IEEE Conference on Technologies for Homeland Security (HST ’12)

blog pic 1

Recently I attended the twelfth annual IEEE Conference on Technologies for Homeland Security (HST ’12), held right here in our neck of the woods, Waltham, Massachusetts. The conference aims to bring together innovators from leading universities, research laboratories, Homeland Security Centers of Excellence, small businesses, system integrators and the end user community to provide a forum to discuss ideas, concepts and experimental results. I gave a poster presentation on our Semantic Technologies for Civil Information Management in Complex Emergencies within the Attack and Disaster Preparation, Recovery, and Response area, as well as gave a paper presentation on our development of A Social Agent Dynamic Honeynet for Attack Modeling within the Cyber Security track. Both presentations generated lively debates and discussions on the challenges of applying technology solutions these problemspaces. 

With regards to our social agent honeynet research, here we were presenting initial findings from an effort to develop an agent based dynamic honeynet that simulates user interactions with social networks for the purposes of developing attack models. You can check out our demo here. Our solution allows security professionals to create networks simulating user activity for companies and government entities through the provision of a set of parameters. Our research pointed to the importance of instantiating a social dimension to our virtual agents, providing the agent with the ability to interact with a variety of social networks. For this purpose, we developed influence models to learn patterns from actual users’ activity on social networks to improve the effectiveness of the social agents.

One of the questions from the audience was why use agents to collect attack data when regular users in the course of interacting with social networks get attacked enough as it is? Our response was that a deception network enables us to feed false information to the adversary as needed, track adversarial movements to learn attack patterns and attributes, and use the information collected during the attempted infiltration for the purposes of building more robust defenses and developing more targeted offensive operations. Additionally, deception networks force our adversaries to expend resources attacking our fake network. Another line of questioning asked if we were wasting people’s time who decided to follow our fake agents since about 50% of the followers of our agents were real and 50% were found to be malicious. This generated a lively debate, whereby someone else in the audience responded with the idea that identifying these people might be useful for preventative defense. Maybe these are people who are more vulnerable and would be more likely to click on spam and that perhaps Twitter or others might want to know this. A further question had to do with how do we know that the users following our agents are malicious? This is fairly straightforward because the users attempted to pass us links that are associated with known bad actors. As a future effort we plan to automatically parse the tweets and see if the embedded links are already in a black list which would trigger alerts. We maintain what we believe to be the world’s largest intelligence database on botnets to cross-reference our malicious entities as well. You can check out that project here.  

There were several ideas that came out of the collaboration at this conference related to our agents. One idea was to use our agents to collect and harvest social media artifacts for the purpose of understanding Arab Spring-like events. Additionally, our agents could potentially interact with users to explore the shaping of opinion, collaborating with users beyond just posting information to Twitter and following other users. We will definitely be exploring these avenues in the near future, so keep your eyes peeled for developments in this space.

One of the most interesting presentations I attended was from Laurin Buchanan of Secure Decisions who was involved in the CAMUS project, Mapping Cyber Assets to Missions and Users. This project was very relevant to our Commander’s Learning Agent (CLEARN) and Cyber Incident Mission Incident Assessment (CIMIA) work, which is an existing capability developed as part of an AFRL SBIR Phase II Enhancement that automatically learns the commander’s mission while bringing contextual knowledge and assigning priorities to resources supporting the commander’s mission in Air Operations planning and execution support. CLEARN/CIMIA monitors the workflow of operations personnel using Joint Operation Planning and Execution System (JOPES), the Air Mobility Command (AMC) Global Decision Support System (GDSS), Consolidated Air Mobility Planning System (CAMPS), and Global Air Transportation Execution System (GATES) to learn the resources necessary for each mission, and recommend workarounds when one or more the resources become unavailable.

Our semantic wiki work also generated interest during the poster session. One presentation that was interesting and tangentially related was SPAN (Smart Phone Ad Hoc Networks) by MITRE, which utilizes mobile ad hoc network technology to provide a resilient backup framework for communication when all other infrastructure is unavailable. I thought it was pretty neat that this was also an open source project. This research was interesting given our work in using mobile devices for data collection in austere environments during operations and exercises in the PACOM AOR in our MARCIMS (Marine Corps Civil Information Management System) project. Pretty cool to see all of the developments in this area.

MARCIM Semantic Wiki News - May 1, 2012

The following is the second installment of our MARCIM Semantic Wiki Newsletter, sent May 1, 2012 to those involved in the MARCIM technology demonstration. If you are interested in being added to the mailing list for these newsletters, please email  

Semantic Wiki News - May 1, 2012


Our participation in Balikatan 2012 exercises within Palawan, Philippines reinforced many lessons learned during Cobra Gold 2012, as well as elucidated fresh insights that have inspired our team's evolution of the Semantic Wiki.  We look forward to keeping the team updated on the exciting progress being made through this MARCIM Semantic Wiki Newsletter. We kept the distribution of the newsletter to individuals directly involved in the project; please let us know if there are others we should include in the mailing list!

The following features have been implemented in the Semantic Wiki since our participation in Balikatan 2012:

Event Calendar

In response to user feedback, we have taken our semantic Event Calendar (detailed in our last newsletter installment) a step further by allowing users to populate this calendar themselves via their mobile devices. Using the "Event" form within the mobile app, users may now enter the time, date, and details about a particular event. This data is automatically ingested into the Wiki, and placed upon a monthly calendar.

As you can see above, Balikatan users added information to these calendars about events such as barangay meetings, CMO operations meetings, VETCAP and MDVCAP outreach, and site dedication ceremonies. For users that choose to populate the calendar with events that are relevant only to their teams, we have created "Team Calendars" (such as the BK12 North Calendarwhich lists all activities being conducted by CA Team North). For operations personnel that desire an aggregate view of events, we've created calendars that contain all events (such as the BK12 Joint Medical Task Force Calendar which lists all MEDCAP and VETCAP related activities, irrespective of which teams are involved in the activity). The dynamic nature of this calendar serves to increase the quality of collaboration among the operational planning team and units in the field.

Back to top

Tabbed Site Pages

In the Philippines we observed that users found it difficult to search for site-specific information. This led us to recognize a distinct need to address ontological distinctions in the Wiki; that is, the need to draw sharper distinctions between Site pages, the schools that sites are associated with, ENCAP and MEDCAP activity that occurs at these sites, etc. As you can see from the screenshot for Buena Vista Elementary School, below, we have implemented tabbed site pages which address this issue. By having tabs for relevant data about the site (i.e. ENCAP Progress, ENCAP Description, School Information, and Village/Subdistrict Information), all the information that relates to a single site exists within the same page, so that accessing site-specific information is made increasingly intuitive for users.

Back to top Geolocated Photographs

Since Cobra Gold 2012, we've introduced an enhanced tagging scheme for all photographs ingested from the mobile device. Included in this enhanced tagging scheme are coordinates, which allow us to geolocate photographs on a map, as can be seen on the Balikatan 2012 photographs page. This allows users to zoom into an area of interest within the map and view images that have been submitted.

Back to top

Internal Timer

During Balikatan exercises we identified a way to place content (such as charts, tables, pictures, or text) on an internal timer within the Wiki so that the content doesn't appear until a defined date. This keeps pages from being cluttered with information that either is not relevant, or doesn't exist, until a particular point in time. For example, the tables on the MDVCAP site pages aggregate and analyze the demographic data collected from MDVCAP patient registration (i.e. see the Cabayugan National High School Patient Registration Data). These tables, which don't have any information until the registration process begins, are now placed on timers so that they appear when registration commences.

We are excited about this solution as it increases the practicality and sustainability of the Wiki, and allows us to feed users semantic reports and other content when we know they'll need them. These timers can be customized down to the very second that the user needs the designated content to appear.

Back to top

Multidimensional Dynamic Graphs

Before discussing the innovation in our enhanced dynamic graphs, we'll first delve into some Semantic Query 101. The semantic reports (i.e. tables, charts, calendars, etc.) that you see within the Wiki go beyond simple analysis that can be completed in Excel; they're unique because every time you visit, the reports are created anew for you. They refresh every time you visit the page in which they are embedded. The reports can be automated in this way because every page within the Wiki (i.e. every assessment, every school site, every village) is tagged using a "subject, property, object" semantic annotation format. For example, Bangkok (Subject) has a Population (Property) of 8,300,000 (Value). Because of the way the data is structured, we are able to explore relationships between and among Wiki pages. This allows us to ask the database questions and receive answers (such as, what is the population of Bangkok?).

In constructing more complex reports, we need to conduct searches for properties that are semantic queries in and of themselves. In such reports, the information we need is not tagged within the pages, but by nesting a semantic query as a property value, we can infer knowledge from the other semantic relationships that exist. We used this logic to create the ENCAP progress graph (below) which you can view on the BK12 Engineering Civic Action (ENCAP) Activity page. Behind this graph is a semantic query that is asking the Wiki to deliver the most recent Percent Completion rate entered within the SITREPs for all ENCAP sites. This is a query within a query, as we are delving into the multidimensional semantic relationships that exist, rather than the tags within the page, to deliver this information.

This is a galvanizing development as it demonstrates that our visualizations and reports can be enhanced to drill down into multiple dimensions of the data, querying for relationships nested among other relationships, to derive insight and produce refined visualizations that provide value in operations.

Back to top

Usage Statistics

To track usage of the Wiki over time, we have created a MARCIM Semantic Wiki Statistics page. This page dynamically tracks aggregate statistics (i.e. number of views, edits, and assessments), and well as statistics by operation (i.e. how many new user accounts were created for Cobra Gold v. Balikatan? How many photographs were ingested? How many assessments were ingested; and how many of these were medical assessments in either exercise?). The page also contains a dynamic bar chart that tracks user account creation over time, and dynamic pie graphs which detail the number of assessments completed by operation.

Below are some interesting statistics as of May 1, 2012:

Back to top

We hope you found the second installment of our Semantic Wiki Newsletter useful, interesting, and relevant. We value your feedback on how we can improve our updates.

Sincerely, The Milcord team

MARCIM Semantic Wiki Newsletter - March 9, 2012

The following is our first MARCIM Semantic Wiki Newsletter, sent March 9, 2012 to those involved in the MARCIM technology demonstration. If you are interested in being added to the mailing list for these newsletters, please email  

Semantic Wiki News - March 9, 2012


Annotated content for 946 Thai and Philippine NGOs, dynamic calendars for Balikatan, and automated BMI calculations: these are a few of the changes that have been made to MARCIM Semantic Wiki this week! The Milcord team has been working to address user requirements observed during Cobra Gold 2012 and implement innovative solutions, so that the second deployment of our MARCIM Semantic Wiki within the Philippines will met with increased success. In order to keep the MARCIM team apprised of solutions as they're employed, we hope to begin communicating new updates through this bimonthly newsletter. We kept the distribution of the newsletter to individuals directly involved in the project; please let us know if there are others we should include in the mailing list!

The following updates have been implemented within the Wiki in the past week:

Balikatan Calendar

In an attempt to address reporting requirements identified by users in Thailand, we have created a dynamic calendar labeled with important events for Balikatan 2012. The monthly calendar view is one of many export formats enabled by the Semantic Search capability. The calendar can be accessed here.

As you can see, the calendar posts we've created include dates for deployment and redeployment, opening and closing ceremonies, as well as Medical/Veterinary Outreach, among other events. To add an event to the calendar, a user may click "Add page using form" in the left sidebar, type the name of the event he/she desires to post within the text box that appears, and within the dropdown menu choose the category "Event." The event the user creates will automatically populate to the calendar.

It is our hope that this calendar will support staff reporting functions in Balikatan, and serve to increase the frequency and quality of collaboration among the operational planning team.

What Links Here Template

As part of an ongoing effort to enable automatic associations between annotated non-page entities in the Wiki, we have created a template that allows users to generate a bulleted list of pages that link to any given tag. Let's take an example that was presented to us by a user in Thailand. Many teams working at the MDVCAP sites consistently mentioned "diabetes" as an issue within their SITREPs. Any tags to diabetes created red hyperlinks; however, even if the user created a page for "Diabetes" the page itself would not generate an easily viewable list of pages with mentions to Diabetes. We've addressed this issue by allowing users to embed a template within the free text area of the page in question. By typing {{What Links Here}} within the text of a Wiki page, a list of pages with tags to diabetes will be generated. For further exploration, navigate to the Diabetes page.

After a single user inputs {{What Links Here}} within the free text area of the page, every user thereafter will be able to view a list of pages that link to the tag in question.

BMI Calculations

We have codified a process for dynamically calculating Body Mass Index statistics for every patient that passes through Medical Registration at a MEDCAP Site, in response to feedback from the Environmental Health Officer for Iii Mef. Aggregate BMI statistics now automatically feed into our dynamic tables located within MEDCAP Site pages. To view the new dynamic tables, follow the Cobra Gold Site 1 link.

New Sociocultural Content

In preparation for Balikatan we completed data ingest of all major geographic divisions for the Philippines (to include regions, cities, and municipalities). We have also imported 422 Philippine NGOs, and 524 Thai NGOs to satisfy user requirements. Sociocultural content may be accessed from both the Philippines and Thailand country pages.

In addition, all site information for Balikatan currently resides on the Semantic Wiki. You may view this content within the Balikatan 2012 operation page. Below is a screenshot of the Site page for the Tagbarungis Elementary School, an ENCAP Site in Palawan.


Main Page Restructuring

We have integrated feedback from users and MARCIM team members to restructure our Wiki Main Page. We now have content divided by Operation/Exercise, and by Area of Operation - the latter of which is particularly designated for ongoing operations not associated with a specific exercise. Let us know what you think of our new Main Page.

We hope you found our first Semantic Wiki Newsletter contained useful, relevant information. We value your feedback on how we can improve our updates.

Sincerely, The Milcord team