Learn More
This paper reports on methods and results of an applied research project by a team consisting of SAIC and four universities to develop, integrate, and evaluate new approaches to detect the weak signals characteristic of insider threats on organizations' information systems. Our system combines structural and semantic information from a real corporate(More)
This paper reports the first set of results from a comprehensive set of experiments to detect realistic insider threat instances in a real corporate database of computer usage activity. It focuses on the application of domain knowledge to provide starting points for further analysis. Domain knowledge is applied (1) to select appropriate features for use by(More)
This paper reports results from a set of experiments that evaluate an insider threat detection prototype on its ability to detect scenarios that have not previously been seen or contemplated by the developers of the system. We show the ability to detect a large variety of insider threat scenario instances imbedded in real data with no prior knowledge of(More)
Annotation graphs, made available through the Linked Data initiative and Semantic Web, have significant scientific value. However, their increasing complexity makes it difficult to fully exploit this value. Graph summaries, which group similar entities and relations for a more abstract view on the data, can help alleviate this problem, but new methods for(More)
We propose a probabilistic approach to the problem of schema mapping. Our approach is declarative, scalable, and extensible. It builds upon recent results in both schema mapping and probabilistic reasoning and contributes novel techniques in both fields. We introduce the problem of mapping selection, that is, choosing the best mapping from a space of(More)
Anomalies in computer usage data may be indicative of insider threats. Distinguishing actual malicious activities from unusual but justifiable activities requires not only a sophisticated anomaly detection system but also the expertise of human analysts with access to additional data sources. Because any anomaly detection system for extremely rare events(More)
We extend the running example from the main paper to illustrate objective Eq. (9) of [1]. We use a reduced candidate set C = {θ1, θ3} (Figure 1(d) in [1]) and the data in Figure 1(b)-(c) in [1], but omit the leader relation. A universal solution Kθ1 of I contains the task tuples (BigData, Bob, Null1) and (ML, Alice, Null2), while a Kθ3 contains the task(More)
This paper discusses the key role of explanations for applications that discover and detect significant complex rare events. These events are distinguished not necessarily by outliers (i.e., unusual or rare data values), but rather by their <i>inexplicability</i> in terms of appropriate real-world behaviors. Outlier detection techniques are typically part(More)
  • 1