Abstract:
This paper describes the Detection of Threat Behavior (DTB) project, a joint effort being conducted by George Mason University (GMU) and
Information Extraction and Transport, Inc. (IET).
DTB uses novel approaches for detecting insiders
in tightly controlled computing environments.
Innovations include a distributed system
of dynamically generated document-centric intelligent agents for document control, object oriented hybrid logic-based and probabilistic
modeling to characterize and detect illicit insider
behaviors, and automated data collection and
data mining of the operational environment to
continually learn and update the underlying statistical
and probabilistic nature of characteristic
behaviors. To evaluate the DTB concept, we are
conducting a human subjects experiment, which
we will also include in our discussion.
