�

Abstract—Vulnerability analysis for military system of systems is an emerging field. The damage effect relies heavily on human cognition activities and counter measures. We chose mission completion as the measure of damage effect, established an analogy between vulnerability analysis and planning and applied automated planning to reason about reachability of mission goals and possible operations. A modified graph planning algorithm was developed to find all possible operations of military system of systems. Test on the sample scenario proved the feasibility of this method.

I. INTRODUCTION

HE vulnerability of system of systems is related to many complex factors, such as structure of the targets,

performance of the munitions, attack stragegies of the attacker and countermeasures of enemy.

In order to facilitate target vulnerability research, Ozilin and Deitz proposed the concept of vulnerability analysis space[1] in late 1980s. They divide the analysis into 4 spaces: (1) initial parameter space for munition-target interaction, (2) component damage state, (3) measure of performance, and (4) measure of effectiveness. Based on this work, Walbert, Deitz, Ruth, et al. created that the mathematic architecture for the vulnerability/lethality research [2]-[4]. In this architecture, vulnerability analysis is described with several facets. From facet -1 to facet 4, detection, munition launching, impacting, target component damage, measure of performance (MOP) of target and measure of effectiveness (MOE) of target are respectively represented. However, The map from MOPs to MOEs is difficult for vulnerability analysis of System of Systems has heavy dependency on human cognition activities.

Many cognition model was proposed for human cognition activity modeling. Such as SOAR, ACT-R, COGNET et al. Projects and/or Systems such as Semi-Automatic Forces(SAF), ModSAF, Intelligent Forces(IFOR), Command Forces(CFOR) are some successful attempts. These attempts combine reactive behavior with deliberate planning technology to form more intelligent agents albeit preserving its flexibility and reactive capability. Successful as they are, doing the mapping from MOPs to MOEs with these method in vulnerability analysis need building intelligent agents for every key participants. This is needlessly too detailed, and will take a long period and huge amount of working power to develop and analysis. Moreover, the reliability is challenged by the inaccuracy description of the real human participants.

The core of most practical cognition model is automated

Zhong Zheng, Yiming Bi, and Mei Yang are with the Xi’An Research Institute of Hi-Tech, Hongqing Town, Xi’An, CO 710025 China (phone: 15991670609; e-mail: {fantasii, bym77, yangmei77}@yeah.net).

planning. Automated planning has been widely used in space mission planning, crisis planning, and operation planning. O-Plan and SIPE-2 are two most famous systems. O-Plan is an open planning architecture for command, planning and execution applications. It is developed by AIAI, aims as a generic domain independent computational architecture for planning. SIPE-2 is the planner used in SOCAP to develop joint military courses of action quickly[5][6]. It uses operator to represent military operations, is capable of developing counter plans according to the courses of action of enemies. SIPE-2 can also ensure equipments, supplies, forces reach given place in specified time. Automated planning has also been used as a decision support measure for transportation planning[7] and strike operations planning[8]. However, little work has done to utilize planning for reasoning possible reactions for vulnerability analysis.

II. VULNERABILITY ANALYSIS AND AUTOMATED PLANNING

Automated Planning Problem is a tuple of three elements: (1) initial state, (2) desired goal and (3) a set of possible actions. The solution of the planning problem is a sequence of actions that lead from the initial state to an end state meeting the desired goal. This resembles operation of current military system of systems, which is designed to acquire desired goal from initial state through military operations.

System of systems vulnerability analysis has to taken into account 3 aspects[9]: (1) a physical organization; (2) a concept for operations and (3) a specific mission. It is important to calculate damage effects on entities (personnel, components, subsystems and platforms) and assess the ability to perform a given mission.

It is possible to model system of systems vulnerability analysis into a planning problem. The current state of physical organizations can be seen as the initial state; Valid operations of system of systems correspondent to the planning action set; The specific mission is the desired goal. System of systems vulnerability analysis can be seen as a plan existence problem. Furthermore, from the plans derived from this problem, the behavior of the targeted military system of systems can be predicted and analyzed.

III. FORMAL MODEL

We build a formal model for system of systems with FOL. Key concepts include:

A. Entity Entity is the participant of system of systems operations.

Weapon platform, support assets, task forces are all entities.

System of Systems Vulnerability Analysis with Automated Planning

Zhong Zheng , Yiming Bi , and Mei Yang

T

30

Fourth International Workshop on Advanced Computational Intelligence Wuhan, Hubei, China; October 19-21, 2011

978-1-61284-375-9/11/$26.00 @2011 IEEE

Entity is represented with FOL constants.

B. State State is a concept describing status of system of systems.

The relation and attributes of entities are represented with state. State is a conjunction of several predicates. There are two kinds of predicates: attribute predicates and relation predicates.

Attribute predicate describes attributes of entities. For example, the fact r is a radar is represented with )(rradar ;radar r is alive can be denoted as )(ralive .

Relation predicate describes relationship between two entities or among many entities. For example, the fact entity a is antenna of radar r can be represented with

),( raantenna ; A data link l from entity r to entity c is represented with ),,( crldatalink .

C. Operator Operator is the operation changing the state of system of

systems. Taking a STRIPS form, operator is composed from two parts: preconditions and effects. Precondition is a set of predicates which must be satisfied in order to carry on this operation, while effect is a set of positive or negative literal depicting the effect of this operation. For example, the operation kill radar r using missile m can be represented with the operator ),( rmkill .

The precondition is ( )radar r � ( )alive r , the effect is )(ralive� . The operator can be written as:

)(:)()(:

),(

raliveeffectraliverradarprecond

rmkill

��

D. Goal Military system of systems is mission-driven. Each system

of systems has prescribed missions must be completed at certain times. The mission is modeled with goal. Goal is a final state must be achieved by a series of operations. Usually, a goal is a sub state of several states. Any operation series achieving states containing the goal is considered finished the mission.

At this point of view, military system of systems vulnerability analysis is considered as answering the question of “whether it is still possible to complete the specified mission if someone altered the condition?” And if possible, “what kind of actions will the system adopt, and how will it carry them out in order to complete the mission?” This can be solved with automated planning. The task is to solve the plan-existence problem and generating all possible plans.

IV. SOLVING THE PROBLEM

In our formal model, the problem is a typical STRIPS planning problem. We adopt graph plan[10] as the planner.

The key data structure of graph plan is planning graph. It is a leveled, directed graph with two kinds of nodes (proposition nodes and action nodes) and three kinds of edges

(precondition-edges, add-effect edges and delete-effect edges). The levels alternate between proposition levels and action levels. Each level describes possibly valid preconditions and actions at given time step. Proposition level 1 contains each proposition in the Initial State. The last proposition level contains final propositions which are steady after certain level. Between two succession proposition levels, there is an action level. All action nodes with the preconditions from previous proposition level will belong to this level. The latter proposition level contains all effects of these actions.

The planning graph documents mutual exclusion relations between propositions and actions and reachability of propositions.

There are two simple rules to determine whether two actions in the same level are mutex:

(1) � � � � �� �� )()( 221 aeffectsaprecondaeffects or

� � � � �� �� )()( 112 aeffectsaprecondaeffects ; (2) )()(, 12 aprecondqaprecondppq � � , p and q is

mutex. In the above expression, )(aeffects� , )(aeffects� and

)(aprecond are set of propositions of positive effects, set of propositions of negative effects and set of propositions of preconditions of action a respectively.

Also, there are two simple rules to determine whether two propositions are mutex:

(1) )()(, 2121 aeffectsqaeffectspaa �� � � 1a and 2aare mutex;

(2) ,a�� )()( aeffectsqaeffectsp �� � . Denote the set of propositions at lever i as iP , the mutex

set of propositions at level i as iP� , then the reachability determination problem of goal g is to find a layer i , in which

iPg � and any two propositions from g don't belong to

iP� . Building plan graph is called planning graph extension.

Fig. 1. A example of planning graph. At each time step, there is a proposition set, on which actions with valid precondition can be launched. The proposition of positive and negative effect of these actions is inserted into the proposition set of next time step. The process is iterated until goal can be reached or the proposition sets reached equilibrium.

31

This process can be complete in polynomial time. After this process, we got iP� and iP for every level i . Thus the goal reachablility can be determined. There is mature algorithm[11] for this process.

Time consuming process takes place in the solution search process. In this process, the planning graph is treated as and/or graph, back trace technique is performed on the graph. Note that we need the plans to be complete, which means we want to get all possible plans in order to analysis the behavior of target system of systems. So we devised a new algorithm to search for the solution.

The algorithm is composed of 2 processes: Transform and Depth-first search.

A. Transform In this process, planning graph is transformed into a tree

structure for search. Nodes of this tree are interleaved with proposition nodes and action nodes.

The transformed tree looks like Fig 2.

In a plan search tree, the root node is a virtual node. The first-order children of the root are goal propositions in the last level of planning graph. The second-order children are all possible actions with its parent as its positive effect. The third-order child is one of the remaining goal propositions. Generally speaking, the 2nth-order children are actions with its parent as its positive effect and compatible with all actions higher than it. The 2n+1th-order child is either one of the remaining goal proposition of that level in the planning graph (if there is a remaining one) or one of the propositions of the preceding level in the planning graph.

B. Depth- First Search When the search tree constructed, Depth-first search is

carried on the tree. If there is a path from root to propositions of the initial state, there exists a plan. When reached action level 1, a special process is taken to verify all preconditions of the actions are satisfied by the initial state.

V. APPLIANCE EXAMPLE

We build a fictitious system of systems to show the application of this method. The system of systems has two detectors d1 and d2; one fire unit f1; two missiles m1 and m2; two command data links l1 from d1 to f1 and l2 from d2 to f1; and a guide data link l3 from d2 to m1 and m2. In addition, there is an enemy BTR b1. The mission is to kill b1.

The scenario is described with PDDL. The state is represented with 8 propositions:

(track ?d – detector ?t – target) (infoconn ?l – datalink ?d – detector ?f – fire-unit) (guideconn ?l – datalink ?d – detector ?m – missile) (aiming ?m – missile ?t – target) (hostile ?t – target) (dead ?t – target) (flying ?m – missile) (hasmissile ?f – fire-unit ?m – missile)

The operators are: (:action detect

:parameters (?d – detector ?t – target) :precondition (hostile ?t) :effect (track ?d ?t)) (:action fire

:parameters (?d – detector ?t – target ?f – fire-unit ?l – datalink ?m – missile) :precondition (and (track ?d ?t) (infoconn ?l ?d ?f) (hasmissile ?f ?m)) :effect (flying ?m)) (:action guide

:parameters (?d – detector ?l – datalink ?m – missile ?t – target) :precondition (and (track ?d ?t) (guideconn ?l ?d ?m) (flying ?m)) :effect (aiming ?m ?t)) (:action kill

:parameters (?m – missile ?t – target) :precondition (and (flying ?m) (aiming ?m ?t)) :effect (dead ?t)) There are 20 plans found, one of them is:

time step 0 DETECT d1 t1 time step 1 FIRE d1 t1 f1 l1 m2 DETECT d2 t1 time step 2 GUIDE d2 l3 m2 t1 time step 3 KILL m2 t1

When d1 is taken off from the system, the number of plans falls to 10. one of them is:

a2

g1 g2

g2

a1 a3

g1 g1

a3

p2

goal

a1

p1 p2p1

X

Fig. 2. The plan search tree structure transformed from a planning graph. X denotes there is no valid action compatible with higher actions (i.e. a2). A path from leaf nodes to root represents a valid plan.

32

time step 0 DETECT d2 t1 time step 1 FIRE d2 t1 f1 l1 m2 DETECT d2 t1 time step 2 GUIDE d2 l3 m2 t1 time step 3 KILL m2 t1

Obviously, the loss of d1 limited the flexibility of system of systems.

When d2 is damaged, planner cannot find any solution. This is because the guide capability is solely depend on d2, if d2 is damaged, missile won’t guide to target.

VI. CONCLUSIONS

Traditional vulnerability analysis mainly focuses on single target, with the increase of the complexity of warfare, the effect imposed on system of systems is concerned by more andmore analyst. Still, the vulnerability of system of systems is a new and difficult area. Automated planning has the capability to reason about actions, is an possible option for system of systems vulnerability analysis. We tried this method and has got some beneficial results. What still needs to resolve is that the search space for the plan generation is huge. It is necessary to limit the search space in order to make the method practical. Put more constraint to the plan generating process is a possible option.

REFERENCES

[1] P. H. Dietz and A. Ozolins, "Computer simulations of the abrams live fire field testing," 1989.

[2] J. T. Klopcic, M. W. Starks, and J. N. WAlbert, "A taxnomy for the v- nlnerability/lethality analysis process,"

1992.[3] P. H. Dietz and M. W. Starks, "The generation, use, and misuse of PKs

in vulnerability/lethality analysis,"1998.

[4] B. G. Ruth and P. J. Hanes, "A time-discrete vulnerability/lethality (V/L) process structure,"1996.

[5] D. E. Wilkins and R. V. Desimone, "Applying an AI planner to military operations planning,"1993.

[6] J. D. Skidmore, "Crisis action planning and replanning using SIPE-2," 1993.

[7] M. A. Bienkowski, " Decision support for transportation planning in Joint COA development,"

1996.[8] P. Smith, Advanced Computer Aids in the Planning and Execution of

Air Warfare and Ground Strike Operations. Neuilly sur Seine, France: AGARD, 1987.

[9] J. A. Smith and B. S. Ward, "System of systems - survivability, lethality, vulnerability assessment: ballistic vulnerability modeling demonstrate- on," 2009.

[10] A. L. Blum and M. L. Furst, "Fast planning through planning graph an- alysis," in 1995 Proc. Int. Joint Conf. Artificial Intelligence, pp. 1636- 1642.

[11] M. Ghallab, D. Nau, and P. Traverso, Automated Planning: Theory and Practice. Winsland House, Singapore: Elsevier, 2004.

33

DTIC, Fort Belvoir, V A, Tech. R ep. ADA 2 0 950 9,

DTIC, Fort Belvoir, V A, Tech.R ep. ADA 2 50 0 3 6 ,

DTIC, Fort Belvoir, V A, Tech. ADA3 4 0 6 52 ,

DTIC, Fort Belvoir, V A, Tech. ADA3 2 0 3 4 9,

SRI Intl., M enlo Park, CA, Tech.R ep. STITN 53 4 ,

SRI Intl., M enlo Park, CA, Tech.R ep. ADA3 112 17 4 ,

R ome L ab. , Griffiss AFB, N Y , Tech. R ep. N 93 3 2 13 13 ,

DTIC, Fort Belvoir, V A, Tech. R ep. ADA 513 8 4 8 ,