 Hi, this is Pooja. I'm a third year PhD student in the Department of Information Systems at UMBC. I'm working with Dr. Chen and Dr. Bangopadhyay on adversarial learning for rule-based intrusion detection systems as a part of ACCL lab at UMBC. The objective of our study is to analyze the potential attack strategies against rule-based intrusion detection systems. We use graph analytics and clustering to analyze these strategies. Two of the common attack models include indiscriminate attack and targeted attack. In an indiscriminate attack, the attacker tries to evade as many ideas' rules as possible, whereas in a targeted attack, the attacker tries to evade a specific rule. Hypergraph model can be used for analyzing indiscriminate attacks, where each rule is represented as a node and each condition is represented as a hyper wedge. To demonstrate this, we analyzed SNOT's malware rules, where each rule represents a node and each rule header represents a hyper wedge that includes all the rules with that header. Here is the graphical representation of a part of the entire rule set. The table on the left shows the coverage for some of the rule headers, and the graph on the right shows that a small number of conditions cover a large portion of the rules. And in this example, top eight conditions cover about 75% of the rules. So the attackers might focus on evading such conditions, which cover large portions of the rule set. A possible solution is to generalize the rules, but making such generalizations or changes might not be easy and requires domain knowledge. Moving on to the analysis of targeted attacks, clustering can be used to analyze such attack strategies. To demonstrate this, we use a set of 15 malware rules, and the rules are clustered using agglomerators' hierarchical clustering. We created five clusters for this set of rules, and it can be seen that rules in a given cluster are very similar to each other. It might be possible to generalize similar rules in order to capture new attacks, but there's always a trade-off between the false positive rate and the robustness of the ideas. Clustering also facilitates analysis of evolution of rules, and it can help detect rule variants that are not present in the ideas. Our future work includes utilizing rule clustering to supplement abductive reasoning, analyzing the evolution of rules over a given period of time, and also analyzing the counter-attack strategies at the cluster level. This brings us to the end of the presentation. Thank you.