US looking for technology to quash malicious insider threats

DARPA issues call for technology that can kill off insider threats

Because so-called trusted insiders are a massive threat to the security of corporate and military resources, it may take an industrial strength technology to mitigate the issue. 

That's where The Defense Advanced Research Projects Agency (DARPA) comes in.  This week the agency issued a call for automated technologies that can sniff out and alert others to people with access to sensitive information and information systems who may be looking to maliciously damage, steal or change data or programs. 

12 mad science projects that could shake the world 

"Information systems security personnel are drowning in ever expanding oceans of observational data from heterogeneous sources and sensors from which they must extract indicators of increasingly sophisticated malicious insider behavior," DARPA stated. 

A recent Government Accountability Office report noted that disgruntled insider, working from within an organization, are a principal source of computer crimes. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a victim system often lets them gain unrestricted access to cause damage to the system or to steal system data. 

DARPA stated the first step in meeting this challenge is to create a scalable, distributed infrastructure to securely collect, store, access, process, and correlate relevant data from heterogeneous sources over extended periods of time. The next step is to determine whether an individual or group of individuals is exhibiting anomalous behavior that is also malicious. 

DARPA said that such analysis is very heavily dependent on the context of the individual, groups of individuals and any data involved. Part of the challenge is detecting deceptive behavior. Deceptive behavior is characteristic of malicious intent which leads to the problem of assigning intent to observed behaviors.

Security is often difficult because the defenses must be perfect, while the attacker needs to find only one flaw. An emphasis on forensics could reverse the burden by requiring the attacker and his tools to be perfect, while the defender needs only a few clues to recognize an intrusion is underway< DARPA stated.

The new systems could utilize forensic-like techniques that can be used to find clues, gather and evaluate evidence and combine them deductively. Many attacks are combinations of directly observable and inferred events. 

What DARPA will be looking for are techniques to "derive information about the relationship between deductions, the likely intent of inferred actions, and suggestions about what evidence might mean and dynamically forecast context-dependent behaviors both malicious and non-malicious. Also of interest are on-line and off-line algorithms for feature extraction and detection in billions of nodes as well as hybrid engines where deduction and feature detection mutually inform one another." 

This isn't DARPA's first foray into the dark underbelly of computing.  Earlier this year it announced the $43 million Cyber Genome Program it hopes will develop technologies that will help law enforcement types collect, analyze and identify all manner of digital artifacts. 

The objective of the four-year program is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from software, data, and/or users to support law enforcement, counter intelligence, and cyber defense teams, DARPA stated. Such digital artifacts may be collected from computers, personal digital assistants, and/or distributed information systems such as cloud computers, from wired or wireless networks, or collected storage media.  The format may include electronic documents or software to include malware, DARPA stated. 

Follow Michael Cooney on Twitter: nwwlayer8   

Layer 8 Extra

Check out these other hot stories:

NASA Shuttle Atlantis sparks Space Station lab work

NASA: What cool future passenger aircraft will look like

Planes, trucks and now trains: Texting now under Federal attack on all fronts

NASA space shuttle Atlantis fueled for last ride to International Space Station

Air Force wants better protection from scorching heat of hypersonic flight

Massive star bolts across space at 250,000MPH

NASA Mars Sprit sleeps with the Martians

NASA essentials

System to surgically jam electronics in the works

Feds shred counterfeit Cisco trade

Pentagon bringing advanced math to battlefield tactics

NASA takes first steps to build new heavy-lift space rocket

NASA Mars rover spots its ultimate destination

US Navy pays $94 million to bolster space technology

FAA close to setting up commercial spaceflight centers

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)