • learn collaborative workflow and informal organization• provide cognitive pre-fetch i.e. smart anticipatory retrieval
• Discovery: organization implies workflow but circumstances drivead-hoc organization…
Discrete Sequence Analyses
21 134 34 34 18 6 23 10 35 5 7
1085204401265 1085205721265 1085217941437 1085241600000 1085252400000 1085256000000 1085259600000 1085263200000 1085266800000 1085270400000C M M A D D A A A A
22 336 7 16 10 16 5 12 33 6 6
1085195441187 1085234400000 1085238000000 1085252400000 1085256000000 1085259600000 1085263200000 1085270400000 1085277600000 1085281200000C A A D D D D D D D
23 330 30 7 18 9 7 7
1085225641515 1085230301515 1085263200000 1085266800000 1085274000000 1085277600000 1085281200000C M A A A D D
24 119 19 7 7 23 37 27 9 7 7
1085166061875 1085166161093 1085202000000 1085212800000 1085223600000 1085227200000 1085234400000 1085241600000 1085245200000 1085248800000C M A A D A A A A D
25 339 39 5 40 35 35
1085229181515 1085231981875 1085266800000 1085270400000 1085277600000 1085281200000C M A A D D
26 119 29 29 29
1085207061296 1085245200000 1085277600000 1085281200000C A D D
27 131 41 40 16 6 14 4 3 16 5
1085169681093 1085205600000 1085209200000 1085227200000 1085230800000 1085234400000 1085238000000 1085252400000 1085256000000 1085259600000C A A D A A A D D D
28 12 2 3 2 2
1085177481140 1085216400000 1085252400000 1085277600000 1085281200000C A D D D
Markov models of uformtraffic through workspaces
10th International Command and Control Research and Technology Symposium
• Approach: recognize temporal knowledge type density patterns• Objectives:
– Infer type/time clusters • dynamically adapt anticipatory retrieval (space and time)
– Characterize movement of clusters through workspaces • learn knowledge requirements• cue team formation• provide local, context-aware proactive search / retrieval
• Discovery: (temporal) interest falls into distinct classes…
Type Density Analyses
life cycle model of uformtypes over all workspaces
10th International Command and Control Research and Technology Symposium
• Approach: apply graph theory to model social organization of andcoalitions among workspaces
• Objectives:– Identify gate keepers, bottlenecks, gurus, …
• aid team formation through problem / solver matching• tune proactive search to increase situational awareness
– Characterize (time-variant) informal organization• learn coalition formation and dissolution (cue team formation)• focus local anticipatory retrieval on rate limiters• learn future optimal, context-sensitive formal organization doctrine
• Discovery: IO vulnerabilities exist in the form of critical nodes…
Social Network Analyses
societal activity and relations as a model for C2
10th International Command and Control Research and Technology Symposium
Plans for the Future
Facilitate fully integrated TOC workstations and assess the value of current and potential future data bridges.
Determine the statistical relevance (MOPs & MOEs) of potential analytic tool integration using the CPOF data, e.g., can the tool maximally extract value from the data?
Integrate Analysis Tools
Discover cues for efficient, effective team formation and elicit requirements for adaptive networking.
Identify “critical path” and “critical path people” in the operational flow
Identify Critical Resources
Discover approaches for recognizing inferred areas of interest, activities of interest, patterns of interest, etc. and for enabling knowledge-based compression.
Detect and identify C2 environmental (sensed data) boundary conditions
Take Cues from Anomalies
Uncover user profiles, default views, templates, etc. to move focus from tool to decisions and provide database design cues.
Identify common knowledge, forms and use
Capitalize on Data Overlap
Discover tripwires for system adaptation and knowledge push.
Detect and identify C2 decision boundary conditions
Leverage Activity Surges
Data Analysis ObjectiveDerived Analytical HypothesisWarfighter Requirement
10th International Command and Control Research and Technology Symposium
Plans for the Future (cont.)
Discover informal organizational cues, emerging doctrine and (system, information, network, etc.) architectural cues.
Detect and identify causal and behavioral dependencies
Model the Architectures
Identify methods for improving team formation and prioritizing additional data bridges.
Determine the increase in team formation efficacy using additional, external databases
Exploit Outside Knowledge Sources
Validate semantics to expedite situation awareness and enable efficient representation and distribution.
Determine the efficiency of the emerging user-defined ontology; identify optimization/reduction of the semantics
Tune Knowledge Management
Discover opportunities for workload reduction, decision timeline reduction, dialogue pattern recognition, and query language improvement.
Detect and identify knowledge search “miscues” and “near hits” by the user
Improve Knowledge Interfaces
Data Analysis ObjectiveDerived Analytical HypothesisWarfighter Requirement
10th International Command and Control Research and Technology Symposium
The Challenge
• Future command technologies must be able to learn and adapt to the user, his collaborative partners and the operational environment.
• The primary goal must always be to enable the human to adapt more quickly than his enemy and practice his art in a way that leaves him never surprised, not replace him or make him a mere weapons system.
• The challenge is to develop technologies that will transform the way we think about command and control and produce technologies that amplify intuitive knowledge.
• This challenge can be met only by a multi-disciplinary team of technologists, cognitive psychologists and military operators that is directed by the principle of Recognition Primed Decision Making, and enabled by the Capture of Live Combat.
top related