Proactive Discovery of Insider Threats Using Graph Analysis and Learning

Proactive Discovery of Insider Threats Using Graph Analysis and Learning or PRODIGAL is a computer system for predicting anomalous behavior amongst humans by data mining network traffic such as emails, text messages and log entries.^[1] It is part of DARPA's Anomaly Detection at Multiple Scales (ADAMS) project.^[2] The initial schedule is for two years and the budget $9 million.^[3]

It uses graph theory, machine learning, statistical anomaly detection, and high-performance computing to scan larger sets of data more quickly than in past systems. The amount of data analyzed is in the range of terabytes per day.^[3] The targets of the analysis are employees within the government or defense contracting organizations; specific examples of behavior the system is intended to detect include the actions of Nidal Malik Hasan and Wikileaks alleged source Chelsea Manning.^[1] Commercial applications may include finance.^[1] The results of the analysis, the five most serious threats per day, go to agents, analysts, and operators working in counterintelligence.^[1][3][4]

Primary participants

• Georgia Institute of Technology College of Computing
• Georgia Tech Research Institute
• Defense Advanced Research Projects Agency
• Army Research Office
• Science Applications International Corporation
• Oregon State University
• University of Massachusetts Amherst
• Carnegie Mellon University

See also

• Cyber Insider Threat
• Einstein (US-CERT program)
• Threat (computer)
• Intrusion detection
• Echelon, Thinthread, Trailblazer, Turbulence (NSA programs)
• Fusion center, Investigative Data Warehouse (FBI)

References