Advanced Insider Threat Detection and Response

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8750-09-C-0047
Agency Tracking Number: F073-033-1049
Amount: $1,188,700.00
Phase: Phase II
Program: SBIR
Awards Year: 2009
Solicitation Year: 2007
Solicitation Topic Code: AF073-033
Solicitation Number: 2007.3
Small Business Information
Distributed Infinity Inc
1382 Quartz Mountain Drive, Larkspur, CO, 80118
DUNS: 623678591
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Alex Moir
 Engineering Manager
 (323) 656-0611
Business Contact
 Allen Ott
Title: President
Phone: (303) 681-3966
Research Institution
Advanced Insider Threat Detection and Response is a breakthrough game changing analysis and response capability addressing integrated attacks at a fusion level 3 (identity, path, and intent).  Previous efforts including the Phase 1 demonstrated that high level abstraction of network and host data is not only possible, but measureable and verifiable.  The Phase 1 prototype defines and detects course of action level identifiers of complex insider threat activities from host and network (e.g. IDS) data.  The courses of action were proven to be sufficiently robust and include predictive information to initiate influential and effective defensive responses.   The Themistocles prototype uses a two stage fusion engine.   The tactical analyzer leverages a core game theory engine specifically enhanced for Cyber Operations to search and identify most likely courses of action.  The strategic analyzer employs evolutionary programming to synthesize and evaluate the most likely players and goals active in the enterprise.   The strategic analyzer understands insider threat at a level of abstraction that includes concepts such as privilege, access, and credential.  The Phase 2 effort includes expanding the breadth of the strategic analyzer, refined hypothesis evaluation, and product features such as user tailorable response choices and TRL 5 level tests. BENEFIT: Cyber war will provide the next revolution in military affairs. The cyber revolution started with the adoption of commercial computer platforms in the military domain. The next phase was network centric warfare that applied digital tactics, tools, and information in the service of kinetic warfare objectives and strategy. The revolution of cyber warfare will be the transition to knowledge based objectives and strategy where the military operation is defined by the assurance and influence of knowledge. This cyber warfare revolution will change the fundamental approach to cyber operations. New capabilities will be defined, developed, deployed and supported that neither improve the data flow, nor increase available information, but defend and influence the knowledge centers of gravity. These centers of gravity are the basis for decision authority and the foundation of expectations. The cyber domain in which the Air Force flies and fights represents not just the future battlefield for integrated kinetic and non-kinetic operations, but the theatre for collecting intelligence, attacking adversaries, augmenting the effects of kinetic operations, and influencing the military and civilian populations.  This Phase II product provides the knowledge level of abstraction specific to Insider Threat Detection and Response for Cyber defense and influence operations.

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government