Welcome to the new-look MARS. See something that needs attention? Use our "Send Feedback" link at page bottom.
 

DTB Project: A Behavioral Model for Detecting Insider Threats

Date

2005-05

Authors

Costa, Paulo C. G.
Laskey, Kathryn B.
AlGhamdi, Ghazi
Barbará, Daniel
Shackelford, Thomas
Mirza, Sepideh
Revankar, Mehul

Journal Title

Journal ISSN

Volume Title

Publisher

MITRE Corporation

Abstract

This paper describes the Detection of Threat Behavior (DTB) project, a joint effort being conducted by George Mason University (GMU) and Information Extraction and Transport, Inc. (IET). DTB uses novel approaches for detecting insiders in tightly controlled computing environments. Innovations include a distributed system of dynamically generated document-centric intelligent agents for document control, object oriented hybrid logic-based and probabilistic modeling to characterize and detect illicit insider behaviors, and automated data collection and data mining of the operational environment to continually learn and update the underlying statistical and probabilistic nature of characteristic behaviors. To evaluate the DTB concept, we are conducting a human subjects experiment, which we will also include in our discussion.

Description

Full paper version

Keywords

Multi-entity Bayesian networks (MEBN), Threat analysis, Probabilistic, Bayesian, Intrusion detection, Counter intelligence, Document relevance, Data mining, Novel methods, Multi-entity Bayesian networks, Behavior, All source

Citation

Costa, Paulo C. G.; Laskey, Kathryn B.; Alghamdi, G.; Barbará, Daniel; Shackelford, Thomas; Mirza, Sepideh; and Revankar, Mehul (2005). DTB Project: A Behavioral Model for Detecting Insider Threats. 2005 International Conference on Intelligence Analysis. May 2-6, McLean, Virginia, USA.