Anomaly Detection At Multiple Scales (ADAMS)
Agency / Branch:
DOD / DARPA
We propose to develop robust technical capabilities (resulting in commercial-quality software product) for identifying likely malicious as well as overly trusting insiders within an organization by leveraging automatically generated misinformation. Our system will work in conjunction with modern system and network monitoring technologies such as Data Leakage Prevention (DLP) systems and honeypots of various kinds (both traditional and unconventional), some of which are already in use by many enterprises for other purposes. Our approach focuses on and exploits what malicious insiders seek (illicitly acquired information), as opposed to incidental signs of misbehavior. Our approach also identifies users who make inappropriate trust decision putting organizations at risk. This provides a robust alternative and a good complement to passive-detection mechanisms. In Phase 1, we proposed to (a) investigate and design an insider detection architecture based on this notion of misinformation, and (b) demonstrate the feasibility of identifying specific types of insiders by developing a prototype for automatically generating and distributing believable misinformation based on pre-defined templates, and then tracking access and attempted misuse of it through integration with an open-source DLP system. In Phase 2, we will extend and instantiate our architecture, also expanding our system capabilities to generate documents that use information harvested from real sources. We will also develop a modular and extensible back-end system and management console.
Small Business Information at Submission:
Allure Security Technology
5 Penn Plaza 23rd Floor New York,, NY -
Number of Employees: