DARPA plans to SMITE insider enemies

RFI seeks technology to address attacks from within

The Defense Advanced Research Projects Agency is looking for technology to address insider threats. DARPA will use the technology, called Suspected Malicious Insider Threat Elimination (SMITE), to predict insider attacks, determine when one is underway and to detect one that has already taken place, according to the request for information issued May 10.

DARPA defines an insider threat as "malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems and sources,” according to the RFI.

The agency plans to use forensics to find clues, gather and evaluate evidence and assess inferred actions and predict future behavior of the individual.

“In both the real and virtual world, it is very difficult to do anything without leaving some evidence behind. Attempts to conceal or remove evidence generally create new evidence that, if detected, could be a strong indication of the perpetrator’s intent,” the RFI stated.

The technology, which has not yet been specified, will be used to find individuals operating on U.S. networks. Specific topics of interest outlined in the RFI include:

  • Techniques to derive information about the relationship between deductions, the likely intent of inferred actions, and suggestions about what evidence might mean.
  • Methods to dynamically forecast context-dependent behaviors – both malicious and non-malicious.
  • Online and offline algorithms for feature extraction and detection in enormous graphs (as in billions of nodes).
  • Hybrid engines where deduction and feature detection mutually inform one another.

Particular technologies of interest include traditional insider threat detection, deception detection, pattern recognition, automated reasoning, analysis and algorithms for massive graphs and computational psychology and sociology.

Responses are due May 26. To see the full RFI, click here.

About the Author

Kathleen Hickey is a freelance writer for GCN.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected