This PDF file contains the front matter associated with SPIE Proceedings Volume 8062, including the Title Page, Copyright information, Table of Contents, and the Conference Committee listing.

Information Management (IM) services need lifecycle management, i.e., determining how long persistent information is retained locally and when it is moved to accommodate new information. This is important when bridging IM services from enterprise to tactical environments, which can have limited onboard storage and be in highly dynamic situations with varying information needs. In this paper, we describe an approach to Value Function based Information Lifecycle Management (VFILM) that balances the value of existing information to current and future missions with constraints on available storage. VFILM operates in parallel with IM services in dynamic situations where missions and their information needs, the types of information being managed, and the criticality of information to current missions and operations are changing. In contrast to current solutions that simply move the oldest or least frequently accessed information when space is needed, VFILM manages information lifecycle based on a combination of inputs including attributes of the information (its age, size, type, and other observable attributes), ongoing operations and missions, and the relationships between different pieces of information. VFILM has three primary innovative features: (1) a fuzzy logic function that calculates a ordering of information value based on multiple relative valued attributes; (2) mission/task awareness that considers current and upcoming missions in information valuation and storage requirements; and (3) information grouping that treats related information collectively. This paper describes the VFILM architecture, a VFILM prototype that works with Air Force Research Laboratory IM services, and the results of experiments showing VFILM's effectiveness and efficiency.

Information Management (IM) services support the discovery, brokering, and dissemination of mission-critical information based on the information's content and characteristics. IM services support the dissemination of future information (through subscriptions) and past information (through queries) regardless of its source. To be useful across enterprise and tactical environments, IM services need mission-driven Quality of Service (QoS) features as part of their core functionality. We have developed QoS management features, QoS Enabled Dissemination (QED), that extend an Air Force Research Laboratory (AFRL) developed set of IM services, Phoenix. This paper describes the results of a joint services experiment evaluating QED and Phoenix in a US Navy scenario involving multiple ships connected by a Disconnected, Intermittent, Limited (DIL) satellite network. Experiments evaluate QED and Phoenix's ability to (1) provide IM in the Wide Area Network (WAN) context of the satellite communications, which includes long latencies and background traffic not under QED control; (2) control and utilize active-precedence and queue management features provided by the WAN; (3) handle severe network overload, network disruptions, and dynamic changes in policies; and (4) successfully enforce deadlines and information replacement policies.

The recent development of mashup technologies now enables users to easily collect, integrate, and display data from a vast array of different information sources available on the Internet. The ability to harness and leverage information in this manner provides a powerful means for discovering links between information, and greatly enhances decisionmaking capabilities. The availability of such services in DoD environments will provide tremendous advantages to the decision-makers engaged in analysis of critical situations, rapid-response, and long-term planning scenarios. However in the absence of mechanisms for managing the usage of resources, any mashup service in a DoD environment also opens up significant security vulnerabilities to insider threat and accidental leakage of confidential information, not to mention other security threats. In this paper we describe the development of a framework that will allow integration via mashups of content from various data sources in a secure manner. The framework is based on mathematical logic where addressable resources have formal usage terms applied to them, and these terms are used to specify and enforce usage policies over the resources. An advantage of this approach is it provides a formal means for securely managing the usage of resources that might exist within multilevel security environments.

Existing and future military networks vary widely in bandwidth and other network characteristics, potentially challenging deployment of services and applications across heterogeneous data links. To address this challenge, General Dynamics and Naval Research Laboratory created network services to allow applications to use wireless data links more efficiently. The basis for the network services are hooks into the data links and transport protocols providing status about the airborne networking environment. The network service can monitor heterogeneous data links on a platform and report on link availability and parameters such as latency and bandwidth. The network service then presents the network characteristics to other services and applications. These services and applications are then able to tune parameters and content based on network parameters. The technology has been demonstrated in several live-flight experiments sponsored by the United States Air Force and United States Navy. The technology was housed on several aircraft with a variety of data links ranging from directional, high-bandwidth systems to omnidirectional, medium-bandwidth systems to stable but low-bandwidth satellite systems. In each of these experiments, image and video data was successfully delivered over tactical data links that varied greatly in bandwidth and delay.

This paper set out a number of fundamental challenges to be overcome to enable the large volumes of data in modern distributed and networked defence information systems (including sensor systems) to be used to support decision making; taking into account the fundamental trends in Information Communications Technology (ICT) associated with bandwidth, storage capacity and processing power; as well as the changing nature of the information (particularly the growth in informal information and soft 'sensor' data).

Current needs in tactical situational awareness require a new type of infrastructure to encode, transmit, store, fuse, and display vastly heterogeneous data that may include "hard" sensor types including video, radar, multispectral, acoustic sensor array, 3D flash LIDAR, and "soft" sensor inputs such as textual reports from trained and untrained personnel, unsolicited and solicited open source web information, and hybrid "hard/soft" data such as human-annotated image or video data - which can be highly useful, but difficult to categorize and exploit. While the demand for scalability, rapid deployment, and decentralized access to data and services grows, the need for data security and integrity is as critical as ever. Methods for handling the conflicting needs between access and security are addressed. Furthermore, the evolving role of humans in data fusion systems must be addressed by the infrastructure. In addition to systems enhancing human data analysis capabilities through advanced visualization and sonification techniques, the data itself is more likely to contain information about humans - which is not always a task well suited to conventional data storage and retrieval methods. This paper describes a multi-agent approach to designing a secure, distributed, service-oriented infrastructure to support human-centric hard and soft information fusion.

In this paper we explore image fusion methods for 3D LIDAR sensors, thermal sensors, and visible color sensors. Traditional display methods are demonstrated in contrast to the proposed robust representations. The new fused representations make full use of the display gamut of a color monitor. In addition, a data transformation on 3D LIDAR points is demonstrated which ports hard sensor data into information space. The LIDAR data is classified and clustered in a hierarchical fashion, which allows temporal and spatial coherent fusion with soft sensor data.

There is an emerging demand for the development of data fusion techniques and algorithms that are capable of combining conventional "hard" sensor inputs such as video, radar, and multispectral sensor data with "soft" data including textual situation reports, open-source web information, and "hard/soft" data such as image or video data that includes human-generated annotations. New techniques that assist in sense-making over a wide range of vastly heterogeneous sources are critical to improving tactical situational awareness in counterinsurgency (COIN) and other asymmetric warfare situations. A major challenge in this area is the lack of realistic datasets available for test and evaluation of such algorithms. While "soft" message sets exist, they tend to be of limited use for data fusion applications due to the lack of critical message pedigree and other metadata. They also lack corresponding hard sensor data that presents reasonable "fusion opportunities" to evaluate the ability to make connections and inferences that span the soft and hard data sets. This paper outlines the design methodologies, content, and some potential use cases of a COIN-based synthetic soft and hard dataset created under a United States Multi-disciplinary University Research Initiative (MURI) program funded by the U.S. Army Research Office (ARO). The dataset includes realistic synthetic reports from a variety of sources, corresponding synthetic hard data, and an extensive supporting database that maintains "ground truth" through logical grouping of related data into "vignettes." The supporting database also maintains the pedigree of messages and other critical metadata.

A current trend in information fusion involves distributed methods of combining both conventional "hard" sensor data and human-based "soft" information in a manner that exploits the most useful and accurate capabilities of each modality. In addition, new and evolving technologies such as Flash LIDAR have greatly enhanced the ability of a single device to rapidly sense attributes of a scene in ways that were not previously possible. At the Pennsylvania State University we are participating in a multi-disciplinary university research initiative (MURI) program funded by the U.S. Army Research Office to investigate issues related to fusing hard and soft data in counterinsurgency (COIN) situations. We are developing level 0 and level 1 methods (using the Joint Directors of Laboratories (JDL) data fusion process model) for fusion of physical ("hard") sensor data. Techniques include methods for data alignment, tracking, recognition, and identification for a sensor suite that includes LIDAR, multi-camera systems, and acoustic sensors. The goal is to develop methods that dovetail on-going research in soft sensor processing. This paper describes various hard sensor processing algorithms and their evolving roles and implementations within a distributed hard and soft information fusion system.

This paper presents a selective survey of theoretical and experimental progress in the development of biologicallyinspired approaches for complex surveillance and reconnaissance problems with multiple, heterogeneous autonomous systems. The focus is on approaches that may address ISR problems that can quickly become mathematically intractable or otherwise impractical to implement using traditional optimization techniques as the size and complexity of the problem is increased. These problems require dealing with complex spatiotemporal objectives and constraints at a variety of levels from motion planning to task allocation. There is also a need to ensure solutions are reliable and robust to uncertainty and communications limitations. First, the paper will provide a short introduction to the current state of relevant biological research as relates to collective animal behavior. Second, the paper will describe research on largely decentralized, reactive, or swarm approaches that have been inspired by biological phenomena such as schools of fish, flocks of birds, ant colonies, and insect swarms. Next, the paper will discuss approaches towards more complex organizational and cooperative mechanisms in team and coalition behaviors in order to provide mission coverage of large, complex areas. Relevant team behavior may be derived from recent advances in understanding of the social and cooperative behaviors used for collaboration by tens of animals with higher-level cognitive abilities such as mammals and birds. Finally, the paper will briefly discuss challenges involved in user interaction with these types of systems.

Future unmanned systems will be integrated into the Global Information Grid (GIG) and support net-centric data sharing, where information in a domain is exposed to a wide variety of GIG stakeholders that can make use of the information provided. Adopting a Service-Oriented Architecture (SOA) approach to package reusable UAV control station functionality into common control services provides a number of benefits including enabling dynamic plug and play of components depending on changing mission requirements, supporting information sharing to the enterprise, and integrating information from authoritative sources such as mission planners with the UAV control stations data model. It also allows the wider enterprise community to use the services provided by unmanned systems and improve data quality to support more effective decision-making. We explore current challenges in migrating UAV control systems that manage multiple types of vehicles to a Service-Oriented Architecture (SOA). Service-oriented analysis involves reviewing legacy systems and determining which components can be made into a service. Existing UAV control stations provide audio/visual, navigation, and vehicle health and status information that are useful to C4I systems. However, many were designed to be closed systems with proprietary software and hardware implementations, message formats, and specific mission requirements. An architecture analysis can be performed that reviews legacy systems and determines which components can be made into a service. A phased SOA adoption approach can then be developed that improves system interoperability.

TRIDENT SPECTRE is an annual venue to test and evaluate emerging technologies hosted jointly by members of the United States Department of Defense and the Intelligence Community. The event focuses on projects involving technical collections, Geospatial Intelligence, Analysis, Human Intelligence, and communications. It offers the DoD and IC a unique opportunity to test new ideas and concepts in a secure environment with users, operators, technicians, engineers, scientists, and cleared industry partners collaboratively.

Wide area motion imagery (WAMI) sensors increasingly are being used for persistent surveillance of large urban areas. One of the potential uses for such surveillance is the discovery of geo-spatial networks, which are sets of locations linked by repeated traffic flow over an extended period of time. In this work we present a simple method of deriving geo-spatial network links automatically from ambiguous track segments or tracklets. The method avoids making explicit tracklet linking decisions and relies on temporal aggregation to identify the persistent origin-destination location pairs. We present experimental network discovery results using simulated high density track data for a downtown urban setting.

Creating and exploiting network models from wide area motion imagery (WAMI) is an important task for intelligence analysis. Tracks of entities observed moving in the WAMI sensor data are extracted, then large numbers of tracks are studied over long time intervals to determine specific locations that are visited (e.g., buildings in an urban environment), what locations are related to other locations, and the function of each location. This paper describes several parts of the network detection/exploitation problem, and summarizes a solution technique for each: (a) Detecting nodes; (b) Detecting links between known nodes; (c) Node attributes to characterize a node; (d) Link attributes to characterize each link; (e) Link structure inferred from node attributes and vice versa; and (f) Decomposing a detected network into smaller networks. Experimental results are presented for each solution technique, and those are used to discuss issues for each problem part and its solution technique.

While many years of research have been dedicated to anomaly detection algorithms and their applications, little research has been devoted to the act of tuning parameters to perfect the performance of these algorithms. This paper investigates three anomaly detection algorithms (Local Outlier Factor, wavelet decomposition, and a simple sliding threshold) and the effect of synthetically augmented training data on the resulting false positive and false negative rates. Four datasets were developed by injecting varying quantities of synthetic anomalies (0.1%, 1%, 5% and 10%) into naturally sampled light sensor data collected from a wireless sensor network. A five-fold cross validation method was implemented for training and testing with the results of each training set applied to all four test sets. The false positive and false negative rates, the traditional accuracy, and the geometric means were analyzed to determine the relationship of the number of anomalies assumed to occur in a test environment, the number of anomalies that actually occur in the environment, and the resulting performance of the anomaly detection algorithms.

This paper proposes a strategy to unify four disparate networks under an Internet Protocol (IP) umbrella. The first network is the Army Warfighter Information Network - Tactical (WIN-T) area common user system. The second network is an extension to the area common user system using the Mobile Ad Hoc Interoperability Networking Gateway (MAINGATE) system. The third network is the Worldwide Interoperability for Microwave Access (WiMax) based wireless access network and the forth network is the 802.11 WiFi Network. It is the intent of this paper to propose a skeletal wireless strategy that at its core will create everything over IP (EoIP) and "Everything over IEEE" ("EoIEEE") standards at the tactical level of the battlefield.

In this paper, we propose new network intrusion detection techniques which promptly detect malicious attacks and thus lower the resulting damage. Moreover, our approach rigorously control the probability of falsely implicating benign remote hosts as malicious. Such technique is especially suitable for detecting DoS attackers and port-scan attackers routinely perform random "portscans" of IP addresses to find vulnerable servers to compromise. Our method performs significantly faster and also more accurate than other current solutions.

The new corporate approach to efficient processing and storage is migrating from in-house service-center services to the newly coined approach of Cloud Computing. This approach advocates thin clients and providing services by the service provider over time-shared resources. The concept is not new, however the implementation approach presents a strategic shift in the way organizations provision and manage their IT resources. The requirements on some of the data sets targeted to be run on the cloud vary depending on the data type, originator, user, and confidentiality level. Additionally, the systems that fuse such data would have to deal with the classifying the product and clearing the computing resources prior to allowing new application to be executed. This indicates that we could end up with a multi-level security system that needs to follow specific rules and can send the output to a protected network and systems in order not to have data spill or contaminated resources. The paper discusses these requirements and potential impact on the cloud architecture. Additionally, the paper discusses the unexpected advantages of the cloud framework providing a sophisticated environment for information sharing and data mining.

The traditional way of approaching the management and enforcement of information systems Policy in enterprise environments is to manually translate laws and regulations into a form that can be interpreted and enforced by enterprise devices. In other words we create system commands for routers, bridges, and firewalls to force data transfers and system access to comply with the current policies and approved rules in order to control access and protect private, sensitive, and classified information. As operational needs and threat levels change, the rules are modified to accommodate the required response. It then falls on System Administrators to manually change the configuration of the devices they manage to adapt their operations accordingly. As our user communities continue to rely more heavily on mission information, and the enterprise systems and networks that provide it, our enterprise needs to progress to more automated techniques that enable authorized managers to dynamically update and manage policies in digital formats. Automated management of access rules that control privileges for accessing secure information and enterprise resources, enabled by Digital Policy and other Enterprise Security Management (ESM) capabilities provides the means for system administrators to dynamically respond to changing user needs, threat postures and other environmental factors. With the increased popularity of virtual environments and advent of cloud enterprise services, IA management concepts need to be reexamined. Traditional ESM solutions may be subjected to new classes of threats as physical control of the assets that implement those services are relinquished to virtual environments. Additional operational factors such as invoking critical processing, controlling access to information during processing, ensuring adequate protection of transactions within virtual environments and executing ESM provisions are also affected. The paper describes the relationships among relevant ESM enterprise services as they impact the ability to share and protect enterprise information. Central to this is the ability to adopt and manage digital policies within the enterprise environment. It describes the management functions that have to be supported, and the challenges that have to be addressed to ensure an effective implementation. Since the adoption of cloud services is becoming an important consideration for the evolution of enterprise architectures, the paper also explores the implications of shifting from traditional to virtual enterprise environments.

We are in an environment of continuously changing mission requirements and therefore our Information Systems must adapt to accomplish new tasks, quicker, in a more proficient manner. Agility is the only way we will be able to keep up with this change. But there are subtleties that must be considered as we adopt various agile methods: secure, protect, control and authenticate are all elements needed to posture our Information Technology systems to counteract the real and perceived threats in today's environment. Many systems have been tasked to ingest process and analyze different data sets than they were originally designed for and they have to interact with multiple new systems that were unaccounted for at design time. Leveraging the tenets of security, we have devised a new framework that takes agility into a new realm where the product will built to work in a service-based environment but is developed using agile processes. Even though these two criteria promise to hone the development effort, they actually contradict each other in philosophy where Services require stable interfaces, while Agile focuses on being flexible and tolerate changes up to much later stages of development. This framework is focused on enabling a successful product development that capitalizes on both philosophies.

Today's networks must maintain functionality in an ever increasing threat environment. To date, many of the PDR (Protection, Detection, Reaction) mechanisms have focused on technologies to defend systems while maintaining consistent network presence. In this paper we discuss a dynamic network schema wherein system protection is accomplished through a unique implementation of IP roaming. This method is shown to mask a system on a network undergoing various types of attacks while maintaining connectivity with trusted clients. Additionally, this method allows for new clients to associate without heavy authentication or knowledge of the remote systems IP Roaming status. This paper will show the advantages of implementing this unique method of IP roaming with the goal of minimizing system overhead and maximizing sustained connectivity.