Author Topic: Darpa Is Looking to SMITE Internet Users and Insiders  (Read 7218 times)

0 Members and 1 Guest are viewing this topic.

Offline RabidSheep

  • Member
  • *****
  • Posts: 1,085
Darpa Is Looking to SMITE Internet Users and Insiders
« on: May 23, 2010, 03:32:02 am »
THIS COULD ERADICATE WHISTLE BLOWERS



Darpa Is Looking to SMITE Internet Interlopers

http://gizmodo.com/5544002/darpa-is-looking-to-smite-internet-interlopers

Darpa is going at securing cyberspace again, and this time they've got an open call to everyone to help them devise a program that will flag threats through irregular activity.

The new program called "Suspected Malicious Insider Threat Elimination"—painstakingly abbreviated to SMITE—was started to point out threats in the massive amounts of data on the internet. The new idea behind the program is to track the the activity of individuals or groups, rather than look for hints of threats in the entire sea of information. Theoretically it will be easier to notice malicious intentions by looking for small differences in the constantly updated activities of single users rather than the whole mess of us.

All this cyber-sleuthing sounds questionable, as some future activity could be mistakenly flagged as hostile. To prevent this, Darpa is calling for submissions to build a massive database that will prevent any accidental interpretations. The call for participants is going on now and there's workshop set later this June. Start covering your tracks now.

*******************************************************************************

DARPA plans to SMITE insider enemies

http://gcn.com/articles/2010/05/20/darpa-smite-rfi.aspx

RFI seeks technology to address attacks from within

    * By Kathleen Hickey
    * May 20, 2010

The Defense Advanced Research Projects Agency is looking for technology to address insider threats. DARPA will use the technology, called Suspected Malicious Insider Threat Elimination (SMITE), to predict insider attacks, determine when one is underway and to detect one that has already taken place, according to the request for information issued May 10.

DARPA defines an insider threat as "malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems and sources,” according to the RFI.

The agency plans to use forensics to find clues, gather and evaluate evidence and assess inferred actions and predict future behavior of the individual.

“In both the real and virtual world, it is very difficult to do anything without leaving some evidence behind. Attempts to conceal or remove evidence generally create new evidence that, if detected, could be a strong indication of the perpetrator’s intent,” the RFI stated.

The technology, which has not yet been specified, will be used to find individuals operating on U.S. networks. Specific topics of interest outlined in the RFI include:

    * Techniques to derive information about the relationship between deductions, the likely intent of inferred actions, and suggestions about what evidence might mean.
    * Methods to dynamically forecast context-dependent behaviors – both malicious and non-malicious.
    * Online and offline algorithms for feature extraction and detection in enormous graphs (as in billions of nodes).
    * Hybrid engines where deduction and feature detection mutually inform one another.

Particular technologies of interest include traditional insider threat detection, deception detection, pattern recognition, automated reasoning, analysis and algorithms for massive graphs and computational psychology and sociology.

*******************************************************************************

Request for Information (RFI)
DARPA-SN-10-46
Suspected Malicious Insider Threat Elimination (SMITE)

*******************************************************************************

Danger Room What’s Next in National Security
Darpa Wants Code to Spot ‘Anomalous Behavior’ on the Job

http://www.wired.com/dangerroom/2010/05/darpa-wants-code-to-spot-anomalous-behavior-on-the-job/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Can software catch a cyberspy’s tricky intentions, before he’s started to help the other side? The way-out researchers at Darpa think so. They’re planning a new program, “Suspected Malicious Insider Threat Elimination” or SMITE, that’s supposed to “dynamically forecast” when a mole is about to strike. Also, the code is meant to flag “inadvertent” disclosures “by an already trusted person with access to sensitive information.”

“Looking for clues” that suggest a turncoat or accidental leaker is about to spill (.pdf) “could potentially be easier than recognizing explicit attacks,” Darpa notes in a request for information. But even that simpler search won’t be easy. “Many attacks are combinations of directly observable and inferred events.” Which is why SMITE’s program managers are interested in techniques to figure out “the likely intent of inferred actions, and suggestions about what [that] evidence might mean.” That goes for “behaviors both malicious and non-malicious.”

Step one in starting that process: Build a ginormous database to store all kinds of information on would-be threats. “The next step is to determine whether an individual or group of individuals is exhibiting anomalous behavior that is also malicious.” That’s a toughie — something anomalous in one context might be perfectly normal in another. One possible solution, the SMITE paper adds, could be detecting “deceptive” activities, which are a sign of cyberspying. Or cheating on your taxes. Or carrying on an office affair. Or playing World of Warcraft on the job. Depending on the situation.

Over at The Register, Lew Page quips: “It will no doubt be a comfort for anyone in a position of trust within the U.S. information infrastructure to know that mighty military algorithms and hybrid engines will soon sniff your every move so as to forecast any context-dependent malice on your part — and then in some unspecified way (remember what the E in SMITE stands for) eliminate you as a threat.”

More likely, the program is just a way to do some basic research into algorithms’ ability to understand human intent. But since every Darpa program has to have some sort of military application — no matter how far-fetched — the agency has cooked up this cyberspy-fighting scenario.

Anyway, our spies tell us that Darpa is planning a  SMITE workshop for mid-June in northern Virginia.


Offline chris jones

  • Member
  • *****
  • Posts: 21,832
Re: Darpa Is Looking to SMITE Internet Users and Insiders
« Reply #1 on: May 23, 2010, 09:00:34 am »

The home of the free????

A federal data base of John Q , name, address, job, family, schooling, parents, relatives, credit card, banking, military records, health records, drivers license and infractions, affiliations, comradship, legal infractions, prison records, tax records,sexiul preferences, internett affiliations, travel, well folks you name it they allready have this info with the push of a button.

Darpa, the word alone is similar to a guestapo dossier. this is not a search for terrorists, this is domestic dissent they are digging for. Internett communications will be monitored and flagged according to their degree of resistance.

Might it be they are injecting this into the populace, sliding it in there, untill one day it becomes the NORM.                 Each and every cit has a DARPA FILE.

Offline jeremystalked1

  • Member
  • *****
  • Posts: 1,317
Re: Darpa Is Looking to SMITE Internet Users and Insiders
« Reply #2 on: May 23, 2010, 09:32:40 am »
THIS COULD ERADICATE WHISTLE BLOWERS

They're already eradicating whistle blowers.

   http://areyoutargeted.com/2010/04/28/what-is-it-about-whistle-blowing-that-drives-people-crazy/

What they really want is to identify the whistle blowers before they blow the whistle.

Of course, there is no possible blowback to a whistleblower-suppression policy.  None whatsoever.

   http://areyoutargeted.com/2010/04/18/is-the-coverup-bringing-system-down/




Offline chris jones

  • Member
  • *****
  • Posts: 21,832
Re: Darpa Is Looking to SMITE Internet Users and Insiders
« Reply #3 on: May 28, 2010, 11:17:38 am »

darpa, it sounds like an autiys name, it is not. This file to me is the final dagger in our backs.

Offline RabidSheep

  • Member
  • *****
  • Posts: 1,085
Re: Darpa Is Looking to SMITE Internet Users and Insiders
« Reply #4 on: May 28, 2010, 12:09:08 pm »
Scarier even is the thought of this being applied to the public through ISP providers. 

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,090
    • Git Ureself Edumacated
Re: Darpa Is Looking to SMITE Internet Users and Insiders
« Reply #5 on: December 06, 2010, 03:14:00 am »
Pdf Analysis And Detection Of Malicious Insiders

Analysis and Detection of Malicious Insiders
Submitted to 2005 International Conference on Intelligence Analysis, McLean, VA Abstract This paper summarizes a collaborative, six month ARDA NRRC 1 challenge workshop to characterize ...
https://analysis.mitre.org/proceedings/Final_Papers_Files/280_Camera_Ready_Paper.pdf

Spotlight On: Malicious Insiders with Ties to the Internet ...
SPOTLIGHT ON: MALICIOUS INSIDERS WITH TIES TO THE INTERNET ... of this article is not to recommend detection methods for locating insiders who ... http://www.cert. org/archive/pdf ...
http://www.cert.org/insider_threat/docs/CyLab%20Insider%20Threat%20Quarterly%20on%20Internet%20Underground%20-%20March%202009P.pdf

Detecting and Responding to Malicious Insiders Insider threats are ...
Detecting and Responding to Malicious Insiders Insider ... known types of suspicious and malicious behavior • Anomaly detection ... determined to be a suspicious insider, analysis ...
http://www.arcsight.com/solution_briefs/ArcSight_Insider_Threat.pdf

Insider Threat Detection Using Web Server Logs
In this paper, we discuss our initial research efforts focused on the detection of malicious insiders ... finding a common ground between these and other formats so that the log analysis ...
http://www.csiir.ornl.gov/csiirw/09/CSIIRW09-Proceedings/Abstracts/Myers-abstract.pdf

Common Sense Guide to Prevention and Detection of Insider Threats
Those projects have involved a new type of analysis ... Both men and women have been malicious insiders, including ... these processes (see Practice 4) • using malicious code detection ...
http://www.cylab.cmu.edu/files/pdfs/CERT/CommonSenseInsiderThreatsV2.1-1-070118-1.pdf

Intent-driven insider threat detection in intelligence analyses
... reports as well as assessment reports generated on their analysis. Five malicious insiders ... Framework for Information Gathering with Deception Detection for Intelligence Analysis.
http://facstaff.uww.edu/nguyenh/publications/InsiderThreadlFinal.pdf

Small Businesses Practices
... Sense Guide to Prevention and Detection ... edition included a new type of analysis - by type of malicious ... crime, 31% were committed by insiders. In 4 http://www.cert.org/archive/pdf ...
http://www.cert.org/archive/pdf/CSG-V3.pdf

Top-10 Guide for Protecting Sensitive Data from Malicious Insiders
... for Protecting Sensitive Data from Malicious Insiders ... reports and individual event analysis have their place in finding insiders. ... providing incident prevention and detection ...
http://www.vital-mag.net/wp-content/uploads/2010/01/Malicious-Insiders.pdf

Voltaire: Insider Threat Modeling
... and therefore outside the scope of firewalls and intrusion detection ... plan to expand Voltaire modeling to identify unusual or malicious behavior in entities other than insiders ...
https://analysis.mitre.org/proceedings/Final_Papers_Files/99_Camera_Ready_Paper.pdf

Detecting the Misappropriation of Sensitive Information through ...
... St, Suite 310 Seattle, WA 98005 [email protected] Keywords: Intrusion Detection, Malicious Insiders, Digital Rights Management, Bottleneck Monitoring, Content Analysis ...
http://www.stottlerhenke.com/papers/SKM_2005_bottleneck_monitoring.pdf

Log Analysis vs. Insider Attacks
Even an Intrusion Detection System? Your security policy ... Malicious insiders might want to eavesdrop on private ... and thus preventing insider • • • • Log Analysis vs ...
https://www.issa.org/Library/Journals/2007/November/Chuvakin-Log%20Analysis%20vs.%20Insider%20Attacks.pdf

Human Behavior, Insider Threat, and Awareness
... help us tackle this cyber challenge is that malicious insiders ... regarding actual computer usage for further analysis. ... together practical guidance for the early detection of malicious ...
http://www.thei3p.org/docs/publications/ResearchReport16.pdf

Cyber Security and Information Intelligence Research
Trapping Malicious Insiders in the SPDR Web J. Thomas Haigh * ... Other researchers have used anomaly analysis and detection ... http://www.acsac.org/2005/papers/171.pdf . [17] M
http://www.computer.org/comp/proceedings/hicss/2009/3450/00/02-01-07.pdf

Monitoring Technologies for Mitigating Insider Threats
... been accessed in away that has evaded detection (and even forensic analysis) ... and, in some cases, identity) of malicious insiders, or at ... into D 3 for adding HMAC markers into PDF ...
http://www.cs.columbia.edu/~angelos/Papers/2010/insider-bookchapter.pdf

Top-10 guide for protecting sensitive data from malicious insiders
Top-10 guide for protecting sensitive data from malicious insiders ... and the privileged Insider threat is more about detection ... hiding in stacks of needles Insider threat analysis ...
http://www.prwire.com.au/pdf/top-10-guide-for-protecting-sensitive-data-from-malicious-insiders

Baiting Inside Attackers Using Decoy Documents
... of-the-art seems to be still driven by forensics analysis ... the presence (and, in some cases, "identity") of malicious insiders ... The results of tests conducted on PDF and Word beacons ...
http://www.cs.columbia.edu/%7Eangelos/Papers/2009/DecoyDocumentsSECCOM09.pdf

Ten Tales of Betrayal: The Threat to Corporate Infrastructures by ...
... Infrastructures by Information Technology Insiders Analysis and ... describe the actions of disgruntled or malicious insiders who ... Table 6 Detection Issues by Case Subject and Victimized ...
http://www.dhra.mil/perserec/reports/tr05-13.pdf

Securing the Enterprise from the Malicious Insider
Mechanisms such as firewalls, intrusion detection ... do-me-a-favor, desktop snooping, coffee break analysis ... one of the best methods of dealing with malicious insiders is to ...
https://www.issa.org/Library/Journals/2008/December/Sivasubramanian-Securing%20the%20Enterprise%20from%20the%20Malicious%20Insider.pdf

LNCS 3073 - Semantic Analysis for Monitoring Insider Threats
Malicious insiders' difficult-to-detect activities pose serious ... in the area of insider threats and anomaly detection where analysis of ... www. rand.org/publications/CF/CF151/CF151.pdf. 5.
http://craigchamberlain.com/library/insider/Semantic%20Analysis%20for%20Monitoring%20Insider%20Threats.pdf

Request for Information (RFI) DARPA-SN-10-46 Suspected Malicious ...
... 10-46 Suspected Malicious Insider Threat Elimination (SMITE) "Trusted insiders ... that is also malicious. However, this analysis is ... relating to malicious insider threat detection: 1.
http://www.darpa.mil/ipto/solicit/baa/RFI-SN-10-46_PIP.pdf

Heuristic Identification and Tracking of Insider Threat Prospectus
These studies have also demonstrated that malicious insiders are ... Supervised analysis of the anomalous behavior is ... Detection of undesirable insider behavior.
http://www.cs.purdue.edu/homes/mkirkpat/papers/rtcs09-hitit.pdf

Modeling the Employee Life Cycle to Address the Insider Threat*
... [email protected] gov Gregory N. Conrad Threat Analysis ... Detection, response, policies and procedures all ... organization is the presence of unidentified malicious insiders ...
http://www.systemdynamics.org/conferences/2009/proceed/papers/P1365.pdf

Online Behavioral Analysis and Modeling Methodology (OBAMM)1
Online Behavioral Analysis and Modeling ... behavior, detecting intrusions, malicious insiders ... security can aid significantly in the detection of rogue users, malicious ...
http://www.ists.dartmouth.edu/library/414.pdf

The Use of Anomaly Detection to Enhance Data Integrity and ...
Safeguarding SCADA Systems with Anomaly Detection John ... systems more vulnerable to manipulation by malicious insiders. ... security-survey.gov.uk/ isbs2002_detailedreport.pdf.
http://www.davidgamez.eu/papers/BighamGamezLu03_SCADAAnomalyDetection.pdf

Designing Host and Network Sensors to Mitigate the Insider Threat
... been accessed in away that has evaded detection (and even forensic analysis ... and, in some cases, identity) of malicious insiders, or at ... because it can be modified on any PDF ...
http://www.cs.columbia.edu/%7Eangelos/Papers/2009/DesigningSensorsInsider.pdf

Social Information Retrieval
... as asymmetric threat), yet are also situated within the enterprise (detection of malicious insiders). ... ties together key concepts from information retrieval, social network analysis ...
http://www.mitre.org/news/events/tech03/briefings/intelligent_information/damore.pdf

First Annual Cost of Cyber Crime Study
... to external consequences of the cyber crime, the analysis attempted to capture the total cost spent on detection ... those caused by web attacks, malicious code and malicious insiders.
http://www.arcsight.com/collateral/whitepapers/Ponemon_Cost_of_Cyber_Crime_study_2010.pdf

HoneyAnalyzer - Analysis and Extraction of Intrusion Detection ...
... IIT'05) HoneyAnalyzer - Analysis and Extraction of Intrusion Detection ... activity of organization insiders and outsiders [1]. Intrusion detection ... ethz.ch/personal/plattner/pdf ...
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.95.85&rep=rep1&type=pdf

Insider Threat
... To guard against the insider threat, trust your detection ... minimize false positives and ferret out the malicious insiders near ... of any modern organization (see InfoWorld's Log Analysis ...
http://resources.idgenterprise.com/original/AST-0001528_insiderthreat_2_v1.pdf

Are you concerned about the U
... 2008 Study on the Uncertainty of Data Breach Detection . ... of overall experience with backgrounds in the analysis ... or pre-texting 2% Negligent insiders 75% Malicious insiders 26% ...
http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/2008%20US%20Uncertainty%20of%20Data%20Breach%20Detection%20Final%20June%202008.pdf

Securing Cyberspace for the 44th Presidency
About CSIS In an era of ever-changing global opportunities and challenges, the Center for Strategic and International Studies (CSIS) provides strategic insights and practical policy ...
http://csis.org/files/media/csis/pubs/081208_securingcyberspace_44.pdf
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately