NASA’s Goddard Space Flight Center has developed a method to collect suspicious data and analyze them without extensive costs. A common challenge in complex computer systems is the identification of unauthorized use, which can be hackers accessing anything of interest after unauthorized access. This process combines various functional checks across devices, and specifically not in a common operating environment such that unwanted activities become more difficult for the unauthorized user to execute without easy detection.
The system operates on top of existing information technology infrastructure with minimal additional support requirements. The independent monitor system utilizes a combination of components into a cohesive system for use in detecting unusual or unauthorized activity that appears to be new. The monitoring system continually ingests multiple time-series streams of data related to individual authorized users — data from workstations, personal mobile devices, and facilities. These time-based streams are analyzed to establish self-consistency based upon a defined rule set, effectively identifying discrepancies in the passive tracking of behavior patterns suggesting unauthorized activity. The uniqueness of this system is the ongoing integrated collection, correlation, and analysis of the multiple location and activity streams for purposes of defining authorized legitimate computer use versus anomalous behavior.