DTB Project: A Behavioral Model for Detecting Insider Threats

Costa, Paulo C.; Barbara, Daniel; Laskey, Kathryn B.; Wright, Edward J.; Alghamdi, Ghazi; Mirza, Sepideh; Revankar, Mehul; Shackelford, Thomas

DTB Project: A Behavioral Model for Detecting Insider Threats

Active / Technical Report | Accession Number: ADA489403 |

Open PDF

Abstract:

This paper describes the Detection of Threat Behavior DTB project, a joint effort being conducted by George Mason University GMU and Information Extraction and Transport, Inc. IET. DTB uses novel approaches for detecting insiders in tightly controlled computing environments. Innovations include a distributed system of dynamically generated document-centric intelligent agents for document control, object-oriented hybrid logic-based and probabilistic modeling to characterize and detect illicit insider behaviors, and automated data collection and data mining of the operational environment to continually learn and update the underlying statistical and probabilistic nature of characteristic behaviors. To evaluate the DTB concept, the authors are conducting a human subjects experiment, which they also will include in their discussion.

Author(s):

Costa, Paulo C. ; Barbara, Daniel ; Laskey, Kathryn B. ; Wright, Edward J. ; Alghamdi, Ghazi ; Mirza, Sepideh ; Revankar, Mehul ; Shackelford, Thomas

Author Organization(s):

GEORGE MASON UNIV FAIRFAX VA

Descriptive Note:

Research rept.

Supplementary Note:

Prepared in cooperation with Information Extraction and Transport, Inc., Arlington, VA. Sponsored in part by the U.S. Navy.

Pagination:

0003

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited.

RECORD

Collection: TR

Identifying Numbers

Contract/Grant Number(s):

NBCHC030059

Monitor Series:

DOI

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_1.2_Force Preparation; JCA_1_Force Support; JCA_3.2_Engagement; JCA_3_Force Application; JCA_5.3.3_Develop Strategy; JCA_3.2.2_Non-Kinetic Means; JCA_5.5.2_Task; JCA_5.5_Direct; JCA_6_Net Centric; JCA_1.2.3_Educating; JCA_1.2.7_Experimentation; JCA_6.1_Information Transport; JCA_1.2.6_Concepts; JCA_8_Building Partnerships

Communities of Interest:

No COI(s) Identified

Descriptor(s):

*INTRUSION DETECTION(COMPUTERS), *INFORMATION SECURITY, *COMPUTER ACCESS CONTROL, *CRIMES, *THREATS, *INFORMATION RETRIEVAL, *DOCUMENTS, COUNTERINTELLIGENCE, BAYES THEOREM, BEHAVIOR, KNOWLEDGE BASED SYSTEMS, PROBABILITY, ONTOLOGY, CONTROL SYSTEMS, AUTOMATION

Field(s)/Group(s):

Information Science, Psychology, Computer Systems Management and Standards

Keyword(s):

*WORKPLACE THREATS, *INSIDER THREATS, *ILLEGAL ACTIVITIES, MALICIOUS CONDUCT, INTELLIGENT AGENTS, COUNTER DECEPTION, MEBN(MULTI ENTITY BAYESIAN NETWORKS), DOCUMENT CONTROL, DATA MINING, BEHAVIOR MODELING AND SIMULATION, USER QUERY ANALYSIS, INSIDER THREAT DETECTION, PROBABILITY OF DETECTION, DTB(DETECTION OF THREAT BEHAVIOR)

Report Date:

2008 Jan 01

Creation Date:

2008 Dec 03