You are here

AI/ML Augmentation of Cyber Threat Hunting


OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Trusted AI and Autonomy; Advanced Computing and Software


OBJECTIVE: Develop and implement an innovative artificial intelligence / machine learning (AI/ML) algorithm development/data analysis solution to enhance MDA Cyber Assistance Team (CAT) cyber threat hunting operations to detect and help thwart cyber threats in the MDA Defense Industrial Base (DIB), protect MDA Controlled Unclassified Information, and help defend emerging Missile Defense System technology developed in MDA DIB.


DESCRIPTION: MDA CAT conducts cyber threat hunting operations in the MDA DIB to rapidly detect and help defeat evolving and expanding cyber threats facing the MDA DIB. The increasing agility, overwhelming number, and capability of these cyber threat actors requires MDA CAT to implement effective AI/ML solutions to augment and modernize its threat hunting operations and help safeguard MDA emerging technologies and controlled unclassified information in the MDA DIB.

Challenge/Problem: Relatively small data sets (approximately 1.5TB/mission captured on average and up to 90TB/year) and the disparate nature of the data captured (data is of various formats and captured on up to 60 unique and unrelated networks per year).


PHASE I: Conduct modeling and simulation that would provide proof of concept for recognizing actionable patterns within existing data sets; clustering the patterns in order to detect deviations from the norm and possible security incidents leading to advanced analysis.


PHASE II: Optimize the simulation tools and demonstrate effectiveness for detecting cyber-attacks.


PHASE III DUAL USE APPLICATIONS: Commercialize modeling tool and provide it to governmental organizations with cyber threat hunting programs.



  1. Department of Defense Instruction 5205.13, Defense Industrial base (DIB Cybersecurity (CS) Activities)
  2. 2016 NDAA;  MDA Director's Memorandum for all MDA Contractors Through Cognizant Contracting Officers; SUBJECT: Missile Defense Agency Cyber Assistance Team Program Participation, Dated July 28, 2022.  


KEYWORDS: threat hunting; artificial intelligence; machine learning; security and incident event management; data sets; clustering; deviations; low and slow; port and protocol abuse; emerging cyber threats; malware beaconing; disparate data sets

US Flag An Official Website of the United States Government