When a soldier in good mental health becomes homicidal or a government employee abuses access privileges to share classified information, we often wonder why no one saw it coming. Researchers at the Georgia Institute of Technology are collaborating with scientists from four other organizations to develop new approaches for identifying these "insider threats" before an incident occurs. The project will create a suite of algorithms that can detect multiple types of insider threats by analyzing massive amounts of data -- including email, text messages, and file transfers -- for unusual activity.
The researchers will leverage a combination of massively scalable graph-processing algorithms, advanced statistical anomaly detection methods and knowledge-based relational machine learning algorithms to create a prototype Anomaly Detection at Multiple Scales (ADAMS) system. The system could revolutionize the capabilities of counter-intelligence community operators to identify and prioritize potential malicious insider threats against a background of everyday cyber network activity.
The team will have access to massive data sets collected from operational environments where individuals have explicitly agreed to be monitored. The information will include electronically recorded activities, such as computer logins, emails, instant messages, and file transfers. The ADAMS system will be capable of pulling these terabytes of data together and using novel algorithms to quickly analyze the information to discover anomalies.
