Advanced Insider Threat Detection and Response

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$743,789.00
Award Year:
2009
Program:
SBIR
Phase:
Phase II
Contract:
FA8750-09-C-0047
Award Id:
86581
Agency Tracking Number:
F073-033-1049
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
1382 Quartz Mountain Drive, Larkspur, CO, 80118
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
623678591
Principal Investigator:
AlexMoir
Engineering Manager
(323) 656-0611
amoir@distributedinfinity.com
Business Contact:
AllenOtt
President
(303) 681-3966
aott@distributedinfinity.com
Research Institute:
n/a
Abstract
Advanced Insider Threat Detection and Response is a breakthrough game changing analysis and response capability addressing integrated attacks at a fusion level 3 (identity, path, and intent). Previous efforts including the Phase 1 demonstrated that high level abstraction of network and host data is not only possible, but measureable and verifiable. The Phase 1 prototype defines and detects course of action level identifiers of complex insider threat activities from host and network (e.g. IDS) data. The courses of action were proven to be sufficiently robust and include predictive information to initiate influential and effective defensive responses. The Themistocles prototype uses a two stage fusion engine. The tactical analyzer leverages a core game theory engine specifically enhanced for Cyber Operations to search and identify most likely courses of action. The strategic analyzer employs evolutionary programming to synthesize and evaluate the most likely players and goals active in the enterprise. The strategic analyzer understands insider threat at a level of abstraction that includes concepts such as privilege, access, and credential. The Phase 2 effort includes expanding the breadth of the strategic analyzer, refined hypothesis evaluation, and product features such as user tailorable response choices and TRL 5 level tests. BENEFIT: Cyber war will provide the next revolution in military affairs. The cyber revolution started with the adoption of commercial computer platforms in the military domain. The next phase was network centric warfare that applied digital tactics, tools, and information in the service of kinetic warfare objectives and strategy. The revolution of cyber warfare will be the transition to knowledge based objectives and strategy where the military operation is defined by the assurance and influence of knowledge. This cyber warfare revolution will change the fundamental approach to cyber operations. New capabilities will be defined, developed, deployed and supported that neither improve the data flow, nor increase available information, but defend and influence the knowledge centers of gravity. These centers of gravity are the basis for decision authority and the foundation of expectations. The cyber domain in which the Air Force flies and fights represents not just the future battlefield for integrated kinetic and non-kinetic operations, but the theatre for collecting intelligence, attacking adversaries, augmenting the effects of kinetic operations, and influencing the military and civilian populations. This Phase II product provides the knowledge level of abstraction specific to Insider Threat Detection and Response for Cyber defense and influence operations.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government