Can Super Computing Predict Insider Threats?
On November 5, 2009 Major Nidal Malik Hasan walked onto the base at Fort Hood and killed 12 people in a premeditated act. The Defense Advanced Research Project and Georgia Tech are working on a computer system that they hope would help identify this type of insider threat before it happens.
The system is part of a project called ADAMS; Anomaly Detection at Multiple Scales. The software will collect massive amounts of data in real time from emails, file transfer, text messages - essentially any network traffic. The information is then analyzed using a variety of algorithms in order to detect unusual events, or anomalies in the data. These anomalies are then highlighted for further investigation.
This type of system may be able to predict anything from violent acts to the theft of intellectual property on a corporate or government network. Whether these same techniques could be applied to a more heterogeneous network such as the Internet remains to be seen.
According to the Georgia Tech press release, The project is led by Science Applications International Corporation (SAIC) and also includes researchers from Oregon State University, the University of Massachusetts and Carnegie Mellon University. The $9 million project is planned to take two years.