DARPA plans to SMITE insider enemies

DARPA is looking for technologies to deal with attacks originating from within.

The Defense Advanced Research Projects Agency is looking for technology to address insider threats. DARPA will use the technology, called Suspected Malicious Insider Threat Elimination (SMITE), to predict insider attacks, determine when one is underway and to detect one that has already taken place, according to the request for information issued May 10.

DARPA defines an insider threat as "malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems and sources,” according to the RFI.

The agency plans to use forensics to find clues, gather and evaluate evidence and assess inferred actions and predict future behavior of the individual.

“In both the real and virtual world, it is very difficult to do anything without leaving some evidence behind. Attempts to conceal or remove evidence generally create new evidence that, if detected, could be a strong indication of the perpetrator’s intent,” the RFI stated.

The technology, which has not yet been specified, will be used to find individuals operating on U.S. networks. Specific topics of interest outlined in the RFI include:

  • Techniques to derive information about the relationship between deductions, the likely intent of inferred actions, and suggestions about what evidence might mean.
  • Methods to dynamically forecast context-dependent behaviors – both malicious and non-malicious.
  • Online and offline algorithms for feature extraction and detection in enormous graphs (as in billions of nodes).
  • Hybrid engines where deduction and feature detection mutually inform one another.

Particular technologies of interest include traditional insider threat detection, deception detection, pattern recognition, automated reasoning, analysis and algorithms for massive graphs and computational psychology and sociology.

Responses are due May 26. To see the full RFI, click here.