Trying to identify ‘the next Major Hasan’…in advance
|Minority Report Redux?|
Eager to spot the next Major Nidal Hasan before he or she launches another catastrophic ‘insider’ attack, DARPA has begun a research effort that could detect ‘anomalies’ in a person’s behavior by sifting through billions of e-mail and text messages prior to such a homicidal or suicidal outburst.
The Defense Advanced Research Projects Agency (DARPA) has launched a new initiative, which it calls Anomaly Detection at Multiple Scales, or ADAMS, that would strive to develop a data sifting capability to pro-actively sort through billions of messages (which it calls “links”) sent between millions of individuals (which it refers to as “nodes’) before a trusted insider suddenly turns into a lethal threat.
“The problem ADAMS would address in this instance is that of detecting anomalies in Major Hasan’s alleged behavior in time to alert the proper authorities who could intervene before the fact,” explains DARPA’s broad agency announcement for its new ADAMS research program.
The Defense Department agency notes that it is a lot easier to be a Monday morning quarterback – after a disaster has unfolded – than to spot an attack before it occurs.
“Each time we see an incident like a soldier in good mental health becoming homicidal or suicidal or an innocent insider becoming malicious we wonder why we didn’t see it coming,” said the announcement. “When we look through the evidence after the fact we often find a trail – sometimes even an ‘obvious’ one. The question is can we pick up the trail before the fact giving us time to intervene and prevent an incident.”
For example, after Major Nidal Hasan, an Army psychiatrist, allegedly opened fire, killed 13 people and wounded 43 others at Fort Hood, TX, in November 2009, attention was quickly directed to a trove of e-mail correspondence Major Hasan had sent and received.
“Investigators are scouring Maj. Hasan’s computer and multiple email accounts for signs that he had contact with radical Islamist elements before his shooting spree,” reported the Wall Street Journal a few days after the shootings. “As part of their probe, authorities continue to look at May 2009 Internet posting by one ‘Nidal Hasan’ praising suicide bombers and believe Maj. Hasan is likely responsible.”
DARPA officials, trying to understand the magnitude of the data-sifting challenge that lies ahead, estimate that each year there might be 4.7 billion “links” sent back and forth between 14.9 million “nodes” among the population residing in and around Fort Bragg alone. “There are currently no established techniques for detecting anomalies in data sets of this size at acceptable false positive rates,” says the broad agency announcement.
The ADAMS initiative aims to rectify this situation by developing technology that could automatically analyze massive data sets that are routinely being collected.
DARPA did not directly address the privacy issues that inevitably would arise in a massive program to examine billions of e-mail and text messages, on a pro-active basis, in search of anomalies that might provide advanced tip-offs that a trusted insider was on the verge of destructive behavior.
In a sense, the ADAMS initiative is similar to the premise of the 2002 Tom Cruise film, Minority Report, which was set in the year 2054 and depicted an anti-crime unit that can predict bad behavior before it occurs. “For six years, Washington, D.C. has been murder-free thanks to astounding technology which identifies killers before they commit their crimes,” explains Tom Cruise’s official Web site.
ADAMS will attempt to “characterize graphs containing up to billions of nodes” using recent breakthroughs in graph analytic techniques. “ADAMS will need to apply machine learning techniques…” says the BAA document.
The BAA identifies two main technical areas that are ripe for further research:
Algorithm / Software Development – that would identify and prioritize “anomalous behaviors potentially indicating malicious insider threats.”
Data Collection / Test and Evaluation / Transition – that would expect ADAMS researchers to develop a set of requirements and design modifications for existing sensor suites, so they can provide additional needed data.
DARPA says it expects to spend about $35 million on ADAMS research during the next two years. It anticipates awarding research contracts to more than one organization.
Under the current broad agency announcement, prospective researchers have until April 8, 2011 to submit their ideas to DARPA. Further information is available from DARPA’s Information Innovation Office by contacting the I2O BAA Coordinator.
DARPA recognizes that this new information-sifting capability might have application in a variety of domains, but its primary emphasis at the moment is the insider threat. “The focus is on malevolent insiders that started out as ‘good guys’,” says DARPA.
|Event Details||Dates of Event|
|SANS Counter Hack 2013||Nov 7 - 14|
|SANS Pen Test Hackfest 2013||Nov 7 - 14|
|SANS Korea 2013||Nov 11 - 16|
|Military Exports & Compliance Asia||Nov 12 - 14|
|NCT: Counter IED Asia, 12 - 15 November 2013, Bangkok||Nov 12 - 15|
|School Safety Symposium||Nov 13 - 13|
|Southwest Microwave Perimeter Defense Seminar||Nov 13 - 13|
|OWASP AppSec USA 2013||Nov 18 - 21|
|GovSec West Conference & Expo 2013||Nov 19 - 20|
|Southwest Microwave Perimeter Defense Seminar||Nov 19 - 19|
|Oracle 7th Annual Federal Forum||Nov 20 - 20|
|World BORDERPOL Congress||Dec 3 - 4|
|Critical Infrastructure Protection and Resilience Europe||Feb 12 - 13|