Papers and Publications, Center of Excellence in Command, Control, Communications, and Intelligence
Permanent URI for this collection
This collection contains papers written by members and fellows of the C4I Center.
Browse
Browsing Papers and Publications, Center of Excellence in Command, Control, Communications, and Intelligence by Subject "Document relevance"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Detecting Threatening Behavior Using Bayesian Networks(2006-03-06T15:11:39Z) AlGhamdi, Ghazi; Laskey, Kathryn B.; Wang, Xun; Barbará, Daniel; Shackelford, Thomas; Wright, Edward J.; Fitzgerald, JulieThis paper presents an innovative use of human behavior models for detecting insider threats to information systems. While most work in information security concerns detecting and responding to intruders, violations of system security policy by authorized computer users present a major threat to information security. A promising approach to detection and response is to model behavior of normal users and threats, and apply sophisticated inference methods to detect patterns of behavior that deviate from normal behavior in ways suggesting a possible security threat. This paper presents an approach, based on multi-entity Bayesian networks, to modeling user queries and detecting situations in which users in sensitive positions may be accessing documents outside their assigned areas of responsibility. Such unusual access patterns might be characteristic of users attempting illegal activities such as disclosure of classified information. We present a scalable proof of concept behavior model, provide an experimental demonstration of its ability to detect unusual access patterns in simulated situations, and describe future plans to increase the realism and fidelity of the model.Item DTB Project: A Behavioral Model for Detecting Insider Threats(MITRE Corporation, 2005-05) Costa, Paulo C. G.; Laskey, Kathryn B.; AlGhamdi, Ghazi; Barbará, Daniel; Shackelford, Thomas; Mirza, Sepideh; Revankar, MehulThis paper describes the Detection of Threat Behavior (DTB) project, a joint effort being conducted by George Mason University (GMU) and Information Extraction and Transport, Inc. (IET). DTB uses novel approaches for detecting insiders in tightly controlled computing environments. Innovations include a distributed system of dynamically generated document-centric intelligent agents for document control, object oriented hybrid logic-based and probabilistic modeling to characterize and detect illicit insider behaviors, and automated data collection and data mining of the operational environment to continually learn and update the underlying statistical and probabilistic nature of characteristic behaviors. To evaluate the DTB concept, we are conducting a human subjects experiment, which we will also include in our discussion.