The research on autonomous recognition mechanism for survivability has vigorously been growing up. A method of autonomous cognitive model and quantitative analysis for survivable system was proposed based on cognitive computing technology. Firstly, a cognitive model for survivable system with cross-layer perception ability was established, a self-feedback evolution mode of cognitive unit based on monitor-decide-execute loop structure was improved, and a self-configuration of cognitive unit is realized. Then, combined with the cognitive state transition graph, the analysis of cognitive performance for survivable systems based on dynamic cognitive behavioral changes was constructed. Finally, the cognitive processes of survivable system were described by using formal modeling. Simulation validated the influence degree of test parameters on system survivability from two perspectives of the probability of intrusion detection systems vulnerability and attacks detected. Results show that enhancing the rate of monitoring actions change and the rate of performing actions change obviously improved the cognitive performance of survivable system.

1. Introduction

Survivability is a hot topic in the research on the next-generation Internet security. According to Westmark [1] and Ellison [2] definition, survivability can be illustrated from three properties: resistance, recognition, and recovery. Among them, recognition reflects the system’s autonomous cognition of its own survival situations and securities of the scene and environment. Current research focuses more on the definition of survivability [1, 2], quantitative and qualitative evaluation [35], formal description [68], trusted protection [9], recovery [10], and other topics in resistance and recovery. But the research on recognition has just begun and is growing.

At present, consensuses on the research of survivability mechanism have been achieved at home and abroad as follows. Recognition refers to the ability that the system possesses to “know” and “feel” the current system’s survival situation [11]. Survivability-oriented recognition gives priority to the perception and cognition of the security status of the whole system environment, which can be regarded as the identification of basic key services’ decline in survivability and of the attack and intrusion event sets [12]. Recognition means the system’s response and adaptability when systems face malicious intrusion [13], which can reflect systems’ ability to assess its own security status and surrounding working environment, which can be analyzed from its recognition rate of security incidents and the recognition time of nonsecurity incidents. Recognition can be achieved by constraining reference thresholds of cognition parameters, while autonomy can be achieved by the central control process of the autonomous recognition unit [14]. Recognition can be obtained by establishing a hierarchical perception model and making the policy library drive the self-management mode of the monitor-decide-execute (MDE) loop structure [15]. Cognitive Computing is a summary of the characteristics of the next-generation intelligent Internet’s core concepts [16]. Cognitive computing in the era of big data is approaching cognitive science, with the abilities of self-learning, self-adaptation, and self-perception to realize the human-brain-like recognition and judgment. In this paper, based on previous survivability researches, an autonomous cognitive model of survivable system is raised, and the model is formalized by using semi-Markov stochastic process algebra [17, 18], which provides theoretical guidance for the study of survivable system’s cognitive ability.

2. Autonomous Cognitive Model

The system’s cognitive needs are mapped to the dynamic selection of multiobjective cognitive results at multiple cognitive levels. Meanwhile, the cross-layer perception is used to obtain the autonomous reasoning, dynamic decision-making, and resource reallocation of survivable systems, and to realize the self-adaptation to dynamic changes of the cognitive needs and environment security. In addition, cognitive model should reach a balance between formal description and cognitive abstraction, so it can not only accurately describe and reflect the system’s recognition, but also facilitate reasoning, thus providing theoretical support for the study of cognitive ability of survivable system.

2.1. Cross-Layer Recognition

According to different emphasis on cognitive process, cognitive needs, and cognitive elements, the survivable system can be divided into three cognitive layers, namely, access cognitive layer, network cognitive layer, and service cognitive layer, as shown in Figure 1.

Access cognition layer reflects the recognition of the communication capability of available transmission channels, which supports protocol conversion and adaptation of various available channels, and achieves high reliable information transmission through the recognition of channels’ communication capability.

The network cognitive layer shows the unified cognition of cognitive specifications in the cognitive process and goals of cognitive needs. It can realize dynamic reconfiguration and planning constraints of cognitive network resources.

The service cognitive layer reflects the recognition of the matching ability of providing Internet resources required for applications and users. It can serve high QoS service in complex environment, where massive, incomplete, or even malicious service scenarios exist.

2.2. Self-Feedback Mode of Cognitive Units

The cognitive unit structure is similar to Agent in the traditional sense, the basic unit of the realization of cognitive model [1921], which is also the symbol of the autonomous cognitive ability of survivable system. With the self-feedback ability added on the basis of the existing cognitive unit structure, an improved cognitive loop structure is achieved as shown in Figure 2. This structure is a self-feedback evolving structure driven by the self-configuring strategy library of cognitive elements (M-D-E: Monitor-Decide-Execute), which can adjust behaviors, topology, and service parameters with the changes of working environment and task objectives inside and outside the survivable system. Apart from the function of perceiving contexts of normal network events, the structure can also deal with internal and external security threats to enable survivable systems to independently adapt to environment and demand changes.

The self-feedback mechanism of cognitive unit is shown in Figure 3, which includes local, domain-level, and global feedbacks. Each layer is composed of several cognitive units to achieve global, domain, and local cognition of the system’s cognitive behaviors. Results of local feedback can obtain the local optimal solution to the goal of cognitive needs; global feedback can coordinate the feedback results at domain and local levels and obtain the global optimal or suboptimal solution.

Cognitive units can obtain self-configuration of cognitive elements with a self-feedback mechanism. There are two cases:

2.2.1. Preset Self-Configuration

When matchable strategies are found in existing strategy libraries, the configuration strategy in the preset cognitive rule set will analyze and reason the system, as shown in Figure 4.

2.2.2. Acquired Self-Configuration

When matchable strategies cannot be found in strategy library, effective rules achieved after acquisition will be stored as acquired rules in the configuration strategy library, as shown in Figure 5.

3. Cognitive Process of Formal Modeling

In order to formally describe the transition between different states of the system under attacks, faults, or accidental failures, and to better understand the dynamic evolution process of the survivable system’s survival situations, a cognitive survival state transition diagram [14] is introduced, as shown in Figure 6.

The tool Version v25 of the PEPA Eclipse Plugin [22] of the Computer Science Foundation Laboratory of the University of Edinburgh is used to simplify the calculation process. The formal description of the cognitive survival state for the survivable system in Figure 6 is as follows:(i)Intruder: = (searching, h). Attack;(ii)Attack: = (starck_attack, p). (attack, k). Attack +  (starck_attack, g). Intruder;(iii)General: = (attack, z1). Compromised + (failing, z2). Compromised + (error, z3). Compromised;(iv)Compromised: = (probe, w1). Detection + (mask, w2). General;(v)Detection: = (start_probe, L1). (emergency1, p1). SelfDestruction;  + (start_probe, L2). (healing, L3). SelfHealing;(vi)SelfHealing: = (start_healing, L3). (sealheaking, s1). General + (start_healing, L4). (emergency2, p2). SealDectruction + (strat_healing, L5). (selfhealing, s2). SelfHealing;(vii)SelfDestruction: = (start_destroy, L6). (destroy, delta: L (s)). (backup, s3). General

The parameters and their meanings are shown in Table 1.

The cognitive model of survivable systems can be formalized as a quintuple form (Mde, Objects, Domain), where Mde = Mde1, Mde2, ... Mdem} represents the resource constraint sets of m cognitive units, C = C (Mdei) represents the cognitive sublayer at layer j, including i cognitive unit resources; Objects = {Object1, Object2, ..., Objects} is a set of cognitive needs’ objectives. The single objective Objectk is associated with the ith cognitive sublayer Cj = C (layeri) and satisfies the mapping function : Objectk⟶Cj. If there are multiple cognitive needs objectives in a cognitive sublayer, it can be expressed by a union set: Objects1Objects2Objectsq; Domain represents the set of cognitive domains, and each subnet i is regarded as Domain Domaini;  = {1, 2, L, n} i is the set of action decision result functions.

Survivable systems provide key services to the outside world, and users request services. Therefore, from the perspective of service supply, the survivable system is modeled as two ends: User and Server. The User end can be represented as process. The formal description of user end is(i)Monitor = (monitor, m). Decide;(ii)Decide = (decide, r1). Execute + (uncertain, r2). Learn;(iii)Learn = (learning, r3). Decide;(iv)Execute = (execute, r4). Monitor + (service1, s1). Monitor + (servce2, s2). Monitor +...+ (servcet, st). Monitor

And a model for Server end is made, objective kObjects, and the process of Server end is represented as , where iDomain, jC (layeri), which satisfy :k⟶j. For different Domaini processes, the rate and number of action changes are different. Therefore, the cognitive process can be shown as||{servicek}

And service is the collection of all service interactions. For all the cognitive needs of the system, the formal description of server end isModelcognitive = { | (k) = User || {monitork, executek} Sever }, kobjects, j{C (layer1), C (layer2), ..., C (layerp), i Domain

4. Quantitative Analysis

The PEPA Workbench and Eclipse Plugin cognitive tool is used to quantitatively analyze the model of survivable system, and the quantitative analysis results are obtained from the perspective of steady-state probability.

4.1. Solution of Steady-State Probability

For SM-PEPA, if any component P satisfies the formula: , will be called as the derivation of , and the collection will be the collection of all derivations of P. The state space Xs is the collection of all nodes of the derivative graph of SM-PEPA, and SMP corresponding to SM-PEPA is built: {X, T} = {Xn, Tn, n = 0, 1, 2, …}, where, XnXS, and when m = n = l = 1, we get

Attack’, Failure’, Accident’, General’ are derivations of component Attack, Failure, Accident, General, respectively. Q (t) of SMP satisfiespij = P{Xn+1 = j, Xn = i} represents the state transition rate between i, j; Hij = P{Tn+1Tn ≤ t | j = Xn+1, i = Xn} represents the distribution probability obeyed by action change rates between i and j.

The stable-state probability of Markov can be obtained after the following calculations [23]:

Let XS be any state space and let the corresponding Markov Chain, P = (pij) be a state transition matrix:

After doing reduction of the model, when the delay of action obeys the exponential distribution, the probability of transition from state α to state l is pal = , where is the delay parameter of actions. And when the delay time parameter obeys the general distribution of action d, because its priority is higher than other actions, the probability of transition to the determined state q is 1, and the probability of transition to the rest is 0.

Therefore, the steady-state rate of embedded semi-Markov Chain satisfies = (VG, VC, VD, VSH, VSD) is a stationary probability vector embedded in semi-Markov Chain.

When the duration of behaviors in SM-PEPA model obeys exponential distribution, the solution of the model can be transformed into solving the duration Markov Chain corresponding to PEPA. Assuming that the steady-state probability distribution of duration Markov chains is , soπ = {π1, π2,…} is the steady-state probability vector.

4.1.1. State Transition Matrix

Because a survivable system application scenario for the corresponding goal is different, its internal and external environment are also different; at the same time, it is limited by many constraints, etc., so according to different application scenario for the conditions for survival systems can be divided into five states: normal survival state (general), compromise survival state (compromised), cognitive detection state (detection), the recovery state (selfhealing), and self-destructive state (selfdestruction). From the state set, the state space X = {G, V, D, SH, SD} can be obtained, and then the DTMC chain, just an example, can be obtained, as shown in Figure 7.

The above-mentioned parameters’ probability values are shown in Table 2.

4.1.2. Quantification of Evaluation Indicators

Based on the state transition matrix P, the corresponding relationship between the evaluation index and the state transition probability is established [15]:Recognition: p1, TC⟶GResistance: p1 + (1−p1) p2, TC⟶G, TC⟶DRecovery: 1−p3−p4, TSH⟶GReliability: 1−πSD

Among them, TC ⟶ G means the time interval between threat detection and threat processing; TC ⟶ D means the time interval of resisting invasion or attack; TSH ⟶ G is the time interval of system self-recover; πSD is the steady-state probability of system in self-destructive state; TC ⟶ G, TC ⟶ D, TSH ⟶ G can be obtained from the actual operation of survivable systems through bypass network monitoring tools.

4.1.3. Solution of Approximate Steady-State Probability

According to the steady-state distribution value of the steady-state rate embedded in semi-Markov Chain, the five calculating formulas of steady states are as follows:

Here, we make the average staying time of self-destructive SD obey subexponential distribution, distribution parameters , while the average staying time of other states obeys exponential distribution, which is also consistent with the actual network situation, then the average staying time of five states is shown as formula (7).

The formula to get the steady-state probability based on the semi-Markov process is

The steady-state probability of semi-Markov process can be solved finally. To simplify the analysis process, a global cognitive unit is assumed to consist of two domain cognitive units, Domain_1 and Domain_2. The approximate steady-state probabilities derived from each cognitive unit are shown in Table 3.

4.2. Quantitative Analysis and Simulation

In this paper, PEPA Workbench is used to process data files, and the tool, Version v25 of the PEPA Eclipse Plugin of the Computer Science Foundation Laboratory of Edinburgh University, is adopted to quantitatively analyze the performance of the proposed cognitive model in terms of resistance, recognition, and recovery.

Due to the addition of cognitive computing features in the model, state space XS can be further divided into collection X1 and X2 to represent cognitive and noncognitive survivable state collections. Each local derivation in X2 contains noncognitive survivable state and indefinite state in the following form: X1 = {x|x = DeGradation||...}. Similarly, the steady-state probability collection, , can also be divided into two parts, corresponding to the subcollection CD in X1 and the subcollection CUD in X2, respectively.

The test parameters are listed in Table 4.

In order to better measure the impact of the selected index parameters on the cognitive performance of survivable systems, the resistance parameter h and the cognitive parameter z1 are first examined. And then the values of h and z1 are adjusted to maintain the rest of the parameters unchanged. The experimental results are shown in Figures 8 and 9.

In Figure 8, parameter h means the probability of attackers finding system flaws and, correspondingly, means the system’s resistance to attacks. The smaller the value of h is, the stronger the anti-attack ability of the system becomes. With h decreasing, the survivability index of the system increases gradually. But the resistance of the system is not endless. When the value of h reaches 1e-09, the survivability index of the system approaches 1.0 and gradually becomes stable. No matter how strong the attack defense is, it is possible to be invaded. The curve shows the defense trend that it will return to the origin and start a new round of survivability evolution process. As long as new flaws are added to the system and the flaws recognition rate of attackers are increased in unit time, the survival index curve will always show a trend similar to Figure 8.

Figure 9 shows the curve of system survivability index. z1 represents the probability of attacks being recognized by the system. When the initial recognition rate is close to zero, the survivability index of the system is about 0.08, and the local cognitive units begin to update the acquisition rules independently. With the recognition rate increasing, the system keeps adjusting its state and updates the results of self-feedback behavior transitions to the global cognitive level, and the survivability index gradually increases, which improves the fact that the self-configuration mechanism in the cross-layer cognitive network further strengthens the system’s survivability. When z1 increases to 0.7, the survivability index begins to climb rapidly, which shows that improving the system’s attack recognition rate delivers better effects on enhancing the system’s survivability, rather than strengthening its resistance.

From the DTMC corresponding to the cognitive survival state collections, we can see that there are three possible states of self-recovery actions, L3, L4 and L3 as assumed. And the self-recovery rate V = L3/L3 + L4 + L5 in Figure 10 shows the changes of system survivability indexes when the self-recovery rates are 0.532, 0.758, 0.914, and 0.997, respectively. It also unveils the fact that, with the increase of the interval time of self-recoveries, the survivability index curve declines steadily. When the intervals are the same, the larger the value of self-recovery rate V is, the higher the survivability index of the system becomes. When the value of V is 0.997, the survivability index is close to the highest, 1.0, the system performs the best self-recovery ability. It can be seen that improving the system recovery is one of the most feasible ways to improve the system survivability.

For survivable systems, different indicators affecting cognitive performance are tested. The main parameters and their implications are shown in Table 5. In view of the cognitive model in this paper, the relationship between the above parameters and the cognitive ability of survivable system is analyzed and tested accordingly.

Reliability is one of the important indicators affecting the cognitive ability of survivable systems. Failure of cognitive units has great impacts on the cognitive performance of systems. The relationship between ESD and reliability is shown in Figure 11. Parameters of ESD decline along the transverse axis, and the height of the histogram decreases as well, which proves that the reliability of the system gets weakened as the interval of failure time decreases; that is, the higher the failure frequency is, the weaker the reliability becomes. When ESD is 1/50 × ESD, the reliability is still above 0.9, while when ESD is reduced to 1/100 × ESD, the reliability drops sharply to less than 0.1. That is, because the number of cognitive units that provide normal service decreases with the increase of failure frequency, the reliability of the system is weakened dramatically, thus causing significant impacts on the system’s cognitive ability.

Recovery is an important indicator to measure the system’s cognitive ability. Figure 12 demonstrates the relationship between ESH and recovery. The system’s recovery falls with ESH growing, which shows that the longer the recovery time is, the more poor the recovery performance will be. In particular, when the ESH value is 100 × ESH, the system’s recovery decreases to about 0.2. The survivable system cannot avoid attacks, faults, or other accidents under such complex working environment. If the self-recovery time is too long, the duration of staying in unsafe states will be longer, thus affecting the cognitive survivable system’s cognitive ability.

The relationship between the rate of monitor behaviors’ transitions (m represents different rates) and recognition is shown in Figure 13. From the figure, we can see that every curve climbs upwards, demonstrating that the system’s recognition gets stronger as t increases. At first, the four curves rise significantly and then tend to grow steadily and slowly. That is because the time t starts to advance from 0, meaning that the system begins to work from nonworking states. Then, the system’s recognition increases rapidly from 0. And when t advances to a certain value, the recognition ability will also remain at a stable state. When m is 1.0, the curve of recognition stays at the lowest level, while when m is 5.0, the curve is at the highest level, which shows that the bigger the m value is, or the faster the execution rate of transition behaviors is, the stronger the recognition of the system will be. Because the time delay of executing monitoring behavior decreases, the number of monitoring units in working states increases, which improves the efficiency of perception and detection of the internal and external environment of the system, so the system’s cognitive ability gets stronger.

The transition rate of monitoring behaviors, namely, the relationship between e and recognition, is shown in Figure 14. We can see that every curve climbs upwards along the transverse axis, demonstrating that the system’s recognition gets stronger as t increases. When the value of t is relatively small, the four curves rise rapidly and then tend to grow steadily and slowly; that is because the time t starts to advance from 0, meaning that the system begins to work from nonworking states. Then, the system’s recognition increases rapidly from 0. And when t advances to a certain value, the recognition ability will also remain at a stable state. The four curves are obtained when e is 0.2, 0.4, 1.5, and 2.0, respectively. When e = 0.2, the corresponding curve is at the lowest level, and when e = 2.0, the corresponding curve is at the highest level, which means that the bigger the value of e is, the stronger the system’s recognition ability becomes. Because the time delay of executing monitoring behavior decreases, the number of monitoring units in working states increases, which improves the efficiency of perception and detection of the internal and external environment of the system, so the system’s cognitive ability gets stronger.

5. Conclusion

Cognitive model of survivable system is the abstraction of cognitive ability of survivable system and the key to enhance the system’s cognitive ability.

This paper studies the autonomous cognitive model and analysis method of survivable systems. The self-feedback structure of cognitive unit is improved, and the formal modeling of cognitive process is carried out by describing the transition map of cognitive survival state. In addition, the paper has obtained standardized results with the application of PEPA Workbench model tool. Next, we will further improve the cognitive structure and formal model of survivable systems and conduct research on the enhanced design of survivable system with autonomous cognitive model.

Data Availability

The data set can be obtained free of charge from http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.

Conflicts of Interest

The authors declare that they have no conflicts of interest.


This present research work was supported by the National Natural Science Foundation of China (Nos. 61202458 and 61403109); the Natural Science Foundation of Heilongjiang Province of China (No. F2017021); the Harbin Science and Technology Innovation Research Funds (No. 2016RAQXJ036).