DARPA plans to SMITE insider enemies

RFI seeks technology to address attacks from within

The Defense Advanced Research Projects Agency is looking for technology to address insider threats. DARPA will use the technology, called Suspected Malicious Insider Threat Elimination (SMITE), to predict insider attacks, determine when one is underway and to detect one that has already taken place, according to the request for information issued May 10.

DARPA defines an insider threat as "malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems and sources,” according to the RFI.

The agency plans to use forensics to find clues, gather and evaluate evidence and assess inferred actions and predict future behavior of the individual.

“In both the real and virtual world, it is very difficult to do anything without leaving some evidence behind. Attempts to conceal or remove evidence generally create new evidence that, if detected, could be a strong indication of the perpetrator’s intent,” the RFI stated.

The technology, which has not yet been specified, will be used to find individuals operating on U.S. networks. Specific topics of interest outlined in the RFI include:

  • Techniques to derive information about the relationship between deductions, the likely intent of inferred actions, and suggestions about what evidence might mean.
  • Methods to dynamically forecast context-dependent behaviors – both malicious and non-malicious.
  • Online and offline algorithms for feature extraction and detection in enormous graphs (as in billions of nodes).
  • Hybrid engines where deduction and feature detection mutually inform one another.

Particular technologies of interest include traditional insider threat detection, deception detection, pattern recognition, automated reasoning, analysis and algorithms for massive graphs and computational psychology and sociology.

Responses are due May 26. To see the full RFI, click here.

About the Author

Kathleen Hickey is a freelance writer for GCN.

Reader Comments

Sun, May 30, 2010 vic winkler Reston

Frank -- There is a documented insider threat that goes back to the dawn of time. The evidence is ample. Furthermore, undetected penetrations through numerous means end up looking like insider threats anyway... so the same technology applies regardless. Why are you being publicly skeptical before personally researching the data?

Fri, May 21, 2010 frank

as steven covey would say "habit #3"..."put first things first"... maybe darpa should first tackle outsider threats first... and use what it learns solving that beast on their "insider problem"... do we really have an "insider problem" do they actually have objective data? or is this RFP based upon anectdotal evidence? we shouldn't be running around in circles all the time.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above