Researchers Get Grant From Dept. of Homeland Security to Improve Insider Threat Detection

code

Researchers at the University of Texas at San Antonio (UTSA) have received a $649,172 grant from the U.S. Department of Homeland Security to strengthen insider threat detection.

Nicole Beebe, Director of the Center for Education and Research in Information at The University of Texas at San Antonio (UTSA), and Daijin Ko, UTSA professor of management science and statistics will conduct research aimed at building an insider threat detection system to prepare for real-world situations wherein a disgruntled employee or even a corporate spy could steal valuable information.

The whole idea is to find the culprit before the attack occurs. Even though most organizations have protocols in place to detect such incidents, there are several other factors that could signal an information breach that are often overlooked.

To close this gap, Beebe and Ko will detect digital forensic traces that can be used to signal a possible insider threat.

“We’ll search for an abnormal pattern,” said Ko. “Essentially, we’re watching for an outlier based on how long they’re using the computer, when they are using it and how they are using it, among other variables.”

The pair will develop a software system that can quickly analyze vast amounts of data and identify a threat based on how they use their work computers, with the help of Paul Rivera, President and CEO of Def-Logix.

The manual process of sifting through these virtual behaviors would be a lot like looking for a needle in a haystack, and the software will make it possible to quickly find an outlier among mountains of arbitrary data, according to the researchers.

“The ability to detect threats within an organization and to keep sensitive information from getting into the wrong hands has become vital to national security,” said Beebe.

“This could have a widespread beneficial impact for so many different organizations, public and private. These recent leaks have proved that we need to rise to this new challenge, and that’s exactly what we’re doing.”

The researchers hope that the new technology will not just prevent corporate espionage, but also make it possible to detect breaches, like the ones committed by Chelsea Manning and Edward Snowden, before they occur, they said.