Advanced Insider Threat Detection and Response
Small Business Information
DISTRIBUTED INFINITY, INC.
1382 Quartz Mountain Drive, Larkspur, CO, 80118
AbstractAdvanced Insider Threat Detection and Response is a breakthrough game changing analysis and response capability addressing integrated attacks at a fusion level 3 (identity, path, and intent). Previous efforts including the Phase 1 demonstrated that high level abstraction of network and host data is not only possible, but measureable and verifiable. The Phase 1 prototype defines and detects course of action level identifiers of complex insider threat activities from host and network (e.g. IDS) data. The courses of action were proven to be sufficiently robust and include predictive information to initiate influential and effective defensive responses. The Themistocles prototype uses a two stage fusion engine. The tactical analyzer leverages a core game theory engine specifically enhanced for Cyber Operations to search and identify most likely courses of action. The strategic analyzer employs evolutionary programming to synthesize and evaluate the most likely players and goals active in the enterprise. The strategic analyzer understands insider threat at a level of abstraction that includes concepts such as privilege, access, and credential. The Phase 2 effort includes expanding the breadth of the strategic analyzer, refined hypothesis evaluation, and product features such as user tailorable response choices and TRL 5 level tests. BENEFIT: Cyber war will provide the next revolution in military affairs. The cyber revolution started with the adoption of commercial computer platforms in the military domain. The next phase was network centric warfare that applied digital tactics, tools, and information in the service of kinetic warfare objectives and strategy. The revolution of cyber warfare will be the transition to knowledge based objectives and strategy where the military operation is defined by the assurance and influence of knowledge. This cyber warfare revolution will change the fundamental approach to cyber operations. New capabilities will be defined, developed, deployed and supported that neither improve the data flow, nor increase available information, but defend and influence the knowledge centers of gravity. These centers of gravity are the basis for decision authority and the foundation of expectations. The cyber domain in which the Air Force flies and fights represents not just the future battlefield for integrated kinetic and non-kinetic operations, but the theatre for collecting intelligence, attacking adversaries, augmenting the effects of kinetic operations, and influencing the military and civilian populations. This Phase II product provides the knowledge level of abstraction specific to Insider Threat Detection and Response for Cyber defense and influence operations.
* information listed above is at the time of submission.