Autonomous Cognitive Model and Analysis for Survivable System

-e research on autonomous recognition mechanism for survivability has vigorously been growing up. A method of autonomous cognitive model and quantitative analysis for survivable system was proposed based on cognitive computing technology. Firstly, a cognitive model for survivable system with cross-layer perception ability was established, a self-feedback evolution mode of cognitive unit based onmonitor-decide-execute loop structure was improved, and a self-configuration of cognitive unit is realized. -en, combined with the cognitive state transition graph, the analysis of cognitive performance for survivable systems based on dynamic cognitive behavioral changes was constructed. Finally, the cognitive processes of survivable system were described by using formal modeling. Simulation validated the influence degree of test parameters on system survivability from two perspectives of the probability of intrusion detection systems vulnerability and attacks detected. Results show that enhancing the rate of monitoring actions change and the rate of performing actions change obviously improved the cognitive performance of survivable system.


Introduction
Survivability is a hot topic in the research on the nextgeneration Internet security. According to Westmark [1] and Ellison [2] definition, survivability can be illustrated from three properties: resistance, recognition, and recovery. Among them, recognition reflects the system's autonomous cognition of its own survival situations and securities of the scene and environment. Current research focuses more on the definition of survivability [1,2], quantitative and qualitative evaluation [3][4][5], formal description [6][7][8], trusted protection [9], recovery [10], and other topics in resistance and recovery. But the research on recognition has just begun and is growing.
At present, consensuses on the research of survivability mechanism have been achieved at home and abroad as follows. Recognition refers to the ability that the system possesses to "know" and "feel" the current system's survival situation [11]. Survivability-oriented recognition gives priority to the perception and cognition of the security status of the whole system environment, which can be regarded as the identification of basic key services' decline in survivability and of the attack and intrusion event sets [12]. Recognition means the system's response and adaptability when systems face malicious intrusion [13], which can reflect systems' ability to assess its own security status and surrounding working environment, which can be analyzed from its recognition rate of security incidents and the recognition time of nonsecurity incidents. Recognition can be achieved by constraining reference thresholds of cognition parameters, while autonomy can be achieved by the central control process of the autonomous recognition unit [14]. Recognition can be obtained by establishing a hierarchical perception model and making the policy library drive the selfmanagement mode of the monitor-decide-execute (MDE) loop structure [15]. Cognitive Computing is a summary of the characteristics of the next-generation intelligent Internet's core concepts [16]. Cognitive computing in the era of big data is approaching cognitive science, with the abilities of self-learning, self-adaptation, and self-perception to realize the human-brain-like recognition and judgment. In this paper, based on previous survivability researches, an autonomous cognitive model of survivable system is raised, and the model is formalized by using semi-Markov stochastic process algebra [17,18], which provides theoretical guidance for the study of survivable system's cognitive ability.

Autonomous Cognitive Model
e system's cognitive needs are mapped to the dynamic selection of multiobjective cognitive results at multiple cognitive levels. Meanwhile, the cross-layer perception is used to obtain the autonomous reasoning, dynamic decision-making, and resource reallocation of survivable systems, and to realize the self-adaptation to dynamic changes of the cognitive needs and environment security. In addition, cognitive model should reach a balance between formal description and cognitive abstraction, so it can not only accurately describe and reflect the system's recognition, but also facilitate reasoning, thus providing theoretical support for the study of cognitive ability of survivable system.

Cross-Layer Recognition.
According to different emphasis on cognitive process, cognitive needs, and cognitive elements, the survivable system can be divided into three cognitive layers, namely, access cognitive layer, network cognitive layer, and service cognitive layer, as shown in Figure 1.
Access cognition layer reflects the recognition of the communication capability of available transmission channels, which supports protocol conversion and adaptation of various available channels, and achieves high reliable information transmission through the recognition of channels' communication capability. e network cognitive layer shows the unified cognition of cognitive specifications in the cognitive process and goals of cognitive needs. It can realize dynamic reconfiguration and planning constraints of cognitive network resources. e service cognitive layer reflects the recognition of the matching ability of providing Internet resources required for applications and users. It can serve high QoS service in complex environment, where massive, incomplete, or even malicious service scenarios exist.

Self-Feedback Mode of Cognitive Units.
e cognitive unit structure is similar to Agent in the traditional sense, the basic unit of the realization of cognitive model [19][20][21], which is also the symbol of the autonomous cognitive ability of survivable system. With the self-feedback ability added on the basis of the existing cognitive unit structure, an improved cognitive loop structure is achieved as shown in Figure 2. is structure is a self-feedback evolving structure driven by the self-configuring strategy library of cognitive elements (M-D-E: Monitor-Decide-Execute), which can adjust behaviors, topology, and service parameters with the changes of working environment and task objectives inside and outside the survivable system. Apart from the function of perceiving contexts of normal network events, the structure can also deal with internal and external security threats to enable survivable systems to independently adapt to environment and demand changes. e self-feedback mechanism of cognitive unit is shown in Figure 3, which includes local, domain-level, and global feedbacks. Each layer is composed of several cognitive units to achieve global, domain, and local cognition of the system's cognitive behaviors. Results of local feedback can obtain the local optimal solution to the goal of cognitive needs; global feedback can coordinate the feedback results at domain and local levels and obtain the global optimal or suboptimal solution.
Cognitive units can obtain self-configuration of cognitive elements with a self-feedback mechanism. ere are two cases: 2.2.1. Preset Self-Configuration. When matchable strategies are found in existing strategy libraries, the configuration strategy in the preset cognitive rule set will analyze and reason the system, as shown in Figure 4.

Acquired Self-Configuration.
When matchable strategies cannot be found in strategy library, effective rules achieved after acquisition will be stored as acquired rules in the configuration strategy library, as shown in Figure 5.

Cognitive Process of Formal Modeling
In order to formally describe the transition between different states of the system under attacks, faults, or accidental failures, and to better understand the dynamic evolution process of the survivable system's survival situations, a cognitive survival state transition diagram [14] is introduced, as shown in Figure 6. e tool Version v25 of the PEPA Eclipse Plugin [22] of the Computer Science Foundation Laboratory of the University of Edinburgh is used to simplify the calculation process.
e formal description of the cognitive survival state for the survivable system in Figure 6 is as follows: } represents the resource constraint sets of m cognitive units, C � C (Mde i ) represents the cognitive sublayer at layer j, including i cognitive unit resources; Objects � {Object 1 , Object 2 , ..., Objects} is a set of cognitive needs' objectives. e single objective Object k is associated with the i th cognitive sublayer C j � C (layeri) and satisfies the mapping function ρ: Object k ⟶C j . If there are multiple cognitive needs objectives in a cognitive sublayer, it can be expressed by a union set: Object s1 ∪ Object s2 ∪ . . . ∪ Object sq ; Domain represents the set of cognitive domains, and each subnet i is regarded as Domain Domain i ; Σ � {ς 1 , ς 2 , L, ς n } i is the set of action decision result functions.
Survivable systems provide key services to the outside world, and users request services. erefore, from the perspective of service supply, the survivable system is modeled as two ends: User and Server. e User end can be represented as User k j process. e formal description of user end is (i) Monitor � (monitor, m). Decide; (ii) Decide � (decide, r1). Execute + (uncertain, r2).
Monitor + (servce2, s2). Monitor +...+ (servcet, st). Monitor And a model for Server end is made, objective k∈Objects, and the process of Server end is represented as Server k ji , where i∈Domain, j∈C (layer i ), which satisfy ρ:k⟶j. For different Domain i processes, the rate and number of action changes are different. erefore, the cognitive process can be shown as      ... ⟶ (a n ,r n ) P ′ , P ′ will be called as the derivation of P, and the collection d s (P) will be the collection of all derivations of P. e state space X s is the collection of all nodes of the derivative graph of SM-PEPA, and SMP corresponding to SM-PEPA is built: {X, T} � {X n , T n , n � 0, 1, 2, . . .}, where, X n ∈X S , and when m � n � l � 1, we get  Duration of calling recovery updates L 3 Probability from self-recovery state to normal state S 1 Duration of self-recovery state to normal state L 4 Probability of self-recovery state to self-destruction state P 2 Duration of self-recovery state to self-destruction state L 5 Probability of self-restoring state to self-restoring state S 2 Duration of self-recovery state to self-recovery state L 6 Repair probability from self-destructive state to normal state S 3 Repair duration from self-destructive state to normal state Mathematical Problems in Engineering 5 Attack', Failure', Accident', General' are derivations of component Attack, Failure, Accident, General, respectively.
p ij � P{X n + 1 � j, X n � i} represents the state transition rate between i, j; H ij � P{T n + 1 −T n ≤ t | j � X n + 1 , i � X n } represents the distribution probability obeyed by action change rates between i and j.
e stable-state probability of Markov can be obtained after the following calculations [23]: Let X S be any state space and let the corresponding Markov Chain, P � (p ij ) be a state transition matrix: After doing reduction of the model, when the delay of action obeys the exponential distribution, the probability of transition from state α to state l is p al � r al / j r aj , where r αj is the delay parameter of actions. And when the delay time parameter obeys the general distribution of action d, because its priority is higher than other actions, the probability of transition to the determined state q is 1, and the probability of transition to the rest is 0. erefore, the steady-state rate of embedded semi-Markov Chain satisfies is a stationary probability vector embedded in semi-Markov Chain. When the duration of behaviors in SM-PEPA model obeys exponential distribution, the solution of the model can be transformed into solving the duration Markov Chain corresponding to PEPA. Assuming that the steady-state probability distribution of duration Markov chains is π(·), so π � {π 1 , π 2 ,. . .} is the steady-state probability vector.

State Transition
Matrix. Because a survivable system application scenario for the corresponding goal is different, its internal and external environment are also different; at the same time, it is limited by many constraints, etc., so according to different application scenario for the conditions for survival systems can be divided into five states: normal survival state (general), compromise survival state (compromised), cognitive detection state (detection), the recovery state (selfhealing), and self-destructive state (selfdestruction). From the state set, the state space X � {G, V, D, SH, SD} can be obtained, and then the DTMC chain, just an example, can be obtained, as shown in Figure 7. e above-mentioned parameters' probability values are shown in Table 2.

Quantification of Evaluation Indicators.
Based on the state transition matrix P, the corresponding relationship between the evaluation index and the state transition probability is established [15]: Recognition: p1, TC⟶G Resistance: p1 + (1−p1) p2, TC⟶G, TC⟶D Recovery: 1−p3−p4, TSH⟶G Reliability: 1−πSD Among them, TC ⟶ G means the time interval between threat detection and threat processing; TC ⟶ D means the time interval of resisting invasion or attack; TSH ⟶ G is the time interval of system self-recover; πSD is the steady-state probability of system in self-destructive state; T C ⟶ G , T C ⟶ D , T SH ⟶ G can be obtained from the actual operation of survivable systems through bypass network monitoring tools.

Solution of Approximate Steady-State Probability.
According to the steady-state distribution value of the steady-state rate v i embedded in semi-Markov Chain, the five calculating formulas of steady states are as follows: Here, we make the average staying time of self-destructive SD obey subexponential distribution, distribution parameters λ 1 和λ 2, while the average staying time of other states obeys exponential distribution, which is also consistent with the actual network situation, then the average staying time of five states is shown as formula (7). 6 Mathematical Problems in Engineering e formula to get the steady-state probability based on the semi-Markov process is e steady-state probability of semi-Markov process can be solved finally. To simplify the analysis process, a global cognitive unit is assumed to consist of two domain cognitive units, Domain_1 and Domain_2. e approximate steadystate probabilities derived from each cognitive unit are shown in Table 3.

Quantitative Analysis and Simulation.
In this paper, PEPA Workbench is used to process data files, and the tool, Version v25 of the PEPA Eclipse Plugin of the Computer Science Foundation Laboratory of Edinburgh University, is adopted to quantitatively analyze the performance of the proposed cognitive model in terms of resistance, recognition, and recovery.
Due to the addition of cognitive computing features in the model, state space X S can be further divided into collection X 1 and X 2 to represent cognitive and noncognitive survivable state collections. Each local derivation in X 2 contains noncognitive survivable state and indefinite state in the following form: X 1 � {x|x � DeGradation||...}. Similarly, the steady-state probability collection, π � π1, π2, . . . , πn { }, can also be divided into two parts, corresponding to the subcollection C D in X 1 and the subcollection C UD in X 2 , respectively. e test parameters are listed in Table 4. In order to better measure the impact of the selected index parameters on the cognitive performance of survivable systems, the resistance parameter h and the cognitive parameter z 1 are first examined. And then the values of h and z1 are adjusted to maintain the rest of the parameters unchanged. e experimental results are shown in Figures 8  and 9.
In Figure 8, parameter h means the probability of attackers finding system flaws and, correspondingly, means the system's resistance to attacks. e smaller the value of h is, the stronger the anti-attack ability of the system becomes. With h decreasing, the survivability index of the system increases gradually. But the resistance of the system is not endless. When the value of h reaches 1e-09, the survivability index of the system approaches 1.0 and gradually becomes stable. No matter how strong the attack defense is, it is possible to be invaded. e curve shows the defense trend that it will return to the origin and start a new round of survivability evolution process. As long as new flaws are added to the system and the flaws recognition rate of attackers are increased in unit time, the survival index curve will always show a trend similar to Figure 8. Figure 9 shows the curve of system survivability index. z1 represents the probability of attacks being recognized by the system. When the initial recognition rate is close to zero, the survivability index of the system is about 0.08, and the local cognitive units begin to update the acquisition rules independently. With the recognition rate increasing, the system keeps adjusting its state and updates the results of selffeedback behavior transitions to the global cognitive level, and the survivability index gradually increases, which improves the fact that the self-configuration mechanism in the cross-layer cognitive network further strengthens the system's survivability. When z 1 increases to 0.7, the e state transition matrix P. survivability index begins to climb rapidly, which shows that improving the system's attack recognition rate delivers better effects on enhancing the system's survivability, rather than strengthening its resistance. From the DTMC corresponding to the cognitive survival state collections, we can see that there are three possible states of self-recovery actions, L 3 , L 4 and L 3 as assumed. And the self-recovery rate V � L 3 /L 3 + L 4 + L 5 in Figure 10 shows the changes of system survivability indexes when the selfrecovery rates are 0.532, 0.758, 0.914, and 0.997, respectively. It also unveils the fact that, with the increase of the interval time of self-recoveries, the survivability index curve declines steadily. When the intervals are the same, the larger the value of self-recovery rate V is, the higher the survivability index of the system becomes. When the value of V is 0.997, the survivability index is close to the highest, 1.0, the system performs the best self-recovery ability. It can be seen that improving the system recovery is one of the most feasible ways to improve the system survivability.
For survivable systems, different indicators affecting cognitive performance are tested. e main parameters and their implications are shown in Table 5. In view of the cognitive model in this paper, the relationship between the above parameters and the cognitive ability of survivable system is analyzed and tested accordingly.
Reliability is one of the important indicators affecting the cognitive ability of survivable systems. Failure of cognitive units has great impacts on the cognitive performance of systems.
e relationship between E SD and reliability is shown in Figure 11. Parameters of E SD decline along the transverse axis, and the height of the histogram decreases as well, which proves that the reliability of the system gets weakened as the interval of failure time decreases; that is, the higher the failure frequency is, the weaker the reliability becomes. When E SD is 1/50 × E SD , the reliability is still above 0.9, while when E SD is reduced to 1/100 × E SD , the reliability drops sharply to less than 0.1. at is, because the number of cognitive units that provide normal service decreases with the increase of failure frequency, the reliability of the system is weakened dramatically, thus causing significant impacts on the system's cognitive ability.
Recovery is an important indicator to measure the system's cognitive ability. Figure 12 demonstrates the relationship between E SH and recovery. e system's recovery falls with E SH growing, which shows that the longer the recovery time is, the more poor the recovery performance will be. In particular, when the E SH value is 100 × E SH , the system's recovery decreases to about 0.2. e survivable system cannot avoid attacks, faults, or other accidents under such complex working environment. If the self-recovery time is too long, the duration of staying in unsafe states will be longer, thus affecting the cognitive survivable system's cognitive ability.
e relationship between the rate of monitor behaviors' transitions (m represents different rates) and recognition is shown in Figure 13. From the figure, we can see that every curve climbs upwards, demonstrating that the system's recognition gets stronger as t increases. At first, the four curves rise significantly and then tend to grow steadily and slowly. at is because the time t starts to advance from 0,  meaning that the system begins to work from nonworking states. en, the system's recognition increases rapidly from 0. And when t advances to a certain value, the recognition ability will also remain at a stable state. When m is 1.0, the curve of recognition stays at the lowest level, while when m is 5.0, the curve is at the highest level, which shows that the bigger the m value is, or the faster the execution rate of transition behaviors is, the stronger the recognition of the system will be. Because the time delay of executing monitoring behavior decreases, the number of monitoring units in working states increases, which improves the efficiency of perception and detection of the internal and external environment of the system, so the system's cognitive ability gets stronger. e transition rate of monitoring behaviors, namely, the relationship between e and recognition, is shown in Figure 14. We can see that every curve climbs upwards along the transverse axis, demonstrating that the system's recognition gets stronger as t increases. When the value of t is relatively small, the four curves rise rapidly and then tend to grow steadily and slowly; that is because the time t starts to advance from 0, meaning that the system begins to work from nonworking states. en, the system's recognition increases rapidly from 0. And when t advances to a certain value, the recognition ability will also remain at a stable state. e four curves are obtained when e is 0.2, 0.4, 1.5, and 2.0, respectively. When e � 0.2, the corresponding curve is at the

Mathematical Problems in Engineering
lowest level, and when e � 2.0, the corresponding curve is at the highest level, which means that the bigger the value of e is, the stronger the system's recognition ability becomes. Because the time delay of executing monitoring behavior decreases, the number of monitoring units in working states increases, which improves the efficiency of perception and detection of the internal and external environment of the system, so the system's cognitive ability gets stronger.

Conclusion
Cognitive model of survivable system is the abstraction of cognitive ability of survivable system and the key to enhance the system's cognitive ability. is paper studies the autonomous cognitive model and analysis method of survivable systems. e self-feedback structure of cognitive unit is improved, and the formal modeling of cognitive process is carried out by describing the transition map of cognitive survival state. In addition, the paper has obtained standardized results with the application of PEPA Workbench model tool. Next, we will further improve the cognitive structure and formal model of survivable systems and conduct research on the enhanced design of survivable system with autonomous cognitive model.

Data Availability
e data set can be obtained free of charge from http://kdd. ics.uci.edu/databases/kddcup99/kddcup99.html.

Conflicts of Interest
e authors declare that they have no conflicts of interest.