標題: | 動態知識擷取方法之研究 A Study of Knowledge Acquisition Methodologies for Dynamic Knowledge |
作者: | 林順傑 Shun-Chieh Lin 曾憲雄 Shian-Shyong Tseng 資訊科學與工程研究所 |
關鍵字: | 知識擷取;知識表格;隱含知識擷取;入侵偵測;電腦蠕蟲;分散式阻絕服務;Knowledge acquisition;Repertory grid;EMCUD;Intrusion detection;Computer worm;Distributed DoS |
公開日期: | 2006 |
摘要: | 知識擷取是在建立知識庫系統中的一個主要瓶頸。由於知識爆炸,知識可以被歸納成靜態知識(Static Substantive Knowledge)和動態知識(Dynamic Substantive Knowledge)兩大類。在過去20多年中,有很多的研究學者提出很多知識擷取方法,從專家那邊萃取出靜態的知識,然而,這些方法在擷取知識的過程中,因為缺乏足夠多的資訊,所以並沒有討論到如何發覺包括變種知識(Variant Knowledge)和演化性知識(Evolutional Knowledge)兩類的動態知識。因此,如何蒐集到足夠多的資訊,並用來通知專家有新演化的物件產生,而且可以利用並擴展舊有的知識庫,在知識擷取的領域中,也逐漸變成一個重要的議題。部分現存的知識擷取系統,採取建構個人建構理論(Personal Construct Theory)上發展出來的知識表格(Repertory Grid)技術來擷取在一個限定領域間,分辨並區分開不同物件的靜態知識。EMCUD(Embedded Meaning Capturing and Uncertainty Deciding)是一種用來擷取隱含知識的技術。它在1990年被提出來協助專家萃取知識的隱含意義並協助專家決定每一條隱含規則(embedded rule)的信賴程度,用來擴展使用傳統知識表格方法產生的原始規則(original rule)。然而,EMCUD一樣因為缺乏足夠多的資訊而無法擁有發現新演化物件產生的能力。我們的想法是希望可以藉由觀察知識庫各個低信賴程度的隱含規則被推論的行為,包括頻率以及趨勢變化並藉此用來學習可能的新演化物件,然後再引導專家根據這些推論行為的趨勢來萃取便是這些物件的動態知識。在這篇博士論文中,我們將提出一個包含推論記錄檔蒐集階段、知識學習階段以及知識精鍊階段等三個階段新的知識擷取方法,Dynamic EMCUD,來協助專家察覺到新演化物件的產生並萃取出這些物件的隱含規則。Dynamic EMCUD在推論記錄檔蒐集階段可以協助專家蒐集足夠的推論記錄。在隨著時間改變的環境中,在知識學習階段中可以透過觀察頻繁的推論行為和演化行為的趨勢,讓專家察覺到新演化物件的產生。最後,在知識精鍊的階段,Dynamic EMCUD可以將一個小的多資料型態知識表格和一個小的屬性序列表格(Attribute Ordering Table,AOT)個別整合到一個主要的多資料型態知識表格和主要的屬性序列表格中,並用來調整弱隱含知識來達到表格演化的能力。進一步來說,我們的方法可以很容易的延伸成包括多個區域的知識庫系統和一個聯合的知識庫系統的聯合式的架構來協助整合從各個搭載Dynamic EMCUD的區域知識庫系統所產生的演化物件的知識。並且協助專家可以容以的利用足夠多的環境資訊來發覺更多其它新的物件知識。我們提出五個演算法來幫助專家容易的萃取新物件的隱含規則。電腦蠕蟲和分散式阻斷服務偵測以及警報分類模式建立兩個應用可以用來評估Dynamic EMCUD的效能,結果顯示新的變種物件可以被快速發覺並可以快速的通知專家,並協助他們利用Dynamic EMCUD萃取出新演化物件的隱含規則。 Knowledge acquisition is known to be a critical bottleneck of building knowledge based systems. Due to the explosion of knowledge, substantive knowledge can be classified into static substantive knowledge and dynamic substantive knowledge. Many knowledge acquisition methodologies have been proposed to systematically elicit rules of static substantive knowledge from domain experts in the past twenty years. However, none of these methods discusses the issue of discovering dynamic substantive knowledge including variant knowledge and evolutional knowledge due to the lack of sufficient information. Hence, how to collect sufficient information to help experts notice the occurrence of new evolved objects and to reuse and extend the original knowledge base becomes increasingly important in the knowledge acquisition field. Most of the existing systems employ the Repertory-Grid test originally developed by Personal Construct Theory in eliciting static substantive knowledge to identify different objects and distinguishing these objects in a selected domain. EMCUD (Embedded Meaning Capturing and Uncertainty Deciding), one of a Repertory Grid based knowledge acquisition tools, has been proposed to elicit the embedded meanings of knowledge (embedded rules bearing on objects and object attributes) to classify objects and guide experts to decide the certainty degree of each embedded rule using an attribute ordering table (AOT), which records the relative importance of each attribute to each object, for extending the coverage of original rules. However, it still lacks the ability to discover the occurrence of new evolved objects due to insufficient information. Our idea is to monitor the frequent inference behaviors and the trend of weak embedded rules with lower certainty degree and learn the candidates of new evolved objects and then guide the experts to extract the dynamic knowledge of these objects according the trend of inference behaviors. In this dissertation, we will propose a new iteratively knowledge acquisition method, Dynamic EMCUD which includes Log Collecting Stage, Knowledge Learning Stage, and Knowledge Polishing Stage, to notify experts to extract the embedded rules of new evolved objects. The Dynamic EMCUD can collect sufficient inference log in Log Collection Stage and then notify experts the occurrence of evolved objects through observing the frequent inference behaviors and tracing the trend of evolutional behaviors over time in a changing environment in Knowledge Learning Stage. In the Knowledge Polishing Stage, the Dynamic EMCUD can integrate a small acquisition table increment and a small attribute ordering table (AOT) increment into the main acquisition table and the main AOT, respectively, for adapting the weak embedded rules to achieve the ability of grid evolution. Moreover, our method can be easily extended as a collaborative framework (including n local KBSs and a collaborative KBS) to integrate the new knowledge of new evolved objects generated from every local KBSs (each KBS deploy a Dynamic EMCUD) and help experts easily discover some other new evolved objects in the collaborative KBS with sufficient context. Five algorithms are proposed to help expert easily extract the embedded rules of new objects. Two applications including in worms and distributed DoS detection, and alert classification model construction are used to evaluate the performance of Dynamic EMCUD. The results show that the new variants can be discovered and experts can be easily notified to quickly extract the knowledge of new objects according to the Dynamic EMCUD. |
URI: | http://140.113.39.130/cdrfb3/record/nctu/#GT009023808 http://hdl.handle.net/11536/82491 |
Appears in Collections: | Thesis |
Files in This Item:
If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.