DTB Project: A Behavioral Model for Detecting Insider Threats
Date
2005-05
Authors
Costa, Paulo C. G.
Laskey, Kathryn B.
AlGhamdi, Ghazi
Barbará, Daniel
Shackelford, Thomas
Mirza, Sepideh
Revankar, Mehul
Journal Title
Journal ISSN
Volume Title
Publisher
MITRE Corporation
Abstract
This paper describes the Detection of Threat Behavior (DTB) project, a joint effort being conducted by George Mason University (GMU) and Information Extraction and Transport, Inc. (IET). DTB uses novel approaches for detecting insiders in tightly controlled computing environments. Innovations include a distributed system of dynamically generated document-centric intelligent agents for document control, object oriented hybrid logic-based and probabilistic modeling to characterize and detect illicit insider behaviors, and automated data collection and data mining of the operational environment to continually learn and update the underlying statistical and probabilistic nature of characteristic behaviors. To evaluate the DTB concept, we are conducting a human subjects experiment, which we will also include in our discussion.
Description
Full paper version
Keywords
Multi-entity Bayesian networks (MEBN), Threat analysis, Probabilistic, Bayesian, Intrusion detection, Counter intelligence, Document relevance, Data mining, Novel methods, Multi-entity Bayesian networks, Behavior, All source
Citation
Costa, Paulo C. G.; Laskey, Kathryn B.; Alghamdi, G.; Barbará, Daniel; Shackelford, Thomas; Mirza, Sepideh; and Revankar, Mehul (2005). DTB Project: A Behavioral Model for Detecting Insider Threats. 2005 International Conference on Intelligence Analysis. May 2-6, McLean, Virginia, USA.