This is new of its kind new project from DARPA called SMITE (or Suspected Malicious Insider Threat Elimination). Details are sketchy (they're still in the RFI stages) but essentially the idea is to create a database of actions that correspond to "malicious" behavior; for instance, espionage. It's hoped that behaviors can be detected before they lead to an actual crime, which leads to all sorts of ethical and philosophic questions that we quite frankly don't have the energy to ponder on a Friday afternoon.
The warboffins state:
We define insider threat as malevolent (or possibly inadvertent) actions by an already trusted person with access to sensitive information and information systems and sources.
The DARPA IT directors don't offer any details on how this is to be done, but they do give some general ideas:
Security is often difficult because the defenses must be perfect, while the attacker needs to find only one flaw. An emphasis on forensics could reverse the burden by requiring the attacker and his tools to be perfect, while the defender needs only a few clues to recognize an intrusion is underway.
Topics of interest include ... suggestions about what evidence might mean and [ways to] forecast context-dependent behaviors both malicious and non-malicious.
Also of interest are on-line and off-line algorithms for feature extraction and detection in enormous graphs (as in billions of nodes) as well as hybrid engines where deduction and feature detection mutually inform one another.
Src: [theregister.co.uk]
No comments:
Post a Comment