Collaborative Solution Earns Top-Five Spot in DIUX Challenge
November 15, 2018—A team of researchers from the Carnegie Mellon University and the University of Pittsburgh scored a top-five finish in the 2018 Defense Innovation Unit Experimental (DIUx) xView Detection Challenge. The challenge, conducted by the Pentagon in partnership with the National Geospatial-Intelligence Agency, sought innovative uses of computer vision techniques in a disaster response scenario to more quickly and accurately read satellite data imagery. The Pittsburgh team applied a “chipping” technique to earn one of the competition’s top scores.
The team included Ritwik Gupta, a machine learning researcher at the Emerging Technologies Center at the Carnegie Mellon University Software Engineering Institute; 2d Lt Alex Fulton, a graduate student at the U.S. Air Force Institute of Technology and Carnegie Mellon’s Information Networking Institute; and Kaylene Stocking, an undergraduate student at the University of Pittsburgh.
According to DIUx organizers, “xView is one of the largest publicly available datasets of satellite imagery.” It contains complex scenes from around the world and focuses on humanitarian assistance and disaster relief tasks. This year, the xView Detection Challenge looked to advance progress in the field of computer vision by identifying solutions that would
• reduce minimum resolution for detection
• improve learning efficiency
• enable discovery of more object classes
• improve detection of fine-grained classes
“Making sense of satellite imagery can be an enormous challenge, especially when the area involved is large, time is of the essence, and the objects populating that area are many and diverse,” said Gupta. “Manual analysis methods are slow and eat up far too many analyst hours.”
Gupta explained that the large image size, minute differences in class labels, and the density of objects contained in the xView dataset images make it difficult to accurately localize and classify objects using existing neural network techniques—the limitations associated with memory and processing-time are too great. However, Gupta and his collaborators were able to overcome some of these limitations by employing a chipping technique that split the images into 300-pixel chips that overlapped by 50 percent.
“Each chip was responsible for detecting a unique area in the image,” said Gupta, “but could use part of other nearby chips to provide better context and improved detection accuracy.”
The team found that this continuous-context scheme not only improved detection performance, but promises to be more feasible for real-world detection in very large satellite images. The effectiveness of the team’s detection technique was validated by the xView Challenge scoring system which automatically scored submissions based on accuracy of classification.
To learn more about the xView Detection Challenge, visit http://xviewdataset.org/.
SEI Launches New CERT Vulnerabilities Website
November 15, 2018—The Software Engineering Institute recently released a revamped CERT Coordination Center (CERT/CC) Vulnerabilities Database website at https://www.kb.cert.org/vuls. The Vulnerability Notes Database provides information about software vulnerabilities, including summaries, technical details, remediation information, and lists of affected vendors.
Changes to the website include improved visual design, page navigation, and organization of elements on the page. The aim of the changes is to provide a better user experience for visitors to the site. Functionality of the site remains much the same. Researchers can still report a vulnerability to CERT/CC, and anyone can access the details of Vulnerability Notes.
The CERT/CC is part of the larger CERT Division of the SEI, the world’s leading trusted authority dedicated to improving the security and resilience of computer systems and networks and a national asset in the field of cybersecurity.
Check out the new site at https://www.kb.cert.org/vuls/; to report a vulnerability, see https://www.kb.cert.org/vuls/report/.
New SiLK Handbook Addresses Analyst Tradecraft
November 13, 2018—The SEI CERT Division’s Situational Awareness Group has released an updated edition of Network Traffic Analysis with SiLK. The new edition of this handbook complements an update (3.17.0) to the System for Internet-Level Knowledge (SiLK) traffic analysis suite released earlier this year.
“The new SiLK handbook has been revised to make it more analyst-focused and teach not only the toolset but also the tradecraft around using SiLK,” said project lead and co-author Geoffrey Sanders. “This edition is written from the perspective of the network traffic analyst, and it’s organized according to workflows that analysts can use when investigating network activity and anomalies.”
In reworking the handbook from the analyst’s perspective, the CERT authors considered feedback from the SiLK user community, including representatives from U.S. government departments, agencies, and the commercial sector. This input informed the authors’ handling of topics such as single- and multi-path analysis, advanced exploratory analysis, and large data sets.
The handbook also has something to offer analysts interested in examining network flow records with tools other than SiLK. “The overall description of the analysis methods we detail in the handbook include approaches that parallel what analysts find using the tool suite of their choice,” said Sanders.
For a detailed description of the new edition of Network Traffic Analysis with SiLK, see Geoffrey Sanders’ SEI Blog post An Analyst-Focused Approach to Network Traffic Analysis.
To download the latest Open Source version of SiLK, visit http://tools.netsa.cert.org/silk/download.html.
To download binary packages of SiLK tools see https://forensics.cert.org/repository/.
Shull Elected IEEE Computer Society First Vice President
November 5, 2018—Forrest Shull, associate director for empirical research at Carnegie Mellon University Software Engineering Institute (SEI), was recently elected first vice president of the IEEE Computer Society. Shull will work directly with the IEEE Computer Society president and other leaders who manage the society’s technical offerings, which include conferences, publications, technical communities, education, and standards. He will also provide advice and leadership at a strategic level.
“We look forward to working with Dr. Shull as he assumes this important Computer Society leadership role,” said IEEE Computer Society President Hironori Kasahara. “As an officer and member of the Board of Governors, the First Vice President’s role is integral to setting the direction and determining the strategy for the Computer Society, and provides guidance at the policy level to all Society organizational entities.”
“Throughout my time volunteering with the Computer Society, I’ve been able to see firsthand the many activities we support, literally around the world, that grow and support the technical community,” said Shull, who served the IEE Computer Society for several years in several different roles. “It is always energizing to me to meet our volunteers in so many different areas, and experience the results of the hard work and the innovation that they bring. It is an honor to be in a role to support these activities and contribute to such a dynamic, fast-moving field.”
In his new role, Shull plans to continue to work on ways to improve the society’s connections to its members and adapt its offerings to meet the evolving expectations of the society’s membership. “My work here at the SEI helps keep me connected to customers and stakeholders who are working on innovative systems. They’re hungry for the practical knowledge that can help them get where they need to go, which is a good reminder of the overall mission of the society itself.”
Shull presently serves as assistant director for Empirical Research at SEI, where he heads up work with U.S. government agencies, national labs, industry, and academic institutions to advance the use of empirically grounded information in software engineering and cybersecurity. He is currently providing technical leadership to the U.S. Department of Defense on multiple, congressionally mandated studies and pilot programs aimed at improving software acquisition in the department. Prior to the SEI, he was at the Fraunhofer Center for Experimental Software Engineering, where he founded and served as Director of the Measurement and Knowledge Management Division. Shull has been a lead researcher on projects for the Department of Defense, NASA’s Office of Safety and Mission Assurance, the Defense Advanced Research Projects Agency (DARPA), the National Science Foundation, and commercial companies. Shull received his PhD in 1998 from the University of Maryland College Park. He is the author of 100 peer-reviewed publications and co-editor of a handbook on empirical software engineering.
Software Engineering Institute Names Leading Cybersecurity Researcher as CTO
Pittsburgh, Pa., November 1, 2018—The Software Engineering Institute at Carnegie Mellon University today announced the appointment of nationally known cybersecurity researcher Dr. Tom Longstaff as chief technology officer (CTO).
“Tom Longstaff brings significant experience in managing research programs in support of the U.S. government, and we are pleased to entrust him with the leadership of the SEI's research and development initiatives” said CMU President Farnam Jahanian. “His expertise as a leading researcher and educator will be invaluable in engaging with researchers across the university as they work to enhance the security and overall trustworthiness of our nation’s defense and civilian information infrastructures.”
As CTO, Longstaff will formulate a technical strategy and lead the funded research program of the institute based on current and predicted future trends in technology, government, and industry.
“The role of the chief technology officer is critical in ensuring that we have the proper technology strategy in place to help the Department of Defense and our other sponsors ensure critical systems both now and into the future,” said Dr. Paul Nielsen, SEI director and CEO. “Because of Tom’s previous service in the SEI’s CERT Division, he is uniquely suited to direct our current research and plan future direction.”
Longstaff was most recently a program manager and principal cybersecurity strategist for the Asymmetric Operations Sector of the Johns Hopkins University Applied Physics Laboratory (APL), where he led projects on behalf of the U.S. government, including nuclear command and control, automated incident response, technology transition of cyber R&D, information assurance, intelligence, and global information networks.
He also is former chair of the Computer Science, Cybersecurity, and Information Systems Engineering Programs and co-chair of Data Science in the Whiting School at Johns Hopkins. His academic publications span topics such as malware analysis, information survivability, insider threat, intruder modeling, and intrusion detection. He maintains an active role in the information assurance community and regularly advises organizations on the future of network threat and information assurance. He is an editor for Computers and Security, and has previously served as associate editor for IEEE Security and Privacy; general chair for the New Security Paradigms Workshop and Homeland Security Technology Conference; and numerous other program and advisory committees.
Prior to joining the staff at APL, Longstaff was the deputy director for technology for the CERT Division at the Software Engineering Institute. In his 15-year tenure at the SEI CERT Division, he helped create many of the projects and centers that made the program an internationally recognized network security organization. His work included assisting the Department of Homeland Security and other agencies to use response and vulnerability data to define and direct a research and operations program in analysis and prediction of network security and cyber terrorism events.
“Because of my long association with the SEI, I am well aware of the technical talent and capability of the staff and the critical nature of the institute’s mission in providing for the defense of the nation,” said Longstaff. “I will be pleased to lead the SEI’s R&D strategy into the future to make software more capable, timely, trustworthy, and affordable.”
Longstaff received his bachelor’s degree in physics and mathematics from Boston University and his master’s degree in applied science and his Ph.D. in computer science from the University of California, Davis.