HIT-IT Heuristic Identification & Tracking of Insider Threatsheldon/factsheets/HIT-IT-p2.pdf ·...
1
Included data shall not be disclosed outside the Government or outside this context and shall not be duplicated, used or disclosed in-whole or in-part for any purpose. Disclosure of this information is made subject to 35 USC 205 and individuals are subject to 18 USC 1905 against further disclosure. Cyberspace Sciences & Information Intelligence Research (CSIIR) Group Computational Sciences and Engineering Division HIT-IT Heuristic Identification & Tracking of Insider Threat POCs: Frederick T. Sheldon Ph.D., 865-576-1339 [email protected] Robert K. Abercrombie, Ph.D., 865-241-6537 [email protected] • Problem – Insider sourced espionage, sabotage, and fraud are the number one cyber threat. • Cost estimates US $250B/yr resulting from mods of data, security mechs, unauth NW connections, covert channels, physical damage/ destruction including information extrusion/ exfiltration. • Technical Approach – Identify and model characteristic activities and relationships among cyber assets and players – Multi-level sensing monitors and profiles host/user, network and enclave behaviors – Uses Times Series, Bayesian and Hidden Markov models of dependency relationships (e.g., spoofing) combined with supervised learning algorithms (e.g., SVMs) • Refined by threat behavior assessments for converging to more efficient/effective hierarchical and discrete event models • Benefit – Comprehensive list of monitored threat behavior attributes supports insider profiling, deterrence and prevention – Role-based access control facilitates an extensible array of host and network-based sensor capabilities
Transcript of HIT-IT Heuristic Identification & Tracking of Insider Threatsheldon/factsheets/HIT-IT-p2.pdf ·...
Included data shall not be disclosed outside the Government or outside this context and shall not be duplicated, used or disclosed in-whole or in-part for anypurpose. Disclosure of this information is made subject to 35 USC 205 and individuals are subject to 18 USC 1905 against further disclosure.
Cyberspace Sciences & InformationIntelligence Research (CSIIR) Group
Computational Sciences andEngineering Division
HIT-IT Heuristic Identification & Tracking of Insider Threat
POCs: Frederick T. Sheldon Ph.D., 865-576-1339 [email protected] K. Abercrombie, Ph.D., 865-241-6537 [email protected]
• Problem– Insider sourced espionage, sabotage, and fraud
are the number one cyber threat.• Cost estimates US $250B/yr resulting from mods
of data, security mechs, unauth NW connections,covert channels, physical damage/ destructionincluding information extrusion/ exfiltration.
• Technical Approach– Identify and model characteristic activities and
relationships among cyber assets and players– Multi-level sensing monitors and profiles
host/user, network and enclave behaviors– Uses Times Series, Bayesian and Hidden
Markov models of dependency relationships(e.g., spoofing) combined with supervisedlearning algorithms (e.g., SVMs)• Refined by threat behavior assessments for
converging to more efficient/effective hierarchicaland discrete event models
• Benefit– Comprehensive list of monitored threat
behavior attributes supports insider profiling,deterrence and prevention
– Role-based access control facilitates anextensible array of host and network-basedsensor capabilities
